Australian Government Essential Eight and Maturity

Caute_cautim

Hi All

I would be very interested to hear from people whose organisations actively have put in place the Australian Government Essential Eight security controls and applied the maturity levels. How do you assess these systems in accordance with an organisation wide enterprise risk management strategy? It is a cut down version of the ISO 27001:2022, which reduces the amount of time required to carry out assessments on a regular basis or when you need to lift the maturity of particular parts of the business due to business criticality should that environment be attacked.

Any thoughts or experience you can share here?

Regards

Caute_Cautim

dcontesti

Thanks for sharing. I had not seen this (a little behind on my reading) but it is a an excellent resources for folks to follow in implementing controls (unless you must follow others),

There is a great write-up here:

https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/essential-eight/...

However, I still wish that government's could work together and come up with one standard. Yes, I work for a Global organisation so must follow all the rules and regulations and sometimes that is daunting.

d

Caute_cautim

@dcontesti Yes, I agree especially when Sarbanes Oxley Act demands the CEO reports compliance every 90 days with then danger of penalties being publically recorded against their international name.

Regards

Caute_Cautim