The advancement of digitalisation has been a key driver towards organisational efficiency. The scale in which cyber operates has conversely led to rapid increases in both the volume and sophistication of cyberattacks.
As a key element of critical infrastructure, government and public sector organisations are a primary target for cyber criminals. Adversaries are continuously exploiting weaknesses in IT security and information management systems through practices such as targeted phishing emails and ransomware attacks.
The Australian Cyber Security Centre (ACSC) based within the Australian Signals Directorate (ASD) has developed prioritised mitigation strategies, in the form of the Strategies to Mitigate Cyber Security Incidents, to help organisations protect themselves against various cyber threats. The most effective of these mitigation strategies are the Essential Eight.
All organisations, public and private in Australia are encouraged to implement Essential 8. For NSW Government agencies, implementing Essential 8 is a policy imperative. Under the NSW Cyber Security Policy (CSP), each agency must implement Essential 8 as well as annually report a maturity assessment against Essential 8.
Created in February 2017, the Australian Signals Directorate (ASD) found that when operating effectively, the Essential 8 mitigates 85% of targeted cyber-attacks. Marsh’s ASD Essential 8 Assessment can help you achieve and improve your Essential 8 compliance.
Marsh’s ASD Essential 8 Assessment can help you achieve and improve your Essential 8 compliance and is delivered in four steps:
In addition to this report our team are also able support in implementation of additional controls, if required.
By undertaking this assessment your organisation will not only validate your current cyber security practices and identify any potential gaps, it will also uplift your cyber maturity posture in line with Australian government guidance – minimising your cyber risk and likelihood of exposure.
The ASD considers Essential 8 to be the most effective cyber resilience ‘baseline’ for Australian organisations.
The 8 controls are:
1. Application Whitelisting
2. Configure Macros
3. Multi-Factor Authentication
4. Restrict Admin Permissions
5. Patching Applications
6. Application Hardening
7. Patch Operating Systems
8. Daily Backups
The ASD has 4 levels of maturity, 0-3, the ASD recommends a level 2 compliance however organisations may choose to be a level 3 compliance. Maturity at each level needs to be in line with the ASD recommended maturity guidelines.
ASD Essential 8 is a set of eight essential mitigation strategies defined by Australian Cyber Security Centre (ACSC) as a baseline.
Marsh 12 Key Controls Assessment measures the maturity for 12 cyber security controls reviewed by cyber insurance underwriters to understand the cyber
As experts in enterprise and cyber risk, we help you take an enterprise wide, scalable approach in building your cyber resilience.
Together, we identify your risks, and develop a best-for-you program and team of partners to help manage it.
Informing your approach and decision-making process with our 25 years of cyber expertise and data driven insight. So that your path to cyber resilience is more productive and predictive; and your outcomes are more efficient and effective.
Head of Cyber Incident Management and Cyber Consulting, Pacific
This publication is not intended to be taken as advice regarding any individual situation and should not be relied upon as such. The information contained herein is based on sources we believe reliable, but we make no representation or warranty as to its accuracy. Marsh shall have no obligation to update this publication and shall have no liability to you or any other party arising out of this publication or any matter contained herein. LCPA 23/167
