Empyrean was engaged by a large medical research centre to undertake an assessment of their security posture against the ACSC Essential Eight framework, followed by a remediation project to help the institute achieve Level 2 compliance.
The research centre has teams of researchers dedicated to building knowledge on a range of neurological and psychiatric conditions.
The Essential 8
The Australian Cyber Security Centre (ACSC) developed prioritised mitigation strategies, in the form of the ‘Strategies to Mitigate Cyber Security Incidents,’ to help organisations protect themselves against various cyber threats. The most effective of these mitigation strategies are the Essential Eight.
Essential Eight maturity assessment
As a healthcare organisation, the client had a lot of ‘personally identifiable information’ (PII), and they wanted to ensure that they were following cyber security best-practices to ensure they were adequately protecting that data.
In Australia, the Essential 8 provides strategies for organisations to protect themselves against various cyber threats, and achieving Level 2 compliance is recommended for healthcare organisations.
The client engaged Empyrean as a trusted partner to help them on their journey toward cyber resilience. The first stage of the engagement included a maturity assessment against the Essential Eight to identity the gaps between their current state environment and Level 2 compliance.
This included a thorough review of the toolsets that they used to manage cyber security across the environment, as well as an assessment of the suitability of each tool with respect to their security strategy.
Then, with a lens to simplify the ongoing management of their cyber security, Empyrean developed an End State Architecture to define the cyber security toolsets needed to manage ongoing compliance and security.
Lastly, Empyrean produce a prioritised list of ISM controls needed to achieve Level 2 compliance, as well as the supporting initiatives and effort needed to deliver the Target State Architecture.
At the conclusion of the assessment, Empyrean found that while the client was found to be foundationally secure against the Essential Eight controls, there were several crucial areas that needed further attention.
Essential Eight remediation recommendations
Empyrean delivered a comprehensive report of the assessment findings. The report broke down each requirement individually, identified its status, and provided a recommendation of what needed to be done to achieve Level 2 compliance.
At a high level, recommended remedial actions that needed to be implemented or improved included: MFA; privileged access; application and OS patching, application hardening; replacement or upgrades of outdated hardware; and more.
Achieving Essential Eight Level 2 compliance
After identifying the Essential Eight gaps and priorities, Empyrean was engaged to complete the uplift to Level 2, which included the procurement of hardware as needed.
At the conclusion of the engagement, Empyrean had successfully:
- Identified the institute’s present Essential Eight maturity level
- Provided recommendations to help the institute to improve their posture
- Developed an End State Architecture defining the cyber security toolsets to manage ongoing compliance and security
- Produced a prioritised list of ISM controls to achieve Level 2 compliance
- Delivered initiatives to deliver the Target State Architecture
The client now has confidence in their security posture and has significantly reduced their exposure to cyber threats.
Empyrean IT has consistently provided brilliant support, ensuring that our infrastructure is secure and compliant. Their team is knowledgeable, responsive, and genuinely invested in our success. They not only understand our needs but also offer tailored solutions that have made a significant impact on our business.
Head of IT, Project lead at the institute
Digital Health Maturity Model
Learn more about how healthcare providers are fortifying themselves against increasing cyber threats.