Implementing the ASD Essential Eight: A bigger challenge than expected

Conclusion: The Essential Eight from the Australian Signals Directorate constitutes a recommended set of strategies to reduce the risk of cyber intrusion. They are said to prevent up to 85% of potential attacks. They are certainly worth assessing as a strategy to apply as an organisation plans out its security strategy.
However, while they may seem simple at first glance, the prerequisites for their implementation are far reaching. These add significant cost and effort to any attempt to take advantage of the E8. In fact, the effort and planning can easily exceed the effort in seemingly just doing the E8.
This will be a two-part article. The first part will explain the question at hand and describe the premise being explored. The second part will work through the implications for an organisation and list the strategies to deal with them.

About The Advisor
Peter Sandilands
Peter Sandilands is an IBRS advisor who specialises in cyber security, risk and compliance. Peter has over 40 years’ experience in the IT industry with the last 20 years focused on security. He has spoken at conferences and industry briefings across Asia Pacific. Peter was instrumental in the introduction of Check Point Software to Australia, leading the operation for five years. Prior to that Peter was a key strategist in the broadening of Novell’s market across Asia Pacific. Since then he has spent nearly 10 years working for large Australian companies in banking, mining and transport delivering security strategy, security architecture and compliance assessments. Peter has also assisted overseas security vendors enter the Australian market with a focus on the strategic use of the products. As a casual academic at UTS for over 20 years, Peter lectured in network security, Cloud security and networking technologies. With his experience across vendors, channel and business, Peter brings a pragmatic approach to implementing and assessing cyber security. Peter has a Master's of Cyber Security from Charles Sturt University.