The Essential Eight – Cyber Threat Mitigation

Saxons Blog

Saxons Blog

What is the Essential Eight?

Developed by The Australian Signals Directorate (ASD), the “Essential Eight” is a cyber security incidents mitigation strategy, designed to protect organisations’ internet-connected information technology networks.

The mitigation strategies that constitute the Essential Eight are:

  1. Application control
  2. Patch applications
  3. Configure Microsoft Office macro settings
  4. User application hardening
  5. Restrict administrative privileges
  6. Patch operating systems
  7. Multi-factor authentication
  8. Regular backups


Essential Eight Maturity Model Levels

The Essential Eight Maturity Model is the official documentation published by the ASD on effectively implementing the Essential Eight. There are four defined maturity levels, each level based on mitigating increasing levels of malicious tradecraft and targeting.

Organisations must reflect on their cyber security history, the likelihood of malicious targeting, and the consequences of a potential cybersecurity incident on their organisation. With this in mind, organisations can determine the ideal target maturity level to implement.

Maturity Level Zero: Weaknesses in an organisation’s overall cyber security posture.

Maturity Level One: Organisations are vulnerable to malicious actors who are opportunistic. These malicious actors may seek common weaknesses in many targets rather than investing heavily in gaining access to a specific target.

Maturity Level Two: Organisations are vulnerable to malicious actors who may be more capable compared to the previous maturity level. These malicious actors are willing to invest more time in a target and in the effectiveness of their tools.

Maturity Level Three: Organisations are vulnerable to malicious actors who are more adaptive than previous levels. These malicious actors seek weaknesses in their target’s cyber security posture that they can exploit. There is a stronger focus on particular targets within an organisation, and they may utilise social engineering tactics.


What to Consider When Choosing a Maturity Model Level

  • Financial risk
  • Reputational risk
  • External and internal stakeholder impact
  • Data sensitivity
  • Legal liability
Share this post on...


We provide a comprehensive range of IT solutions for Australian businesses


Business Continuity

Business Continuity is the planned process employed by companies to re-instate their business process. It details the procedures acted upon to ensure the continuance of essential functions during and post event.


Business Connectivity

Business Connectivity is the underlying framework including applications designed to keep your business talking. It allows for fluid communication between project teams, clients and management.


Business Mobility

Business Mobility is the practice of IT strategy supporting work on any device or in any location. It allows for work to continue on the go, while reducing costs and promoting more open corporate culture.


Business Relocation

Business Relocation is the planning and implementation of new site operations. It allows for the seamless IT operation of new offices with zero downtime.


Scalable Solutions

Scalable IT Solutions allow you to only pay for what you use, with the ability to rapidly increase your resources in response to business growth or other changes.


IT Security

IT Security protects your data, business processes and IP from threats and intrusions, in a secure, enterprise-grade computing environment.