Cyber Security Category Banner Image

Lumify Cyber Security Solutions

Working with and for businesses to implement, grow and evolve their security maturity

Essential Eight Explained

Developed by the Australian Signals Directorate (ASD) in 2017, the Essential Eight was developed to help organisations protect themselves against various cyber threats and designed to protect organisations’ internet-connected information technology networks.

While no set of mitigation strategies are guaranteed to protect against all cyber threats, organisations are recommended to implement eight essential mitigation strategies from the Strategies to Mitigate Cyber Security Incidents as a baseline. This baseline, known as the Essential Eight, makes it much harder for adversaries to compromise systems.

The mitigation strategies that constitute the Essential Eight are:

  • patch applications

  • patch operating systems

  • multi-factor authentication

  • restrict administrative privileges

  • application control

  • restrict Microsoft Office macros

  • user application hardening

  • regular backups.

The Australian Cyber Security Centre (ACSC) website has some fantastic resources that are updated regularly. This includes any Maturity updates made to the Essential Eight, ISM Mapping, FAQ and much more. It is recommended you visit this website to help you make an informed decision around whether implementing Essential Eight is right for your organisation Essential Eight | Cyber.gov.au

Training to help your organisation implement and maintain the Essential Eight

Each of the Essential Eight mitigation strategies requires configuration of various platform or software systems utilised within an organisation and due to the variety of these systems being utilised across organisations, there is no dedicated training course as such for the Essential Eight however much of the recommended mitigation strategies align to the Microsoft eco system. To assist your organisation in implementing and maintaining the Essential Eight, we have mapped some recommended training courses.

Lumify Training Options:

Pillar 1 - Implementing Application Control. We recommend the following courses which will provide students with the knowledge to help reach maturity level 2 (if not 3) within an organisation.

Pillar 2 -Patch Applications: We recommend the following course covering Windows Defender, Azure Sentinel and Purview which will provide students with knowledge and a robust toolkit to help reach the desired maturity level within an organisation.

Pillar 3 - Configure Office Macro settings: We recommend the following courses covering Microsoft Security, Compliance and Identity which will provide students with knowledge and a robust toolkit to help reach the desired maturity level within an organisation.

Pillar 4 - User Application Hardening: We recommend the following course or the security path covering Microsoft Security, Compliance and Identity which will provide students with knowledge and a robust toolkit to help reach the desired maturity level within an organisation.

Microsoft MD-102T00 - Microsoft 365 Endpoint Administrator Or follow the Security path below

Microsoft SC-900T00 - Microsoft Security, Compliance, and Identity Fundamentals

Microsoft SC-300T00 - Microsoft Identity and Access Administrator

Microsoft SC-100T00 - Microsoft Cybersecurity Architect

Microsoft AZ-1002 - Configure Secure Access to your Workloads using Azure Virtual Networking | Lumify Work AU

Microsoft AZ-1003 - Secure Storage for Azure Files and Azure Blob Storage | Lumify Work AU

Microsoft AZ-2001 - Implement Security through a Pipeline using Azure DevOps | Lumify Work AU

Microsoft SC-5008 - Configure and Manage Entitlement with Microsoft Entra ID | Lumify Work AU

Pillar 5 - Restrict Administrative Privileges: We recommend the following security path covering Microsoft Security, Compliance and Identity which will provide students with knowledge and a robust toolkit to help reach the desired maturity level within an organisation. Hint: Windows Defender Credential Guard and Windows Defender Remote Credential Guard are your go-to here.

Microsoft SC-900T00 - Microsoft Security, Compliance, and Identity Fundamentals

Microsoft SC-300T00 - Microsoft Identity and Access Administrator

Microsoft SC-100T00 - Microsoft Cybersecurity Architect

Microsoft SC-5008 - Configure and Manage Entitlement with Microsoft Entra ID | Lumify Work AU

Pillar 6 - Patch Operating Systems: We recommend the following course covering Windows Defender, Azure Sentinel and Purview which will provide students with knowledge and a robust toolkit to help reach the desired maturity level within an organisation.

Pillar 7 - Multi-factor authentication (MFA) & Pillar 8 - Regular Backups: We recommend the following courses covering Windows Defender, Azure Sentinel, EntraID and Purview which will provide students with knowledge and a robust toolkit to help reach the desired maturity level within an organisation.

Cybersecurity Best Practices, Auditing and Risk Assessments

Before implementation of the Essential Eight, you will need to perform an audit on your organisation to understand where you are currently aligned and what needs to be implemented to reach the desired maturity level. It is also recommended that the owner of the Essential Eight implementation and ongoing maintenance has a fundamental understanding of key cybersecurity concepts which will aide in this process. Below are some recommended fundamental courses to assist upskilling of individuals who may not have had official training in these domains. Lumify also offers a wide range of cybersecurity training courses aligning to all levels of experience and we recommend you reach out to us if you are looking for more advanced training on Cybersecurity.

Cybersecurity Fundamentals

Certified in Cybersecurity – The Certified in Cybersecurity (CC) is a one day workshop which provides training on foundational cyber security best practices including security principles, business continuity, incident response and disaster recovery, access control concepts, network security and security operations and would be an ideal course for anyone managing your Essential Eight program Certified in Cybersecurity ISC2 & ISC2 CC | Lumify Work | Lumify Work AU

IT Audit Fundamentals - The IT Audit Fundamentals Certificate fills an educational gap, with learnings that include how to prepare an audit, the IT environment and components, and emerging technologies and helps your enterprise address the increasing need for audit professionals throughout an organization IT Audit Fundamentals.

IT Risk Fundamentals - The IT Risk Fundamentals Certificate provides valuable foundational knowledge on terminology, concepts and processes that will empower professionals within your organization to better communicate with risk or IT Risk professionals or provide a foundation for those who are interested in working as a risk or IT Risk professional IT Risk Fundamentals.

Contact Lumify Work

Have a question about a course or need some information? ask us here.