https://community.isc2.org/t5/Governance-Risk-Compliance/Australian-Government-Essential-Eight-and-Maturity/m-p/74414#M1218 <P>Thanks for sharing.&nbsp; I had not seen this (a little behind on my reading) but it is a an excellent resources for folks to follow in implementing controls (unless you must follow others),</P><P>&nbsp;</P><P>There is a great write-up here:</P><P>&nbsp;</P><P><A href="https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/essential-eight/essential-eight-explained" target="_blank">https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/essential-eight/essential-eight-explained</A></P><P>&nbsp;</P><P>However, I still wish that government's could work together and come up with one standard.&nbsp; Yes, I work for a Global organisation so must follow all the rules and regulations and sometimes that is daunting.</P><P>&nbsp;</P><P>d</P><P>&nbsp;</P> Tue, 08 Oct 2024 10:03:59 GMT dcontesti 2024-10-08T10:03:59Z https://community.isc2.org/t5/Governance-Risk-Compliance/Australian-Government-Essential-Eight-and-Maturity/m-p/74378#M1217 <P>Hi All</P><P>&nbsp;</P><P>I would be very interested to hear from people whose organisations actively have put in place the Australian Government Essential Eight security controls and applied the maturity levels.&nbsp;&nbsp; How do you assess these systems in accordance with an organisation wide enterprise risk management strategy?&nbsp; It is a cut down version of the ISO 27001:2022, which reduces the amount of time required to carry out assessments on a regular basis or when you need to lift the maturity of particular parts of the business due to business criticality should that environment be attacked.&nbsp;</P><P>&nbsp;</P><P>Any thoughts or experience you can share here?</P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_Cautim</P> Sun, 06 Oct 2024 18:57:54 GMT https://community.isc2.org/t5/Governance-Risk-Compliance/Australian-Government-Essential-Eight-and-Maturity/m-p/74378#M1217 Caute_cautim 2024-10-06T18:57:54Z https://community.isc2.org/t5/Governance-Risk-Compliance/Australian-Government-Essential-Eight-and-Maturity/m-p/74414#M1218 <P>Thanks for sharing.&nbsp; I had not seen this (a little behind on my reading) but it is a an excellent resources for folks to follow in implementing controls (unless you must follow others),</P><P>&nbsp;</P><P>There is a great write-up here:</P><P>&nbsp;</P><P><A href="https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/essential-eight/essential-eight-explained" target="_blank">https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/essential-eight/essential-eight-explained</A></P><P>&nbsp;</P><P>However, I still wish that government's could work together and come up with one standard.&nbsp; Yes, I work for a Global organisation so must follow all the rules and regulations and sometimes that is daunting.</P><P>&nbsp;</P><P>d</P><P>&nbsp;</P> Tue, 08 Oct 2024 10:03:59 GMT https://community.isc2.org/t5/Governance-Risk-Compliance/Australian-Government-Essential-Eight-and-Maturity/m-p/74414#M1218 dcontesti 2024-10-08T10:03:59Z https://community.isc2.org/t5/Governance-Risk-Compliance/Australian-Government-Essential-Eight-and-Maturity/m-p/74432#M1219 <P><a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/715155969">@dcontesti</a>&nbsp;&nbsp; Yes, I agree especially when Sarbanes Oxley Act demands the CEO reports compliance every 90 days with then danger of penalties being publically recorded against their international name.</P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_Cautim</P><P>&nbsp;</P><P>&nbsp;</P> Tue, 08 Oct 2024 21:11:46 GMT https://community.isc2.org/t5/Governance-Risk-Compliance/Australian-Government-Essential-Eight-and-Maturity/m-p/74432#M1219 Caute_cautim 2024-10-08T21:11:46Z