There’s so many facets around building an Essential 8-centric cyber uplift program these days. Many organisations are still struggling to find a balance between top-down, bottom-up cyber program design. And many more are struggling to break their program down to manageable workstreams.
Here’s an example of how you might break-up a cyber uplift program’s workstreams to achieve alignment and the key benefits needed.
If you’d like to talk about your Cyber Uplift Program goals, don’t hesitate to drop us a line at support@gadgetaccess.com . That’s what we do!
ID | Workstream | Project Name | Essential 8 Alignment | Potential End-User Benefits |
---|---|---|---|---|
1 | GRC & Security Management | GRC Foundation | Governance & Compliance | Enhanced Trust & Compliance Transparency |
2 | GRC Platform | Governance & Compliance | Simplified Compliance Management | |
3 | Asset Management | Patching Applications & OS | Improved System Performance & Security | |
4 | Third Party Supplier Risk Management | Risk Management & Compliance | Increased Supply Chain Security | |
5 | Security Awareness & Training | User Education & Awareness | Empowered Users with Cybersecurity Knowledge | |
6 | Information Security Assurance | Security Assurance & Validation | Greater Confidence in Security Posture | |
7 | Legal Regulatory & HR Compliance | Compliance Alignment | Alignment with Legal & Regulatory Obligations | |
8 | Continuous Compliance | Continuous Compliance Platform | Continuous Monitoring & Compliance | Real-time Compliance Tracking |
9 | Visibility & Service Continuity | Dashboarding & Reporting | Incident Detection & Response | Improved Incident Awareness & Response Time |
10 | Windows & AD Audit | Application & OS Hardening | Strengthened System Integrity | |
11 | Pentesting | Vulnerability Assessment & Mitigation | Early Detection & Mitigation of Vulnerabilities | |
12 | Infrastructure Monitoring | System & Network Monitoring | Proactive Identification of System Issues | |
13 | Incident Management Processes | Incident Response & Management | Structured & Efficient Incident Resolution | |
14 | BCP / IR / DR Testing | Business Continuity & Disaster Recovery Planning | Assured Business Continuity | |
15 | Business Recovery Planning | Business Continuity & Disaster Recovery Planning | Streamlined Business Recovery in Emergencies | |
16 | Security Information Event Management | SIEM | Security Monitoring & Analysis | Centralized Security Monitoring & Analysis |
17 | SOAR | Security Orchestration & Response | Automated Security Response | |
18 | Centralised Logging | Logging & Monitoring | Simplified Log Management & Analysis | |
19 | Deception Technology | Threat Detection & Response | Advanced Threat Detection | |
20 | Identity & Access Management | Privileged Access Management | User & Privileged Access Control | Secure Access Control |
21 | Jump Servers | Restricted Administrative Access | Secure Administrative Activities | |
22 | SSO & MFA | Multi-Factor Authentication | Convenient & Secure Authentication | |
23 | Hardware Tokens | Strong Authentication | Enhanced Security for Critical Access | |
24 | Role Based Access Control | User Access Control & Management | Efficient User Access Management | |
25 | Network Security | Network & Application Segmentation | Network Segmentation & Protection | Isolated & Protected Network Environments |
26 | Rationalise Ext Facing Systems | External System Security | Reduced External Exposure & Risk | |
27 | Email Security Uplift | Email Filtering & Security | Protected Email Communication | |
28 | Host Based Sensor | Host Intrusion Detection & Prevention | Enhanced Host Protection | |
29 | Threat & Vulnerability Management | Vulnerability Scanning | Regular Vulnerability Scanning | Continuous Vulnerability Awareness |
30 | Vulnerability Management | Vulnerability Assessment & Remediation | Timely Vulnerability Mitigation | |
31 | Patch Management | Patching Applications & OS | Up-to-Date & Secure Systems | |
32 | Application Protection | User Application Hardening | Application Whitelisting & Hardening | Secure Application Usage |
33 | Endpoint Protection | Endpoint Application Control | Application Control & Whitelisting | Controlled & Secure Endpoint Environment |
34 | Workstation & Server Hardening | OS Hardening & Protection | Reinforced Workstations & Servers | |
35 | Antivirus Consolidation | Malware Prevention & Detection | Efficient Malware Defense | |
36 | E8 Macro Restrictions | Macro Controls & Restrictions | Reduced Risk from Macro-Based Threats | |
37 | Information Protection | M365 Security Uplift | Information Protection & Security | Secure Collaboration & Data Protection |
38 | Information Protection | Data Classification & Protection | Enhanced Data Security & Management | |
39 | Protected Desktop Enclave | Secure Desktop Environment | Secure & Isolated Desktop Experience |
This is clearly just a simplified example of how you might break workstreams or themes down and align work-packages to benefits but the one thing that should be clear is that it’s never a simple case of one-size-fits-all. Looking forward to hearing from you!
Chat soon!