Essential Eight PP Session 1 - Essential Eight Overview - Nov 23

nmkafi 108 views 11 slides Sep 16, 2024

Slide 1 of 11

About This Presentation

ACSC defined Essential Eight presentation for overview of the Essential Eight

Size: 1.07 MB

Language: en

Added: Sep 16, 2024

Slides: 11 pages

Slide Content

Overview of the Essential Eight SESSION 1 Essential Eight

Welcome Overview Session time frame Facilities Emergency Procedure

Session Overview This session provides course participants with an overview of the Essential Eight. The Essential Eight has been designed to protect Microsoft Windows-based internet-connected networks. While the Essential Eight may be applied to non-Microsoft Windows systems like Cloud services, enterprise mobility or Linux systems, specific mitigation strategies, or parts thereof, may not be applicable. This session provides: An overview of the course Background of the Essential Eight Overview of the Essential Eight Government Directives and Legislation Technical Environments Overview of the assessment process for the Essential Eight

Session 1 Overview of Essential Eight Session 2 Assessment Planning and Scoping Session 3 Assessment Toolsets Session 4 Patch Applications The course will be delivered over the following three days with 12 sessions as follows : Session 5 Patch Operating Systems Session 6 Multi-Factor Authentication Session 7 Restrict Administrative Privileges Session 8 Application Control Session 9 Restrict Microsoft Office Macros Session 10 User Application Hardening Session 11 Regular Backups Session 12 Repor t Drafting Overview of the Course

The Strategies to Mitigate Cyber Security Incidents was first published in February 2010. In February 2017 update, there were 37 strategies published, marked with varying degrees of "Relative Security Effectiveness". Out of these 37, 8 were marked as "Essential", which later came to be known as "The Essential Eight". Background

Mitigation strategies and a suggested implementation order is recommended for: Targeted cyber intrusions and other external adversaries who steal data Ransomware denying access to data for monetary gain, and external adversaries who destroy data and prevent computers/networks from functioning Malicious insiders who steal data such as customer details or intellectual property 4. Malicious insiders who destroy data and prevent computers/networks from functioning. When implementing a mitigation strategy, first implement it for high-risk users and computers, such as those with access to important (sensitive or high-availability) data and exposed to untrustworthy internet content, and then implement it for all other users and computers. Strategies to Mitigate Cyber Security Incidents

The Essential Eight

Maturity L evel Zero This maturity level signifies that there are weaknesses in an organisation's overall cyber security posture. Maturity L evel One The focus of this maturity level is adversaries who are content to simply leverage commodity tradecraft that is widely available in order to gain access to, and likely control of, systems. Maturity Levels To assist organisations with their implementation of Essential Eight, four maturity levels have been defined (Maturity Level Zero through to Maturity Level Three).

Maturity L evel Two The focus of this maturity level is adversaries operating with a modest step-up in capability from the previous maturity level. These adversaries are willing to invest more time in a target and, perhaps more importantly, in the effectiveness of their tools. Maturity L evel Three The focus of this maturity level is adversaries who are more adaptive and much less reliant on public tools and techniques. Maturity Levels

Government Directives and Legislation There are increasing Government requirements to apply Essential Eight mitigation strategies. The following components of the government structure have requirements relating to the Essential Eight in place: Non-Corporate Commonwealth Entities State governments, including Victoria, QLD, NSW and WA. It is expected that further portions of the government structure will also establish these requirements in the future. Currently, the following industries have requirements for the Essential Eight: Defence-related industries Security of Critical Infrastructure Act 2018

These assessments may also be used to assist organisations in assessing their maturity level. The tools and strategies learnt throughout This workshop provides an understanding of the assessment process for each maturity level. The Essential Eight risk mitigation strategies are becoming widely accepted and implemented not only in Government but in related industries. It is expected that this trend will continue in more private organisations. When Essential Eight compliance requirements exist, there is a need for mandatory assessment to formally assess the level of maturity of the organisation's cyber security controls. Conclusion

Essential Eight PP Session 1 - Essential Eight Overview - Nov 23

About This Presentation

Slide Content

Tags

Categories

Download

Quick Actions

Statistics

Related Slideshows

Essential Eight PP Session 1 - Essential Eight Overview - Nov 23

About This Presentation

Slide Content

Slide 1

Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Tags

Categories

Download

Quick Actions

Statistics

Related Slideshows

DTI BPI Pivot Small Business - BUSINESS START UP PLAN

CATHOLIC EDUCATIONAL Corporate Responsibilities

Karin Schaupp – Evocation; lançamento: 2000

Pillars of Biblical Oneness in the Book of Acts

7-10. STP + Branding and Product &amp; Services Strategies.pptx

Business Legislation PPT - UNIT 1 jimllpkggg

7-10. STP + Branding and Product & Services Strategies.pptx