Cybersecurity is a crucial aspect of our digital world, protecting individuals, businesses, and organizations from ever-evolving online threats. It encompasses a range of practices and technologies designed to safeguard computer systems, networks, and sensitive information from unauthorized access, data breaches, and malicious activities.
In today's interconnected landscape, cybercriminals employ sophisticated techniques to exploit vulnerabilities and gain unauthorized access to valuable data. From phishing and malware attacks to ransomware and social engineering, the threat landscape is constantly evolving, requiring constant vigilance and proactive measures.
An example of a data breach can be,
Within the Cybersecurity framework, the Notifiable Data Breaches (NDB) scheme has been implemented. Any organization or agency covered
by the Privacy Act 1988 is obligated to inform both affected individuals and the Office of the Australian Information Commissioner
(OAIC) when a data breach is believed to cause harm to an individual whose personal information is lost or stolen.
Notifiable data breaches | OAIC
The Australian Signals Directorate (ASD) has developed mitigation strategies regarding cybersecurity to help organisations protect themselves against various cyber threats. The Essential Eight is specifically crafted to safeguard the information technology networks of organizations connected to the internet.
To assist organisations with their implementation of the Essential Eight, four maturity levels have been defined (Maturity Level Zero
through to Maturity Level Three). With the exception of Maturity Level Zero, the maturity levels are based on mitigating increasing levels
of tradecraft (i.e. tools, tactics, techniques and procedures) and targeting.
Maturity Level One serves as the foundational layer for establishing baseline security within an organization. At this initial stage, the focus is on laying the groundwork for fundamental security practices and awareness. Organizations operating at Maturity Level One are committed to implementing basic security measures, such as defining security policies, conducting basic risk assessments, and ensuring that employees are familiar with fundamental security principles.
Organisations need to consider that the likelihood of being targeted is influenced by their desirability to malicious actors, and the consequences of a cyber security incident will depend on their requirement for the confidentiality of their data, as well as their requirement for the availability and integrity of their systems and data. This, in combination with the descriptions for each maturity level, can be used to help determine a target maturity level to implement.
PROTECT - Essential Eight Maturity Model (November 2023).pdf (cyber.gov.au)