Industry Standards Compliance

Align your business with the world best and leading security standards like ACSC Essential Eight, or ISO 27001

As your business grows, you'll likely find yourself handling more sensitive data. At the same time, you'll be under more pressure to keep that data secure from external threats seeking to extract and exploit it. That's where industry-standard compliance comes in; industry standards like Essential8 and ISO 270001 provide a proven framework for keeping your data safe.

Compliance with these standards can be daunting, but it's essential for protecting your business, your commercial partners, and your customers. Fortunately, the expert IT security consultants at Cautio have a range of services that can assist you with meeting all of your industry standards, requirements and obligations.

 To learn more, please contact us at Cautio today by calling 1300 152 129.

What is Essential Eight

As part of the ACSC Strategies to Mitigate Cyber Security Incidents, the Essential 8 is a baseline that organisations should aim to introduce into their security measures to make it more difficult for malicious entities to breach systems.
It consists of 8 mitigation strategies, and it has multiple levels of maturity starting from 0 up to 3.
Below you can see the list of mitigation strategies for maturity level 1

Essential Eight Mitigation Strategies
(Level 1 maturity)

Application control

The execution of executables, software libraries, scripts, installers, compiled HTML, HTML applications and control panel applets is prevented on workstations from within standard user profiles and temporary folders used by the operating system, web browsers and email clients.

Patch applications

Patches, updates or vendor mitigations for security vulnerabilities in internet-facing services, office productivity suites, web browsers and their extensions, email clients, PDF software, and security products are applied, each within a specific timeframe.

A vulnerability scanner is used to identify missing patches or updates for security vulnerabilities in internet-facing services, office productivity suites, web browsers and their extensions, email clients, PDF software, and security products, the scan frequency differ based on the asset.

above mentioned products ans services that are no longer supported by vendors are removed.

Configure Microsoft Office macro settings

Microsoft Office macros are disabled for users that do not have a demonstrated business requirement.

Microsoft Office macros in files originating from the internet are blocked.

Microsoft Office macro antivirus scanning is enabled.

Microsoft Office macro security settings cannot be changed by users.

User application hardening

Web browsers do not process Java from the internet.

Web browsers do not process web advertisements from the internet.

Internet Explorer 11 does not process content from the internet.

Web browser security settings cannot be changed by users.

Restrict administrative privileges

Requests for privileged access to systems and applications are validated when first requested.

Privileged accounts (excluding privileged service accounts) are prevented from accessing the internet, email and web services.

Privileged users use separate privileged and unprivileged operating environments.

Unprivileged accounts cannot logon to privileged operating environments.

Privileged accounts (excluding local administrator accounts) cannot logon to unprivileged operating environments.

Patch operating systems

Patches, updates or vendor mitigations for security vulnerabilities in operating systems of internet-facing services, workstations, servers and network devices, are applied within a certain timeframe.

A vulnerability scanner is used to identify missing patches for security vulnerabilities in operating systems of internet-facing services, workstations, servers and network devices, the scan frequency differ based on the asset.

Operating systems that are no longer supported by vendors are replaced.

Multi-factor authentication

Multi-factor authentication is used by an organisation's users if they authenticate to any internet-facing services that process, store or communicate their organisation's sensitive data.

Multi-factor authentication (where available) is used by an organisation’s users if they authenticate to third-party internet-facing services that process, store or communicate their organisation's non-sensitive data.

Multi-factor authentication is enabled by default for non-organisational users (but users can choose to opt out) if they authenticate to an organisation’s internet-facing services.

Regular backups

Backups of important data, software and configuration settings are performed and retained in a coordinated and resilient manner in accordance with business continuity requirements.

Restoration of systems, software and important data from backups is tested in a coordinated manner as part of disaster recovery exercises.

Unprivileged accounts can only access their own backups.

Unprivileged accounts are prevented from modifying or deleting backups.

Information sourced from cyber.gov.au with slight modification

ISO 27001

ISO frameworks bring together policies and methods designed for organisations to follow, with ISO 27001 delivering a framework protecting sensitive data via adopting an Information Security Management System (ISMS). By becoming ISO 270001-certified, you will not only receive the tools to defend valuable information, but will also reassure customers and commercial partners that their information will be safe in your care.

Meet Industry Standards with the Assistance of Cautio Consultants

Cautio’s expert consultants assist businesses in building their compliance capabilities by conducting an initial security assessment to identify the gaps in your current operations. From here, we can proceed to develop strategies that will help you work towards a minimum-security baseline, as well as provide you with the necessary tools to meet the relevant business policies, laws and regulations.

For more information, please contact us today and one of our specialists will be happy to help. Call 1300 152 129, send an email to contact@cautio.com.au, or enter your details into our online inquiry form.

Get started with Cautio

Our team of specialists can provide consultation on where to start, how we can help, and how to secure your business.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Quick Links
Services
Contact UsAbout Us
Site Information
News and PressSingle News
Legal & Compliance
Terms and Conditions
Privacy PolicyCookies Policy

©️ 2024 Cautio. All Rights Reserved.