ASD: Essential Eight
The Australian Signals Directorate (ASD) has developed prioritised mitigation strategies to help technical cyber security professionals mitigate cyber security incidents.
The “Essential Eight” mitigation strategies incorporates the Top 4 mitigations. Correct implementation of these eight mitigations provides a cyber security baseline for organisations.
Find out more about the ASD Essential Eight: Download PDF (265 KB)
The Essential Eight
To prevent malware running
- 1) Application whitelisting
A whitelist only allows selected software applications to run on computers.
- 2) Disable untrusted Microsoft Office macros
Microsoft Office applications can use software known as 'macros' to automate routine tasks.
- 3) Patch applications
A patch fixes security vulnerabilities in software applications.
- 4) User application hardening
Block web broser access to Adobe Flash Player (uninstall if possible), web ads and untrasted Java code on the Internet.
To limit the extent of incidents and recover data
- 5) Restrict administrative privileges
Only use administrator privileges for managing systems, installing legitimate software and applying software patches. These should be restricted to only those that need them.
- 6) Multi-factor authentication
This is when a user is only granted access after successfully presenting multiple, separate pieces of evidence. Typically something you know, like a passphrase; something you have, like a physical token; and/or something you are, like biometric data.
- 7) Patch operating systems
A patch fixes security vulnerabilities in operating systems.
- 8) Daily backup of important data
Regularly back up all data and store it securely offline.
For further information, visit the Australian Signals Directorate (ASD) website: ASD Essential Eight