Overview
The objective of the Initial Assessment is to use the Cyber Security Questionnaire (CSQ) to gather sufficient information to make an assessment under the ACSC Top 4 (Obsolete) as to the level of the company’s cyber security hygiene.
A further breakdown of the ACSC Top 4 (Obsolete) – Application Control, Patch Applications, Patch Operating Systems, and Admin Privileges will be provided in further lessons.
Understanding the Cyber Security Assessment Template
Technical Findings
It is important when conducting an Initial Assessment that is technical findings as consistent with our messaging and the comments relating to recommendations in Part 2 – Findings and Recommendations.
Avoid:
- Making Long Written observations
- Echoing entity comments from their CSQ.
Cyber Security Hygiene Rating
Our rating scale is based on responses within the questionnaire, we will assess the overall level of cyber security maturity using the following ratings.
Recommendations
As general advice, we recommend that you review your compliance with the four controls listed in the table above. Guidance can be found at: https://cyber.gov.au/publications/.
- Essential Eight Maturity Model
- Essential Eight to ISM Mapping
- Implementing Application Control
- Secure Administration
- Hardening Microsoft Windows 10 Workstations
- Patching Guidelines
Bring Your Own Devices (BYOD)
The use of BYOD does not mitigate the requirement for application control or patching of applications and operating systems on workstations. All components of your organisations information systems or services that are used to correspond with Defence, are considered within the scope of this assessment. This includes all endpoints such as desktops, laptops, mobile devices, and virtual machines.