Got a question? Call 1800 853 276   |   
Contact usCheckoutContact us
Cyber Bundles 2024

Essential Eight Solutions

Essential Eight Explained

In 2017, the Australian Signals Directorate (ASD) developed the Essential Eight framework to help organisations protect themselves against various cyber threats. The ASD's Essential Eight was designed to protect organisations’ internet-connected information technology networks.

While no set of mitigation strategies are guaranteed to protect against all cyber threats, organisations are recommended to implement eight essential mitigation strategies from the Strategies to Mitigate Cyber Security Incidents as a baseline. This baseline, known as the Essential Eight, makes it much harder for adversaries to compromise systems.

The Essential Eight strategies include:

  • patch applications

  • patch operating systems

  • multi-factor authentication

  • restrict administrative privileges

  • application control

  • restrict Microsoft Office macros

  • user application hardening

  • regular backups

The Australian Cyber Security Centre (ACSC)'s Essential Eight online resources offer fantastic guides. Their website is updated regularly, including any Essential Eight Maturity Model updates, ISM Mapping, FAQs, etc. We recommend that you visit the ACSC website to help you make an informed decision about whether implementing Essential Eight is right for your organisation.

Contact Lumify Work

Have a question about a course or need some information? ask us here.

Skilling to implement Essential Eight in Australia

Training is critical to helping your organisation implement and maintain the Essential Eight controls.

Each of the Essential Eight mitigation strategies requires configuring various platforms or software systems utilised within an organisation.

Due to the wide range of systems utilised across organisations, there is no dedicated training course for Essential Eight. However, much of the recommended mitigation strategies align with the Microsoft ecosystem. We have mapped some recommended training courses to assist your organisation in implementing and maintaining the Essential Eight.

Explore these Lumify Work training options:

Pillar 1 - Implementing Application Control

We recommend the following courses, which will give students the knowledge to help them reach maturity level 2 (if not 3) within an organisation.

Pillar 2 - Patch Applications

We recommend the following courses that cover Windows Defender, Azure Sentinel and Purview. These will provide students with knowledge and a robust toolkit to help them reach the desired maturity level within an organisation.

Pillar 3 - Configure Office Macro Settings

We recommend the following courses covering Microsoft Security, Compliance and Identity. These offer students the knowledge and tools to help them reach their organisation's desired security maturity level.

Pillar 4 - User Application Hardening

We recommend the following courses or the security training path covering Microsoft Security, Compliance and Identity. These offer students the know-how and tools to help reach the desired maturity level within an organisation's Microsoft ecosystem.

Microsoft MD-102T00 - Microsoft 365 Endpoint Administrator

Or follow the Microsoft Security training path below:

Pillar 5 - Restrict Administrative Privileges

We recommend the following security training path covering Microsoft Security, Compliance and Identity. This training path gives students the skills and knowledge to help them reach the desired maturity level within an organisation.

Pro-tip: Windows Defender Credential Guard and Windows Defender Remote Credential Guard are your go-to here.

Pillar 6 - Patch Operating Systems

We recommend the following courses covering Windows Defender, Azure Sentinel and Purview.

Pillar 7 - Multi-Factor Authentication (MFA)
and
Pillar 8 - Regular Backups

We recommend the following courses covering Windows Defender, Azure Sentinel, EntraID and Purview.

Cyber Security Best Practices, Auditing and Risk Assessments

Before anything else, get the fundamentals right.

To prepare for implementing Essential Eight strategies, you must audit your organisation to understand where you are currently aligned and what you need to do to reach the desired maturity level.

The leader in your organisation who will own the Essential Eight project needs to have a fundamental understanding of crucial cyber security concepts. This basic understanding will aid in the implementation and maintenance processes.

Below are some recommended fundamental courses to assist individuals not officially trained in these domains.

Lumify also offers a wide range of cyber security training courses appropriate for all experience levels. If you want more advanced training in Cyber Security, don't hesitate to contact us.

Explore training options on Cyber Security Fundamentals:

  • Certified in Cybersecurity - The ISC2 Certified in Cybersecurity (CC) is a one-day workshop that provides training on foundational cyber security best practices, including security principles, business continuity, incident response and disaster recovery, access control concepts, network security, and security operations. It would be ideal for anyone managing your Essential Eight program.

  • IT Audit Fundamentals - The ISACA IT Audit Fundamentals Certificate fills an educational gap. Its learnings include how to prepare an audit, the IT environment and components, and emerging technologies. It also helps your enterprise address the increasing need for audit professionals throughout an organisation.

  • IT Risk Fundamentals - The ISACA IT Risk Fundamentals Certificate course provides valuable foundational knowledge on terminology, concepts, and processes. This knowledge can empower professionals within your organisation to better communicate with Risk or IT Risk professionals. The course teaches the basics for those interested in working as risk or IT Risk professionals.