Cyber security in schools – adopting Essential Eight

Cyber security in schools – adopting Essential Eight

The client

Oxley Christian College is a coeducational day school in Victoria with a total enrolment of around 1,000 students. The college offers a complete educational experience – from Early Learning to Year 12.

With education being one of the top 5 sectors affected by cyber security incidents in Australia, improving the security posture across their network was a top priority for Oxley.

Cyber security for schools

Cyber security assessment goals:

Oxley established several requirements that needed to be delivered as part of the engagement, these included:

  • Gap analysis between the current state environment and Level 2 compliance.
  • Suitability assessment of current cyber security toolsets with a lens to simplify ongoing management of cyber security. 
  • Develop an End State Architecture defining the cyber security toolsets to manage ongoing compliance and security.
  • Produce a prioritised list of ISM controls required to achieve Level 2 compliance and effort to deliver the End State Architecture.

Essential 8 graphic

Oxley College’s roadmap to improve cyber security.

Empyrean conducted a series of workshops with the Oxley College IT team to assess the existing state of cyber security. This collaborative effort served as a discovery phase, aiming to comprehensively evaluate each domain’s status within the Essential 8 framework. The workshops provided an opportunity to review Oxley’s current technology investments in cyber security and perform a thorough gap analysis against the ISM controls outlined in the Essential 8 Level 2 standard.

Throughout the discovery phase, identified gaps were meticulously categorised based on cyber security risk and their impact on the business. This classification was crucial in defining a prioritised grouping of ISM controls that needed implementation. A comprehensive review was also conducted on existing cyber security technology, to determine their suitability in implementing the necessary ISM controls.

In instances where the current tool sets did not sufficiently cater to the cyber security requirements for Level 2 compliance, Empyrean recommended appropriate products or services to fulfil these needs.

At the conclusion of this project, Empyrean produced several key deliverables:

  • A clearly defined End State Architecture aimed at achieving Essential 8 
Level 2 compliance.
  • An architecture designed to streamline the ongoing management of 
cyber security, ensuring sustained compliance with the Level 2 standard.
  • Specific initiatives categorising the required ISM controls into High, 
Medium, and Low priority groups for systematic implementation.
  • An estimation of the duration and effort required to achieve Essential 8 
Level 2 compliance in alignment with the defined initiatives.

Oxley now has a clear roadmap to implementing cyber security measures aligned with the Essential 8 Level 2 standard. Armed with this information, Oxley can prioritise which gaps should be filled first, and decide what work they’re able to complete themselves, and what will require further support from Empyrean.

Browse more case studies
Implementing Endpoint Management with Modern Workplace Technology for Whitehorse City Council.

Endpoint management with Modern Workplace

Learn how a local government transformed their legacy system into a dynamic a...

Hybrid cloud transformation

An example of a hybrid cloud solution that improved security, user experience...
Empyrean's IT disaster recovery process restores operations over a weekend following a Severity One outage.

IT disaster recovery process

In a race against time, Empyrean migrated a firm to Azure and Office365, rest...


Insight Podcast
Podcasts Radio Filters


Tech Insight
Insights Category Filters


App Library
App Library


Case Studies
Case Study Radio Filters