Achieving advanced cyber security

Achieving advanced-level cyber security is an aspirational target for most organisations. But any organisation that has achieved intermediate-level cyber security protection should aspire to go further down the risk minimization path. Advanced cyber security protection is achieved when your organisation is at Maturity Level 3 when measured against all Essential 8 mitigation controls.

In broad terms, advanced cyber security protection can be broken down into four main areas:

Information classification & security

• Independent assessment for compliance against an information security standard like ISO27001

User device management

• Intermediate-level protections (appropriate firewall and antivirus protection, secure device encryption and password protection, remote data-wiping ability)
• Capacity to block non-compliant user devices from connecting to organizational information stores

Network threat detection & alerting

• Installing a contemporary Security Information and Event Management (SIEM) system to collect and analyse security information from all devices and accounts, identifying risks and required actions

Policies, user education & compliance

• Staff consider security as one of their key responsibilities and actively consider how to keep sensitive data safe
• Bi-annual compliance testing identifies potential security risks

Engaging, effective security education reinforced regularly and available on demand.