ESSENTIAL EIGHT RISK MITIGATION STRATEGIES

The Essential Eight is a baseline risk mitigation strategy recommended by the Australian Department of Defence’s intelligence agency known as the Australian Signals Directorate (ASD). Implemented successfully, Essential Eight can mitigate cyber security risks for your organisation.

Essential Eight mitigates common cyber security risks and limits the extent of incidents when they happen. It takes you through these baseline risk mitigation strategies which Professional Advantage can help you put in place:

1. Application Whitelisting

Allow only trusted and approved applications to run on your network. This prevents execution of malicious programs from automatically running by having a set of pre-approved apps

2. Application Patching

Determine patching procedures and levels for popular web browsers, Microsoft Office, Oracle Java and PDF viewers. This would help mitigate vulnerabilities on apps that need patching.

3. Operating System Patching

Determine existing patching systems, patching schedules and server/workstation patching compliance. This should allow you to mitigate vulnerabilities on operating systems that need patching.

4. Restrictions of Administrative Privileges

Review admin privileges on specific IT systems and provide necessary permissions only for those who need them.

5. Configuration of Office Macros

Review office macros and current policies to prevent untrusted macros with malware from automatically running.

6. User Application Hardening

Ensure that unauthorised applications will not be utilised such as Adobe Flash Player or Java applets in browsers that have been known to deliver malware.

7. Multi-factor Authentication

Use a second factor such as a physical token or mobile device to make it more difficult for cyber criminals to access your systems even when the password has been breached.

8. Review Backups

Ensure regular backups of data so you can get it back in case you suffer a cyber-attack. Determine RTO/RPO, retention period, online/offline backups, offsite storage location and test restoration schedule.


Implementation of the Essential Eight will vary across organisations depending on potential adversaries and risk profile. It is important to undertake a comprehensive risk analysis prior to implementation to develop a sustainable security strategy.  

Ultimately, establishing a security culture throughout an organisation is fundamental to risk mitigation. Well-developed and robust security strategies can be quickly and easily undone through human interaction. 

Would you like Approved Systems assist in getting you above this baseline?

It is important to understand and plan for any impact or changes your business will experience as a result of introducing the Essential Eight. Similarly, your business will need to ensure that any changes to your ICT environment take into consideration the Essential Eight’s role in protecting your assets.

Approved systems can assist with developing your Essential Eight strategy and technical implementation. We can can also help you to understand the maturity of your Essential Eight implementation by completing a technical review, reporting against ASD’s Essential Eight Maturity Model.

What you’ll get:

  • Visibility of your current Essential Eight security posture and where the gaps are.
  • Consulting advice to help you effectively implement Essential Eight related technologies.
  • A customisable review that can focus on key threats where you may have previously experienced cyber security intrusions.