There’s so many facets around building an Essential 8-centric cyber uplift program these days. Many organisations are still struggling to find a balance between top-down, bottom-up cyber program design. And many more are struggling to break their program down to manageable workstreams.
Here’s an example of how you might break-up a cyber uplift program’s workstreams to achieve alignment and the key benefits needed.
If you’d like to talk about your Cyber Uplift Program goals, don’t hesitate to drop us a line at support@gadgetaccess.com . That’s what we do!
| ID | Workstream | Project Name | Essential 8 Alignment | Potential End-User Benefits |
|---|---|---|---|---|
| 1 | GRC & Security Management | GRC Foundation | Governance & Compliance | Enhanced Trust & Compliance Transparency |
| 2 | GRC Platform | Governance & Compliance | Simplified Compliance Management | |
| 3 | Asset Management | Patching Applications & OS | Improved System Performance & Security | |
| 4 | Third Party Supplier Risk Management | Risk Management & Compliance | Increased Supply Chain Security | |
| 5 | Security Awareness & Training | User Education & Awareness | Empowered Users with Cybersecurity Knowledge | |
| 6 | Information Security Assurance | Security Assurance & Validation | Greater Confidence in Security Posture | |
| 7 | Legal Regulatory & HR Compliance | Compliance Alignment | Alignment with Legal & Regulatory Obligations | |
| 8 | Continuous Compliance | Continuous Compliance Platform | Continuous Monitoring & Compliance | Real-time Compliance Tracking |
| 9 | Visibility & Service Continuity | Dashboarding & Reporting | Incident Detection & Response | Improved Incident Awareness & Response Time |
| 10 | Windows & AD Audit | Application & OS Hardening | Strengthened System Integrity | |
| 11 | Pentesting | Vulnerability Assessment & Mitigation | Early Detection & Mitigation of Vulnerabilities | |
| 12 | Infrastructure Monitoring | System & Network Monitoring | Proactive Identification of System Issues | |
| 13 | Incident Management Processes | Incident Response & Management | Structured & Efficient Incident Resolution | |
| 14 | BCP / IR / DR Testing | Business Continuity & Disaster Recovery Planning | Assured Business Continuity | |
| 15 | Business Recovery Planning | Business Continuity & Disaster Recovery Planning | Streamlined Business Recovery in Emergencies | |
| 16 | Security Information Event Management | SIEM | Security Monitoring & Analysis | Centralized Security Monitoring & Analysis |
| 17 | SOAR | Security Orchestration & Response | Automated Security Response | |
| 18 | Centralised Logging | Logging & Monitoring | Simplified Log Management & Analysis | |
| 19 | Deception Technology | Threat Detection & Response | Advanced Threat Detection | |
| 20 | Identity & Access Management | Privileged Access Management | User & Privileged Access Control | Secure Access Control |
| 21 | Jump Servers | Restricted Administrative Access | Secure Administrative Activities | |
| 22 | SSO & MFA | Multi-Factor Authentication | Convenient & Secure Authentication | |
| 23 | Hardware Tokens | Strong Authentication | Enhanced Security for Critical Access | |
| 24 | Role Based Access Control | User Access Control & Management | Efficient User Access Management | |
| 25 | Network Security | Network & Application Segmentation | Network Segmentation & Protection | Isolated & Protected Network Environments |
| 26 | Rationalise Ext Facing Systems | External System Security | Reduced External Exposure & Risk | |
| 27 | Email Security Uplift | Email Filtering & Security | Protected Email Communication | |
| 28 | Host Based Sensor | Host Intrusion Detection & Prevention | Enhanced Host Protection | |
| 29 | Threat & Vulnerability Management | Vulnerability Scanning | Regular Vulnerability Scanning | Continuous Vulnerability Awareness |
| 30 | Vulnerability Management | Vulnerability Assessment & Remediation | Timely Vulnerability Mitigation | |
| 31 | Patch Management | Patching Applications & OS | Up-to-Date & Secure Systems | |
| 32 | Application Protection | User Application Hardening | Application Whitelisting & Hardening | Secure Application Usage |
| 33 | Endpoint Protection | Endpoint Application Control | Application Control & Whitelisting | Controlled & Secure Endpoint Environment |
| 34 | Workstation & Server Hardening | OS Hardening & Protection | Reinforced Workstations & Servers | |
| 35 | Antivirus Consolidation | Malware Prevention & Detection | Efficient Malware Defense | |
| 36 | E8 Macro Restrictions | Macro Controls & Restrictions | Reduced Risk from Macro-Based Threats | |
| 37 | Information Protection | M365 Security Uplift | Information Protection & Security | Secure Collaboration & Data Protection |
| 38 | Information Protection | Data Classification & Protection | Enhanced Data Security & Management | |
| 39 | Protected Desktop Enclave | Secure Desktop Environment | Secure & Isolated Desktop Experience |
This is clearly just a simplified example of how you might break workstreams or themes down and align work-packages to benefits but the one thing that should be clear is that it’s never a simple case of one-size-fits-all. Looking forward to hearing from you!
Chat soon!
