Skip to main content

Essential Eight

Essential Eight to ISM Mapping

Apr 1, 2020 - This document provides a mapping between Maturity Level 3 of the Essential Eight Maturity Model and the security controls within the Australian Government Information Security Manual (ISM). This mapping represents the minimum security controls organisations must implement to meet the intent of the Essential Eight.

Assessing Security Vulnerabilities and Applying Patches

Apr 1, 2020 - Applying patches to operating systems, applications and devices is critical to ensuring the security of systems. As such, patching forms part of the Essential Eight from the Strategies to Mitigate Cyber Security Incidents.

Microsoft Office Macro Security

Apr 1, 2020 - Microsoft Office applications can execute macros to automate routine tasks. However, macros can contain malicious code resulting in unauthorised access to sensitive information as part of a targeted cyber intrusion. This document has been developed to discuss approaches that can be applied by organisations to secure systems against malicious macros while balancing both their business and security requirements.

Essential Eight Maturity Model

Apr 1, 2020 - The Essential Eight Maturity Model provides advice on how to implement the Essential Eight in a phased approach. It also assists organisations in self-assessing the maturity of their implementation.

Essential Eight in Linux Environments

Apr 1, 2020 - This document has been developed to assist organisations understand how the Essential Eight from the Strategies to Mitigate Cyber Security Incidents can be implemented in Linux environments. While this document refers specifically to Linux environments, the guidance presented is equally applicable to all Unix-style environments.

Essential Eight Explained

Apr 1, 2020 - The Strategies to Mitigate Cyber Security Incidents is a prioritised list of mitigation strategies to assist organisations in protecting their systems against a range of adversaries. The mitigation strategies can be customised based on each organisation’s risk profile and the adversaries they are most concerned about.

Implementing Application Control

Apr 1, 2020 - Application control is one of the most effective mitigation strategies in ensuring the security of systems. As such, application control forms part of the Essential Eight from the Strategies to Mitigate Cyber Security Incidents. This document provides guidance on what application control is, what application control is not, and how to implement application control.
Essential Eight

Updates to the Essential Eight Maturity Model

Jul 2, 2019 - Cyber criminal activity is constantly evolving so the advice of the ACSC constantly evolves, too. As the lead agency on cyber security, the ACSC assists organisations by adopting a risk management approach and providing expert advice that best meets their specific needs. It’s never one-size-fits-all. Our expert advice helps government protect their networks, staff and customers.
Software update

You need to patch to protect your business online

May 17, 2019 - Malicious actors are compromising Australian business Remote Desktop Protocol (RDP) services, also known as Windows Terminal Services or Windows Remote Desktop. In 2018 and 2019, the ACSC knows of more than 48,000 Australian RDP services that were accessible on the Internet, exposing more than 2,000 Australian businesses.
WhatsApp logo

Users advised to update WhatsApp

May 15, 2019 - The Australian Cyber Security Centre (ACSC) advises users of WhatsApp to implement the latest fix for a reported vulnerability. Cyber criminals can use any weakness in apps to access your phone or device. To stay one step ahead of remote attackers, we recommend that you set your phone and device/s to auto update your apps.
small and medium business logo

Follow our essential steps to protect your business

May 15, 2019 - This week is national Privacy Awareness Week, an annual initiative of the Office of the Australian Information Commissioner (OAIC) that raises awareness of privacy issues and the importance of protecting personal information. Malicious or criminal attacks are deliberately crafted to exploit known vulnerabilities for financial or other gain. Many cyber incidents exploit vulnerabilities involving a human factor, such as unwittingly clicking on a malicious link and disclosing passwords.
Strong password artwork

Take steps to better secure yourself

May 2, 2019 - The Australian Cyber Security Centre (ACSC) has released a checklist to help Australians protect themselves from cyber criminals. Lottery and grant scams, identity theft, investment scams, hacking, phishing, dating and romance scams, online abuse and sextortion are just some of the threats people face.

Restricting Administrative Privileges

Apr 30, 2019 - This publication provides guidance on restricting the use of administrative privileges. Restricting the use of administrative privileges is one of the eight essential mitigation strategies from the Strategies to Mitigate Cyber Security Incidents.

Implementing Multi-Factor Authentication

Apr 30, 2019 - First published 2014; Latest version April 2019
Strong password artwork

Easy steps to secure your online information

Apr 29, 2019 - The Australian Cyber Security Centre (ACSC) has developed an Easy Steps Guide to help Australians protect themselves from cyber criminals. Lottery and grant scams, identity theft, investment scams, hacking, phishing, dating and romance scams, online abuse and sextortion are just some of the threats people face. Our Easy Steps Guide shows how you can better protect yourself from these threats and secure your accounts and devices, by stepping you through a six-day plan.
Software update

Keeping up with the updates

Mar 26, 2019 - The Australian Cyber Security Centre (ACSC) advises users of Drupal and Firefox to implement the latest fixes for vulnerabilities. Cyber criminals will use any weakness in software and apps to access your phone or device. You can protect yourself by installing the updates that are regularly distributed by the company and are designed to fix these weaknesses. These updates can introduce new features as well as fix newly discovered vulnerabilities. To stay one step ahead of updates, and cyber criminals, we recommend that you set your phone and device/s to auto update.
Data breach

Get serious about protecting commercial secrets

Feb 7, 2019 - The Australian Cyber Security Centre (ACSC) urges organisations to step up efforts to protect themselves from cyber criminals, after the December quarter Notifiable Data Breaches Quarterly Statistics Report revealed an increase in reported malicious or criminal activity. The Office of the Australian Information Commissioner (OAIC) report found that malicious or criminal activity was the leading cause of data breaches in the quarter at 64 per cent of notifications, an increase from the previous quarter's 57 per cent.
Safer Internet Day

ACSC celebrates Safer Internet Day

Feb 5, 2019 - Today marks Safer Internet Day (SID), and the Australian Cyber Security Centre (ACSC) is a proud partner in supporting this year's theme -- 'Together for a better internet'. SID is an annual, worldwide event led by the Office of the eSafety Commissioner. This year they are encouraging individuals to create a better internet by developing four critical skills known as the 4Rs: Respect, Responsibility, Reasoning and Resilience.
Feature - Password security

Get smarter with passwords

Jan 23, 2019 - Whether you’re an individual or part of an organisation, the data dump of billions of stolen passwords and email addresses is a reminder to take action to protect yourself and your information. The Australian Cyber Security Centre (ACSC) is aware that the so-called Collection #1data dump of stolen credentials has now been followed by the release on the dark web of Collections #2, #3, #4 and #5. All 5 collections add up to 1 terabyte in size with 100 billion records in total.
Hacking data

773M accounts affected by 'Collection #1' breach

Jan 18, 2019 - The Australian Cyber Security Centre (ACSC) is aware of a significant data breach affecting 773 million email addresses and usernames. Titled 'Collection #1', the data breach was made public by Australian cyber security expert Troy Hunt, who identified that a large number of credential lists had been distributed on a known hacking forum.
SOC

Implementing the Essential Eight for MSPs

Jan 11, 2019 - Following the global compromise of managed service providers or MSPs, the Australian Cyber Security Centre (ACSC) is calling on Australian businesses and individuals to be proactive in implementing better cyber security practices. While no single mitigation strategy is guaranteed to prevent cyber security incidents, organisations are recommended to implement eight essential mitigation strategies as a baseline. This baseline, known as the Essential Eight, makes it much harder for adversaries to compromise systems.

Microsoft warns of Internet Explorer vulnerability

Dec 21, 2018 - Microsoft has released a security update for Internet Explorer after receiving a report from Google about a new vulnerability that is being used in targeted attacks. Security vulnerabilities in applications can be used to execute malicious code on your systems, and using the latest version of applications is one way that you can better protect yourself, as we explain in the Essential Eight.

New approach to support cyber security

Dec 4, 2018 - The updated Australian Government Information Security Manual (ISM) has been released by the Australian Cyber Security Centre (ACSC). The 2018 release supports a move towards a risk-based approach that gives organisations greater flexibility to manage their cyber security based on their own unique circumstances, enabling greater innovation within Government.

Attribution of a pattern of malicious cyber activity to Russia

Oct 4, 2018 - The Australian Government has joined international partners to condemn a pattern of malicious cyber activity by Russia targeting political, business, media and sporting institutions worldwide. The Prime Minister, the Hon Scott Morrison MP and the Foreign Affairs Minister, Senator the Hon Marise Payne have made a joint statement condemning these actions.

Combat DNS infrastructure hijacking

Jul 1, 2018 - The Australian Cyber Security Centre (ACSC) is aware of a global Domain Name System (DNS) infrastructure hijacking campaign and urges organisations to protect their systems. 'We encourage administrators to follow best practices, including our Essential Eight mitigation strategies, to better safeguard their systems,' said Alastair MacGibbon, Head of the ACSC.

2018 - Launching into action

Jul 1, 2018 - Working from new purpose-built headquarters after its official launch in August, the ACSC and its network of Joint Cyber Security Centres (JCSCs) across the country are building on decades of quiet success by Australian agencies. The ACSC, part of the Australian Signals Directorate (ASD), demonstrates the Australian Government's commitment to cyber security in a world where new threats are always emerging.

Strategies to Mitigate Cyber Security Incidents – Mitigation Details

Feb 5, 2017 - The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) has developed prioritised mitigation strategies to help cyber security professionals in all organisations mitigate cyber security incidents caused by various cyber threats. This guidance addresses targeted cyber intrusions (i.e. those executed by advanced persistent threats such as foreign intelligence services), ransomware and external adversaries with destructive intent, malicious insiders, ‘business email compromise’, and industrial control systems.

Strategies to Mitigate Cyber Security Incidents

Feb 1, 2017 - The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) has developed prioritised mitigation strategies to help cyber security professionals in all organisations mitigate cyber security incidents caused by various cyber threats. This guidance addresses targeted cyber intrusions (i.e. those executed by advanced persistent threats such as foreign intelligence services), ransomware and external adversaries with destructive intent, malicious insiders, ‘business email compromise’, and industrial control systems.