cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Caute_cautim
Community Champion

Australian Government Essential Eight and Maturity

Hi All

 

I would be very interested to hear from people whose organisations actively have put in place the Australian Government Essential Eight security controls and applied the maturity levels.   How do you assess these systems in accordance with an organisation wide enterprise risk management strategy?  It is a cut down version of the ISO 27001:2022, which reduces the amount of time required to carry out assessments on a regular basis or when you need to lift the maturity of particular parts of the business due to business criticality should that environment be attacked. 

 

Any thoughts or experience you can share here?

 

Regards

 

Caute_Cautim

2 Replies
dcontesti
Community Champion

Thanks for sharing.  I had not seen this (a little behind on my reading) but it is a an excellent resources for folks to follow in implementing controls (unless you must follow others),

 

There is a great write-up here:

 

https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/essential-eight/...

 

However, I still wish that government's could work together and come up with one standard.  Yes, I work for a Global organisation so must follow all the rules and regulations and sometimes that is daunting.

 

d

 

Caute_cautim
Community Champion

@dcontesti   Yes, I agree especially when Sarbanes Oxley Act demands the CEO reports compliance every 90 days with then danger of penalties being publically recorded against their international name.

 

Regards

 

Caute_Cautim