Skip to main content

Solution

ASD Essential 8 Assessment

Validate, uplift cyber maturity and demonstrate compliance to mandated federal government requirements.

Validate

Validate current cybersecurity practices and identify any potential gaps.

Demonstrate

Demonstrate compliance with mandated federal Government requirements.

Uplift

Uplift cyber insurability profile and cyber maturity posture.

The ASD Essential 8 prioritises strategies considered to be the most effective cybersecurity ‘baseline’ for Australian businesses and public sector organisations.

The advancement of digitalisation has been a key driver towards organisational efficiency. The scale in which cyber operates has conversely led to rapid increases in both the volume and sophistication of cyberattacks.

As a key element of critical infrastructure, government and public sector organisations are a primary target for cyber criminals. Adversaries are continuously exploiting weaknesses in IT security and information management systems through practices such as targeted phishing emails and ransomware attacks.

What is the ASD Essential 8?

The Australian Cyber Security Centre (ACSC) based within the Australian Signals Directorate (ASD) has developed prioritised mitigation strategies, in the form of the Strategies to Mitigate Cyber Security Incidents, to help organisations protect themselves against various cyber threats. The most effective of these mitigation strategies are the Essential Eight.

All organisations, public and private in Australia are encouraged to implement Essential 8. For NSW Government agencies, implementing Essential 8 is a policy imperative. Under the NSW Cyber Security Policy (CSP), each agency must implement Essential 8 as well as annually report a maturity assessment against Essential 8.

Created in February 2017, the Australian Signals Directorate (ASD) found that when operating effectively, the Essential 8 mitigates 85% of targeted cyber-attacks. Marsh’s ASD Essential 8 Assessment can help you achieve and improve your Essential 8 compliance.

How it works

Marsh’s ASD Essential 8 Assessment can help you achieve and improve your Essential 8 compliance and is delivered in  four steps:

  1. Marsh Cyber Advisory provide a self-assessment survey on the different maturity levels of the Essential 8 controls. Our Cyber Consultants conduct workshops with you, in order to respond and validate as accurately as possible. All evidence is reviewed to determine the extent of controls implemented.
  2. With the captured responses a score is assigned and mapped to an ASD Essential 8 maturity level. Once all the responses are collated an overall maturity level is established.
  3. Control gaps are then identified and recommendations provided to uplift to a baseline.
  4. All the information is pulled together into a report and presented to stakeholders.

In addition to this report our team are also able support in implementation of additional controls, if required.

Minimise cyber risk and exposure

By undertaking this assessment your organisation will not only validate your current cyber security practices and identify any potential gaps, it will also uplift your cyber maturity posture in line with Australian government guidance – minimising your cyber risk and likelihood of exposure.

What are the ASD essential 8 security controls?

The ASD considers Essential 8 to be the most effective cyber resilience ‘baseline’ for Australian organisations. The 8 controls are:

  • Application Whitelisting: To control the execution of unauthorised software
  • Configure Macros: To block untrusted macros
  • Multi-Factor Authentication: To protect against risky activities
  • Restrict Admin Permissions: To limit powerful access to systems
  • Patching Applications: To remediate known security vulnerabilities
  • Application Hardening: To protect against vulnerable functionalities
  • Patch Operating Systems: To remediate known security vulnerabilities
  • Daily Backups: To maintain availability of critical data

FAQs

The Australian Cyber Security Centre’s (ACSC)  Essential 8 risk management framework is a prioritised list of eight mitigation strategies (security controls) that organisations can implement to protect their organisation against a range of adversaries.

The ASD considers Essential 8 to be the most effective cyber resilience ‘baseline’ for Australian organisations.

The 8 controls are:

  1. Application Whitelisting
  2. Configure Macros
  3. Multi-Factor Authentication
  4. Restrict Admin Permissions
  5. Patching Applications
  6. Application Hardening
  7. Patch Operating Systems
  8. Daily Backups

The ASD has 4 levels of maturity, 0-3, the ASD recommends a level 2 compliance however organisations may choose to be a level 3 compliance. Maturity at each level needs to be in line with the ASD recommended maturity guidelines.

ASD Essential 8 is a set of eight essential mitigation strategies defined by Australian Cyber Security Centre (ACSC) as a baseline.

Marsh 12 Key Controls Assessment measures the maturity for 12 cyber security controls reviewed by cyber insurance underwriters to understand the cyber security and resilience maturity of an organisation. 

Why Marsh

As experts in enterprise and cyber risk, we help you take an enterprise wide, scalable approach in building your cyber resilience.

Together, we identify your risks, and develop a best-for-you program and team of partners to help manage it.

Informing your approach and decision-making process with our 25 years of cyber expertise and data driven insight. So that your path to cyber resilience is more productive and predictive; and your outcomes are more efficient and effective.

Article

How can organisations benefit from the ASD Essential 8

Learn more about the Essential 8 and how they can benefit your business in this helpful short-form guide.

Our people

This publication is not intended to be taken as advice regarding any individual situation and should not be relied upon as such. The information contained herein is based on sources we believe reliable, but we make no representation or warranty as to its accuracy. Marsh shall have no obligation to update this publication and shall have no liability to you or any other party arising out of this publication or any matter contained herein. LCPA 23/167.