Achieving advanced cyber security
How to plan for and implement a road map to advanced-level protection from cyber attacks.
Achieving advanced-level cyber security is an aspirational target for most organisations. But any organisation that has achieved intermediate-level cyber security protection should aspire to go further down the risk minimization path. Advanced cyber security protection is achieved when your organisation is at Maturity Level 3 when measured against all Essential Eight mitigation controls.
In broad terms, advanced cyber security protection can be broken down into four main areas:
Information classification & security
- Independent assessment for compliance against an information security standard like ISO27001
- Technical controls restrict staff from storing or transmitting sensitive data incorrectly.
- Data retention requirements are known and addressed in line with organisational needs and compliance obligations.
User access and authentication
- Access to important IT systems/applications employs single sign-on, a secure, core authentication service.
Device and network management
- Intermediate-level protections exist (appropriate firewall and antivirus protection, secure device encryption and password protection, remote data-wiping ability).
- Devices that don't comply with policies are blocked from connecting to organisational information stores.
- A vulnerability scanner is used effectively (identify, prioritise, and manage technical vulnerabilities).
Policies, risk management & compliance
- Independent assessment for compliance against an information security standard like ISO27001.
User education
- A strong security culture exists. Staff consider security as one of their key responsibilities and actively consider how to keep sensitive data safe.
- Training is engaging, tailored by role, available on demand and effective.
Status message
Thanks for rating this guide.