How can we help you?

Essential Eight Security Control Assessment

Are your current security controls protecting your business?
The security landscape is constantly evolving. To proactively protect customers, employees and reputations from the everchanging threat actors, organisations need to benchmark their security controls against the Australian Cyber Security Centre’s (ACSC) Essential Eight Maturity Model.

AC3’s ACSC Essential Eight Security Control Assessment provides you with an experienced Cyber Security Consultant to review your technical environment and provide a benchmark against the controls of the Australian Cyber Security Centre’s Essential Eight Maturity Model. Our Security Control Assessment will provide an assessment of each security control contained by the Essential Eight maturity model, confirmation of the efficacy of each control, an assessment of the maturity level the organisation has achieved from 0 (lowest) to 3 (highest) and remediation recommendations including strategic and tactical changes necessary to move the organisation to the next highest maturity level for each strategy.

The Essential Eight Mitigation Strategies

The Essential Eight Maturity model focuses on 78 individual controls across the following eight security strategies
Application Control
Prevent the execution of unapproved/malicious programs including .exe, DLL, scripts.
Patch Applications
Patch/mitigate computers with ‘extreme risk’ security vulnerabilities within 48 hours and use the latest version of applications.
Configure Microsoft Office macro settings
Block macros from the internet, and only allow vetted macros either in ‘trusted locations’ with limited write access or digitally signed with a trusted certificate.
User application hardening
Configure web browsers to block Flash (ideally uninstall it), ads and Java on the internet. In addition, disable unneeded features in Microsoft Office (e.g. OLE), web browsers and PDF viewers.
Restrict administrative privileges
Restrict administrative privileges to operating systems and applications based on user duties. Regularly revalidate the need for privileges. Don’t use privileged accounts for reading email and web browsing.
Patch operating systems
Patch/mitigate computers (including network devices) with ‘extreme risk’ security vulnerabilities within 48 hours. Use the latest operating system version. Don’t use unsupported versions.
Multi-factor authentication
Multi-factor authentication including for VPNs, RDP, SSH and other remote access, and for all users when they perform a privileged action or access an important (sensitive/high-availability) data repository.
Regular backups
Regular backups of important new/changed data, software and configuration settings, stored disconnected, retained for at least three months. Test restoration initially, annually and when IT infrastructure changes.

But I want to know more!

We're always available to answer any questions, so please get in touch, but here are some of the most common ones we hear.

Key features

Certified team
Our team of 350+ are certified experts across all of our disciplines and our technology vendors.
Government grade
We’re trusted by more than 50% of the NSW State Government, so you know we have you covered.
Certified experts
Our security consultants are certified in their respective disciplines, so you only get best practice advice.
Trusted partnership
We take the time to understand your business and what you need so we can deliver for you, every time.
Best of breed technology
We partner with the best to deliver the best in cutting edge tech that aligns with your needs.
It’s a journey
Security isn’t a destination, rather a continued investment in the health of your business. We can help you navigate the journey.
Actionable insights
We don’t believe in giving you a 600 page report. We prefer to provide pragmatic, actionable and simple advice.

Who is it for?

Organisations who want to ensure best practice security compliance.
Organisations that need an independent review of their security posture.
Organisations who want to leverage cyber security experts.

Why work with AC3?

1. Our history
We are the largest MSP in the NSW Government Data Centres and actually created the private network that the NSW government uses for its most secure communications.
2. We're certified
We are one of the only Australian privately owned cloud providers certified in governance and compliance across next-generation multi-cloud infrastructure and applications.
3. Trusted partner
When you put your data in the cloud, it’s only normal to worry about security. And in today’s security environment, our headline is that our clients don’t make them. When you work with us, you’ll be in good company.

Ready to secure your business?

AC3 is ready to benchmark your security controls.

Stay in the know!

We share great resources from time to time, sign up today!