New announcement. Learn more

Sales & Support | 1300 626 243
Managed Portal

Digital Office

Your source of IT news, alerts and updates.

All
NewsIT Managed ServicesIT GovernanceMicrosoftTrendsMalwareCyber SecurityManaged ITSecurityCommunityMicrosoft OfficeMSPManaged ServicesPerthArtificial IntelligenceAwardsCybersecurityGovernmentHockey WAManaged GovPhishingSecurity Awareness TrainingWALGAACSCAustralian Cyber Security CentreBackupCertificationsCloud SolutionsComplianceData SecurityDisaster RecoveryEmail SecurityGoogleGoogle SuiteIlluminance SolutionsIncident ResponseLocal government agenciesMachine LearningMicrosoft 365 CopilotMulti-Factor AuthenticationNot for profitPassword ManagerPasswordsRansomwareRisk ManagementSponsorshipTechnologyWest Tech AssemblageZero Trust Network AccessZTNA
TAGS

The Essential Eight Maturity Model

The essential eight maturity model

The Federal Government’s Australian Cyber Security Centre has compiled The Essential Eight mitigation strategies as a starting point to improve cybersecurity. 


The Essential Eight are split into three categories:

  • Preventing malware delivery and execution 
  • Limiting the extent of cyber security incidents 
  • Recovering data and system availability. 

This week’s blog discusses the Maturity Model of the Essential Eight. The Maturity Model addresses how organisations who have implemented their desired mitigation strategies to an initial level can increase their implementation’s maturity. The aim being to eventually reach full alignment with the intent of each mitigation strategy. 

 
Maturity Levels

The ACSC has defined three maturity levels for each of the Essential Eight. These categorisations are designed to assist organisations to determine the maturity of their Essential Eight implementation. 


The maturity levels are: 

  • Maturity Level One: Partly aligned with the intent of mitigation strategy 
  • Maturity Level Two: Mostly aligned with the intent of mitigation strategy 
  • Maturity Level Three: Fully aligned with the intent of mitigation strategy. 

You can review the Maturity Model here: 
Essential Eight Maturity Model (July 2019)

 
What Maturity Level does my Organisation Need? 

Naturally enough, ACSC recommends that, as a baseline, an organisation aims to reach Maturity Level Three for each of the Essential Eight. 
Let’s look at this from a slightly more ‘helicopter’ perspective. As we’ve noted previously, cybersecurity or security governance is a subpart of information governance. In turn, information governance is a subpart of corporate governance. 


"There is a strong correlation between the maturity curve of IT governance and overall effectiveness of IT. You need to assess where your organisation sits on the maturity curve in terms of capability: initial/ad hoc, repeatable, defined, managed or optimised."But which Maturity Level you need does not necessarily reflect your organisation’s IT capability. There are external factors in play, be they legislative, regulatory or your organisation’s existing frameworks – ie, doing what your organisation has committed itself to doing. At a commercial level, the cost and coverage of cybersecurity insurance may be severely impacted by those requirements.



Managed IT is a division of the Managed Group.

The Managed Group also consists of the following companies:

About Us
Awards & Partners
Terms & Conditions
Privacy Policy
Careers

Community

Blog

Managed Operations
Monitoring & Maintenance
Office 365

Managed vCIO
Backup & Disaster Recovery

Managed Cloud
Cloud Services
Private Cloud

Managed Protect

Managed Gov

Managed Connect
Internet & Broadband
Networking
Hosting & Co-location
VOIP
Document Management
Mobile Device Management

Contact

   Suite 11, 24 Parkland Road, 
        Osborne Park, WA 6017

   1300 626 243

MANAGED PORTAL

Copyright © 2024 Managed IT