Essential 8

The Essential Eight is a framework designed by the Australian Cyber Security Centre (ACSC) to help organisations assess and protect themselves against various cyber threats. 

Although the principles behind the framework can be applied in Mac or Linux-based environments, they are more appropriate within Microsoft Windows-based inter-connected networks. 

• Application Control: To prevent all non-approved applications (including malicious code) from executing
• Patch Applications: To remediate known security vulnerabilities in applications that could be used to execute malicious code
• Configure Microsoft Office Macro Settings: To block untrusted macros that could be used to deliver and execute malicious code on systems
• User Application Hardening: To protect against vulnerable functionality such as flash, ads and Java which are popular ways adversaries deliver and execute malicious code.
• Restrict Administrative Privileges: To limit powerful access to systems that can be used to give adversaries full access to information and systems.
• Patch Operating Systems: To remediate known vulnerabilities within operating systems which could be used to further the compromise of systems
• Multi-Factor Authentication: To protect against risky activities through the use of stronger user authentication which makes it harder for adversaries to access sensitive information and systems.
• Regular Backups: To maintain the availability of critical and sensitive data and ensure that information can be accessed following a cybersecurity incident.

The Essential Eight maturity levels have been defined to help organisations assess their level of protection for each area of the framework. Each maturity level reflects the level of skill required by the adversary to overcome the mitigation strategies. 

• Maturity Level 0
  There are weaknesses in the organisation's cyber security postures which cause significant risks to its systems and data.
  
  
• Maturity Level 1
  The organisation is at risk of being compromised in a widespread attack targeting publicly-available vulnerabilities. The adversary will use common social engineering techniques to gain access to the victim's environment and may seek to destroy production and backup data.
  
  
• Maturity Level 2
  Adversaries will be more selective in their targeting but will still apply well-known tradecraft in order to gain access and weaken the security of the targeted system. They will invest time in ensuring their phishing is effective and circumvent multi-factor authentication with technical and social-engineering techniques. After gaining access, they might destroy the data (including backups).
  
  
• Maturity Level 3
  Maturity Level 3 focuses on adaptive adversaries who are more adaptative and less reliant on public tools to exploit weaknesses in their target's cybersecurity posture, such as old software and inadequate logging. Their goal is not only to penetrate the systems but to extend their access, evade detection, and solidify their presence.  They are willing to invest effort in circumventing specific policy and technical security controls, employing social engineering and bypassing multi-factor authentication. Once they gain a foothold, they seek privileged credentials, pivot within the network, and cover their tracks. Adversaries may also destroy all data, including backups, depending on their intent.