Pragmatic Information Security and Privacy Expert

Essential Eight Assessment

A focused assessment covering the Australian Signals Directorate's Essential Eight mitigation strategies for cyber security incidents.

A focused assessment covering the Australian Signals Directorate's Essential Eight mitigation strategies for cyber security incidents.

Progress: 0 of 8 questions answered

Patch Management

How do you manage security patches for operating systems and applications?

Why this matters:

Apply security patches promptly to close vulnerabilities before they can be exploited by attackers.

We apply critical patches within 48 hours using automated patch management.

We apply patches within one week of release.

We apply patches occasionally or when problems occur.

We do not have a regular patching process.

Not Applicable

Multi-Factor Authentication

Do you use multi-factor authentication (MFA) to protect accounts?

Why this matters:

Require MFA to significantly reduce the risk of account compromise from stolen credentials.

MFA is required for all users and uses phishing-resistant methods.

MFA is required for all users.

MFA is required for privileged accounts only.

MFA is not implemented.

Not Applicable

Restrict Administrative Privileges

How do you manage privileged (administrative) accounts?

Why this matters:

Limit administrative privileges to reduce the impact of credential compromise.

Administrative privileges are granted on a just-in-time basis with approval.

Administrative accounts are separate from standard user accounts.

Some administrative accounts are shared or used for daily tasks.

Administrative privileges are not restricted.

Not Applicable

Application Whitelisting

Do you control what software can be installed on systems?

Why this matters:

Prevent unauthorized software installation to reduce malware infection risk.

We use application whitelisting to allow only approved software.

Users do not have administrative rights to install software.

Software installation is restricted but not technically enforced.

Anyone can install software on systems.

Not Applicable

Daily Backups

Do you have data backup and recovery procedures?

Why this matters:

Maintain secure backups to enable recovery from ransomware and other data loss incidents.

We have automated daily backups stored off-site and tested regularly.

We have regular automated backups.

We perform occasional manual backups.

We have no regular backup procedures.

Not Applicable

Restrict Web Browsers

How do you secure web browser usage?

Why this matters:

Restrict browser functionality to prevent malicious code execution from web content.

Web browsers are configured to block active content and scripts.

Web browsers have basic security settings enabled.

Web browser security is not specifically configured.

Web browsers have no security restrictions.

Not Applicable

Email Attachments and Links

How do you protect against malicious email attachments and links?

Why this matters:

Block malicious email content to prevent malware infection and phishing attacks.

Email attachments and links are scanned and blocked based on content analysis.

Email attachments are scanned for malware.

Basic email filtering is in place.

No email security measures are implemented.

Not Applicable

User Application Hardening

How do you harden user applications against security risks?

Why this matters:

Configure applications to mitigate common security vulnerabilities and attack vectors.

User applications are configured with security hardening (e.g., disabled macros, secure defaults).

Some applications have security settings enabled.

Application security is not specifically managed.

Applications use default insecure settings.

Not Applicable

Please answer all 8 remaining questions.