"Hi, my name is Michael, and I'm a Cyber Security Consultant here at AC3.

In this video, I will be discussing the difference between Level Zero and Level One ACSC Essential Eight maturity.

Typical organisations that identify at Level Zero have weaknesses in their overall security posture that can be exploited by readily available tradecraft.

To put it plainly, a Maturity Level Zero organisation doesn't have a viable defensive posture for the strategy.

To move to Level One, organisations need to focus on mitigating commodity tradecraft that targets common weaknesses in many organisations, rather than one specific organisation.

Organisations at Level One will have a reasonable defence against adversaries using common social engineering techniques.

For example, tricking users into weakening the security of their organisation by launching malicious applications. These are usually untargeted or drive by attacks.

If you would like guidance on how to best implement strategies to reach Maturity Level One, please reach out to the team. We'd love to help.

AC3's Essential Eight Security Control Assessment can benchmark your current strategies against the ACSC's Essential Eight maturity models. Find out more here.