The Australian Cyber Security Centre’s Essential 8 Model recommends eight core strategies that companies should implement to prevent cyber-attacks, limit damage from attacks, and enable efficient data recovery if required.

The Australian
Cyber Security Center's

ACSC Essential 8

The ACSC Essential 8 is a series of eight strategies recommended by the Australian Government to support Australian businesses prevent cyber attacks, limit damage caused by cyber attacks and, if all else fails, recover data lost from attacks or human errors.

Each strategy has identified three maturity levels (i.e. stages) to support businesses build an optimal Cyber Security Management System (CSMS). The ACSC recommends that “as a baseline, organizations should aim to reach Maturity Level Three for each mitigation strategy.”

The strategies and maturity levels are supported by the Australian Government’s Information Security Manual (ISM), which outlines the minimum-security controls businesses need to meet the intent of the Essential 8 strategies.

Our ACSC Essential 8 CSMS is designed to ensure businesses are compliant with the ACSC Essential 8 and meet the security controls outlines in the ISM.

The ACSC Essential 8 Strategies

“Implementing the Essential Eight proactively can be more cost-effective in terms of time, money and effort than having to respond to a large-scale cyber security incident.”

- Australian Cyber Security Centre

Combined, the ACSC Essential 8 Strategies form a powerful defence against cyber-attacks. Click through the below links to learn more about each strategy to see if it is right for your business.

Mitigation Strategies to
Prevent Malware Delivery and Execution

Application Control is a cyber-attack prevention strategy. It involves generating an index of approved applications which are allowed to run in trusted locations on a computer network. In contrast, application blacklisting is the process of denying certain programs to run. Application Control
is a stronger prevention tool as it combats zero-day attacks. Find out more.
Patch Application is the process of installing patches to fix identified vulnerability in software applications. Patches can also provide upgrade of features and extended functionalities. Regular updates can dramatically reduce the risk of cyber-attacks. Find our more.
Configure Microsoft
Office Macro Settings
Configuring Microsoft Office settings can prevent malicious macros installing and running on your computer system. Dangerous macros are often embedded in seamlessly ‘normal’ documents such as excel or word files and can be accidentally downloaded via websites or email. Smart configuration of Microsoft Office programs can prevent macros in their tracks. Find out more.
User Application
Similar to Application Control, User Application Hardening is the process of deciding what certain applications/programs are allowed to do on a system or network. This is important as applications such as Adobe Flash and Java can sidestep traditional antivirus software to enable malware or exploit kits to be downloaded onto your computer business network. Find out more.

Mitigation Strategies to
Limit the Extent of Cyber Security Incidents

Restrict Administration
Restricting Administrative Privileges is the practice of only enabling the minimal computer administrative privileges needed by an employee to carry out their daily operational needs. Reducing the number of people who have overarching rights to install programs, run macros and enable applications, reduces the risk that a hacker can access the system. Further, if a system is hacked, it limits the extent of potential damage. Find out more.
Operating Systems
Patching Operating Systems is a cyber security strategy which can mitigate the risk of cyber-attacks, as well as reduces potential damage. Like applications, the operating system needs to be updated regularly to fix known vulnerabilities. Without patching, hackers can leverage weaknesses in the system. Find out more.
Multi-Factor Authentication is the strategy of establishing multiple sign-in requirements for users to log in to devices and programs. This increases the difficulty of a hacker accessing a user’s system via a vulnerability. Common Multi-Factor Authentication processes involve the user undertaking a standard sign in, and then confirming a code which is sent to an email or mobile phone to verify their identity. Find out more.
A Daily Backup offers a last resort, ‘if all else fails’ solution for recovering stolen, hacked, damaged or lost data. The ACSC Essential 8 strategy recommends all backups are store for at least 3 months in a secure online or offline location that is not rewritable and non-erasable. Hopefully, companies never need to use their backups, but it is good to know they are there just in case. Find out more.
Jam Cyber

How can my business
implement the
Essential 8 Strategies?

Our Cyber Security Management System (CSMS), which includes software, policies, training and processes, delivers all 8 essential strategies to mitigate the risk of a cyber attack. This means all our clients are compliant with the Australian Cyber Security Centre’s recommendations.

What our customers say about Jam Cyber


Miya Spears

Marketing Manager | IMAX Darling Harbour
Markus, Ian and the team at Jam Cyber IT have been our reliable IT gurus for a decade. We have the utmost confidence in their support and delivery in all our IT and cybersecurity needs.

Allison Benson

Principal | Kerin Benson Lawyers
Markus and the team at Jam Cyber have been looking after our IT and cyber security since April 2014. Jam Cyber have been fantastic to work with and have certainly helped our business grow. They have consistently set a high standard by being proactive and offering us solutions to help secure our IT system and set us up for future growth. We see them as an essential part of our team.

Evan Petrelis

Managing Director | Renaissance Tours
Renaissance Tours has been working with Jam Cyber IT & Cybersecurity since 2012. At all times, Markus, Jimmy, Ian and the rest of the team have been tireless in their efforts to look after our technology needs as we have grown. They are unfailingly responsive, friendly and helpful, and their counsel and solutions always top-notch. We couldn’t imagine running our business without their contribution.

Nitsa Brown

Practice Manager | Pearson Emerson Meyer
Jam Cyber IT have been looking after our IT and cybersecurity since 2017. They have not only been responsive to our changing needs, they have driven and guided us through very necessary IT change that turned out to be immensely helpful when the COVID-19 crisis hit and our staff were able to be up-and-running working efficiently from home in a matter of days. In addition, their response to any IT issues that arise is quick and effective! We are very pleased to have Jam Cyber IT as part of our team.

Shaun Hughston

Beat Medical
Best system I have ever used!