Essential Eight

Security Gap Analysis

Helping you asses organisational security control measures to reduce the threat of cyber-attacks.

Essential Eight Security Gap Analysis

As cyber risks continue to evolve in frequency, scale, and sophistication, putting critical systems and data at risk, the ACSC (Australian Cyber Security Centre) recommends that organisations implement their Essential Eight security guidelines as a baseline to mitigate cyber security breaches.

There is no single mitigation strategy that is guaranteed to prevent a cyber-attack or security incident due to differing operational models and risk profiles. However, proactively implementing the Eight Essential mitigation strategies as a baseline makes it harder for adversaries to compromise systems.

It’s fair to say that most organisations – particularly those in government or at the enterprise level – are working towards best practice in their frameworks for establishing, testing and evolving IT security. Do you know whether your organisation or department is at risk?

What is the ACSC Essential Eight?

The Australian Cyber Security Centre (ACSC) Essential Eight was developed to support organisations in improving their cyber security posture and enhance recovery times, by following eight essential strategies:

Application Control_Essential Eight Gap Analysis_2_Eighty20 Solutions

Application Control

Patching Application_Essential Eight Gap Analysis_Eighty20 Solutions

Patching Application

Restrict Admin Privileges_Essential Eight Gap Analysis_2_Eighty20 Solutions

Restrict Administrative Privileges

Patching Operating Systems_Essential Eight Gap Analysis_2_Eighty20 Solutions

Patch Operating Systems

Office macros_Essential Eight Gap Analysis_2_Eighty20 Solutions

Office Macros

Application Hardening_Essential Eight Gap Analysis_Eighty20 Solutions

Application Hardening

MFA_Essential Eight Gap Analysis_2_Eighty20 Solutions

Multi-Factor Authentication

Data Backups_Essential Eight Gap Analysis_2_Eighty20 Solutions

Data Backups

What is the Essential Eight maturity model?​

The Essential Eight maturity model is designed to provide guidance on implementing the ACSC’s Essential Eight strategies. By utilising a scoring system from Level 0 to Level 3, organisations can identify their current security posture and recognise steps for improvement.

  • Maturity Level Zero – Vulnerabilities in an organisation’s overall cyber security posture.
  • Maturity Level One – Partly aligned with intent of mitigation strategy.
  • Maturity Level Two – Mostly aligned with intent of mitigation strategy.
  • Maturity Level Three – Fully aligned with intent of mitigation strategy.

Do you know whether your organisation or department is at risk?

The Eighty20 Essential Eight Gap Analysis Approach

Our Essential Eight Security Gap Analysis will assess your current security posture against the ACSC’s Essential Eight and identify the gaps and risks within your organisation. Our approach provides assurance on effective organisational alignment with the eight essential controls to achieve a higher level of maturity. True to our core business, we leverage people, process, and technology to provide an independent evaluation of risk and compliance aligned to the Essential Eight controls.

Our Approach


Conduct workshops to gain an understanding of:

  • Current environment and security controls
  • Maturity level for each pillar in the framework
  • What is required to improve maturity


Create a delivery plan for an adoption and transition of uplifted security controls and processes to improve the Essential Eight


(Estimated timeline)


Present improvement plan to stakeholders and discuss next steps to address gaps and improve security posture and Essential Eight maturity.

Challenges faced when improving cyber security maturity

Implementing an effective cyber security program within an organisation comes with similar challenges to implementing any new program, especially when it comes to prioritising resources. Understanding possible barriers will enable an organisation to overcome them as a part of their cyber security improvement strategy. Common challenges voiced by organisations can include:
  • Lack of resources (staff and/or funding)
  • Uncertainty of having the knowledge or skills necessary to successfully implement a cyber maturity program
  • Being faced with having to prioritise other organisational objectives
  • Ad hoc management of cyber security rather than an endorsed project or program of work
  • Receiving resistance when influencing internal stakeholders
  • Some self-assessments can sometimes lead to overestimating maturity and not identifying actions for improvement
Speak to us to find out how we can help you identify security gaps and minimise vulnerabilities within your organisation.

Reach out to get started today

    If you got this far, we should talk. Your business is about to get a whole lot easier.

    1300 008 020

    Contact Us