Achieving advanced-level cyber security is an aspirational target for most organisations. But any organisation that has achieved intermediate-level cyber security protection should aspire to go further down the risk minimization path. Advanced cyber security protection is achieved when your organisation is at Maturity Level 3 when measured against all Essential 8 mitigation controls.
In broad terms, advanced cyber security protection can be broken down into four main areas:
Information classification & security
- Independent assessment for compliance against an information security standard like ISO27001
User device management
- Intermediate-level protections (appropriate firewall and antivirus protection, secure device encryption and password protection, remote data-wiping ability)
- Capacity to block non-compliant user devices from connecting to organizational information stores
Network threat detection & alerting
- Installing a contemporary Security Information and Event Management (SIEM) system to collect and analyse security information from all devices and accounts, identifying risks and required actions
Policies, user education & compliance
- Staff consider security as one of their key responsibilities and actively consider how to keep sensitive data safe
- Bi-annual compliance testing identifies potential security risks
Engaging, effective security education reinforced regularly and available on demand.