What is the ASD Essential Eight model?
The ASD Essential Eight model is a set of baseline security measures developed by the Australian Signals Directorate (ASD) to help organisations protect their systems from cyber-attacks. It is designed to be implemented in a layered approach, with each layer providing additional protection against malicious actors.
The eight strategies are:
1. Application whitelisting – restricting the applications that can be installed and run on a system,
2. Patching applications – ensuring that all applications and operating systems are regularly updated with the latest security patches,
3. Patching operating systems – ensuring that all operating systems are regularly updated with the latest security patches,
4. Configuring Microsoft Office macro settings – disabling macros from running in Microsoft Office applications,
5. Restricting administrative privileges – limiting user access to administrative functions,
6. Multi-factor authentication – using two or more authentication methods to access systems and data,
7. User application hardening – configuring applications to reduce the risk of exploitation, and
8. Implementing daily backups – creating regular backups of data to ensure it can be recovered in the event of a breach.
By implementing these strategies, organisations can significantly reduce their risk of a successful cyber-attack. The strategies are designed to be implemented in a layered approach, with each layer providing additional protection against malicious actors.
Useful References
Official Guides
- What is the ASD Essential Eight?
- Is the ASD Essential Eight mandatory?
- Do Australian businesses need to report data breaches?
- What are the objectives of ASD Essential 8?
- ASD Essential 8: Application whitelisting
Blogs & Thought Leadership
- ASD Essential 8 vs ISO 27001
- ASD Essential 8 vs Right Fit For Risk (RFFR)
- ASD Essential 8 vs PCI-DSS
- ASD Essential 8 vs NIST Cybersecurity Framework (CSF)
- ASD Essential 8 vs ASD IRAP
Answers
Hear from world-renowned GRC analyst Michael Rasmussen about 6clicks and why it's breakthrough approach is winning
Get up and running with 6clicks in just a matter of hours.

'Push-down' standards to teams
'Push' your standard templates, controls, and risk libraries to your teams.

'Roll up' analytics for reporting
Roll-up analytics for consolidated reporting across your teams.
Our customers have spoken.
They genuinely love 6clicks.
"The best cyber GRC platform for businesses and advisors."
David Simpson | CyberCX
"We chose 6clicks not only for our clients, but also our internal use”
Chief Risk Officer | Publically Listed
"We use Hub & Spoke globally for our cyber compliance program. Love it."
Head of Compliance | Fortune 500






"The 6clicks solution simplifies and strengthens risk, compliance, and control processes across entities and can grow and adapt as the organization changes and evolves."
Michael Rasmussen
GRC 20/20 Research LLC
6clicks is powered by AI and includes all the content you need.
Our unique 6clicks Hub & Spoke architecture makes it simple to use and deploy.
.png)

.png)

.png)
.png)