You must restrict both the people and the programs in terms of who can execute what, and regard a macro in the same context as an application. To some degree, we must treat them akin to hacking tools that can be used for good and malicious intent.Ĭontrolling macros is like approaching Application Control. Some of us use macros, some of us don’t, but there are security implications for using the Microsoft Office productivity suite since macros are a long-standing threat vector. In this article, I look at the updated Essential Eight Maturity Model regarding one of the strategies that businesses largely ignore until they tackle it head-on. Please take some time to read all of my previous articles on the updated Essential Eight Maturity Model the links are at the bottom of this article. Since we’ve quickened our pace towards making the Essential Eight mandatory for some (and hopefully almost all) organisations, I’m pleased to see many businesses taking this seriously and making the strategies a key part of their future security vision. They offer increased guidance as businesses implement the Essential Eight to keep pace with (and even get ahead of) the evolving threat landscape. Overall, I am quite chuffed with the changes. While the eight overarching strategies remained the same, with minor tweaks to names (like changing ‘Daily Backups’ to ‘Regular Backups’ and previously adjusting ‘Application Whitelisting’ to ‘Application Control’), the controls are more granular, and cover more ground. The new model is thorough in addressing omissions from previous versions. On July 12, 2021, the Australian Cyber Security Centre (ACSC) updated the Essential Eight Strategies to Mitigate Cybersecurity Incidents Maturity Model, to keep pace with the current threat landscape.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |