This project closely aligns with the Minister of Home Affairs and Cyber Security priorities, specifically:
- Increasing whole of nation cyber security efforts to protect Australia and our economy: This course will leverage partnerships with industry and education sector partners in every jurisdiction.
- Ensuring CI and government systems are resilient and cyber-secure: Essential Eight is a technical cyber security framework that has been adopted by many State governments, and is one of the approved frameworks in the Security of Critical Infrastructure Act.
- Growing and sustaining a national cyber workforce, focusing on education, skills and training: This training course will become a new Australian industry certification and will form a key part of the Australian cyber security training ecosystem.
The three (3) day face to face Essential Eight Assessment Course covers the Essential Eight Maturity Model including:
- Maturity and compliance requirements by market Federal and State Government, Critical Infrastructure and Defence Industry supply chain;
- Planning and scoping and assessment;
- The ACSC Essential Eight Assessment Process Guide;
- The ACSC Essential Eight Assessment Report Template;
- The ACSC Essential Eight Cyber Toolbox (ACVT and E8MVT);
- Assessment techniques and methods;
- Technical exercises; and
- Written exercises.
The training course will consist of the following modules:
- Session 1 includes the history of the Essential Eight and its use in current markets.
- Session 2 includes preparing for assessments, scoping, and determining the resources and tools needed.
- Session 3 includes an overview and demonstration of the main toolsets and product features/functions to use in an assessment.
- Session 4 includes preventing the execution of unapproved/malicious programs and installers.
- Session 5 includes patching/mitigating computers with ‘extreme risk’ security vulnerabilities.
- Session 6 includes patching/mitigating operating systems with ‘extreme risk’ security vulnerabilities.
- Session 7 includes configuring Microsoft Office macro settings to block macros from the internet and to allow vetted macros either in ‘trusted locations’ or with a trusted certificate.
- Session 8 includes configuring web browsers to block Flash, ads and Java on the internet and disabling unneeded features in Microsoft Office, web browsers and PDF viewers.
- Session 9 includes maintaining and restricting administrative privileges to operating systems and applications based on user duties.
- Session 10 includes MFA for VPN and other remote access, and for all users when they perform a privileged action or access an important data repository.
- Session 11 includes the maintenance of important data, software and configuration settings and a retention schedule.
- Session 12 includes the drafting and presentation of the report.
Participants for this course are required to meet pre-entry requirements and, following successful completion of the course and an assessment, will receive a qualification endorsed by the ACSC on behalf of ASD.