As part of the Australian Cyber Security Centre’s (ACSC) commitment to providing guidance and support to industry and government in strengthening their cyber security posture, ACSC has released a series of tools and resources related to the Essential Eight:
- Cyber Toolbox.
- Essential Eight Assessment Process Guide.
- Essential Eight Assessment Report Template.
- Essential Eight Implementation Guidance.
The Essential Eight Assessment course is an Australian Signals Directorate (ASD)-developed training course that is designed to provide individuals with the understanding of how to perform an assessment of an organisation’s maturity against the Essential Eight Maturity Model. The Essential Eight Maturity Model describes eight strategies that organisations can use to mitigate the effects of a cyber-attack.
The Essential Eight Assessment course, which will be delivered by TAFEcyber members for the Australian Cyber Security Centre (ACSC) on behalf of ASD, provides the foundational skills and knowledge required to assess an organisation’s implementation of the Essential Eight mitigation strategies.
The aim of the training course is to ensure there is a broad understanding of the Essential Eight Maturity Model across the Government and Industry and consistent methodologies are used in the assessment of an organisation’s maturity against the model.
The four (4) day face to face Essential Eight Assessors Course covers the Essential Eight Maturity Model including:
- Maturity and compliance requirements by market Federal and State Government, Critical Infrastructure and Defence Industry supply chain;
- Planning and scoping and assessment;
- The ACSC Essential Eight Assessment Process Guide;
- The ACSC Essential Eight Assessment Report Template;
- The ACSC Essential Eight Cyber Toolbox (ACVT and E8MVT);
- Assessment techniques and methods;
- Technical exercises; and
- Written exercises.
The training course will consist of the following modules:
- Session 1 includes the history of the Essential Eight and its use in current markets.
- Session 2 includes preparing for assessments, scoping, and determining the resources and tools needed.
- Session 3 includes an overview and demonstration of the main toolsets and product features/functions to use in an assessment.
- Session 4 includes preventing the execution of unapproved/malicious programs and installers.
- Session 5 includes patching/mitigating computers with ‘extreme risk’ security vulnerabilities.
- Session 6 includes patching/mitigating operating systems with ‘extreme risk’ security vulnerabilities.
- Session 7 includes configuring Microsoft Office macro settings to block macros from the internet and to allow vetted macros either in ‘trusted locations’ or with a trusted certificate.
- Session 8 includes configuring web browsers to block Flash, ads and Java on the internet and disabling unneeded features in Microsoft Office, web browsers and PDF viewers.
- Session 9 includes maintaining and restricting administrative privileges to operating systems and applications based on user duties.
- Session 10 includes MFA for VPN and other remote access, and for all users when they perform a privileged action or access an important data repository.
- Session 11 includes the maintenance of important data, software and configuration settings and a retention schedule.
- Session 12 includes the drafting and presentation of the report.
Participants for this course are required to meet pre-entry requirements and, following successful completion of the course and an assessment, will receive a qualification endorsed by the ACSC on behalf of ASD.
Qualification information
Course participants who successfully complete the course are entitled to receive a Certificate of Completion of the ACSC Essential Eight Assessment Course.
The Certification of Completion may only be awarded to those course participants who successfully complete the assessment.
This course is delivered by our team of qualified instructors who have a minimum of a Certificate IV Cyber Security qualification or equivalent in a Cyber Security discipline. Each instructor has at least 5 years of industry and/or teaching experience in a related field and has successfully passed the exam.
Applicants must be either Australian citizens or permanent residents. They must also possess either:
- A minimum of a Certificate IV qualification in a technical ICT discipline and at least two years experience in a technical ICT role. OR
- At least four years experience in a technical ICT role.
Participants will be vetted to ensure they meet the entry requirements. This includes verification of participants’ identities and immigration status. Participants who enrol in the course are further encouraged to ensure that they are familiar with the following technologies prior to course commencement:
- Microsoft Active Directory, PowerShell, and Group Policy
- Operation and theory of vulnerability scanners
- Basic Networking
*If participant does not have a Certificate IV qualification in a technical ICT discipline then the minimum of industry experience in a technical ICT role will increase to 6 years.
As well as your scheduled classes, you will need to complete additional study each week, including private study, assignment preparation, and research.
Please note this course will be run subject to enrolment numbers.
This timetable information is indicative only and subject to change.
$2000.00 per person
*Fee disclaimers
The fees quoted are estimates only and are for the entire course for students enrolling on a full-time basis in 2023. Please view the full list of Fee disclaimers.
Please note fees listed include all units required to gain this qualification. If you're a continuing student and have successfully completed a lower-level qualification that is a prerequisite for this course, you'll only pay for the units that you need to enrol in, to complete this course.
Enquiries regarding fees can be made by calling us.
You'll need to provide via email:
- Preferred course dates
- Your mobile number
- CV/Resume
- A statement indicating you are an Australian Citizen or a Permanent Resident of Australia
Once we have your expression of interest, we'll keep your information on file and contact you with further instructions for enrolment when minimum course numbers have been reached.
The assessment is in the form of a supervised, open-book examination conducted at the conclusion of the training course. Participants may consult internet resources and are expected to use software tools to execute specific tasks on target machines to answer some of the examination questions.
To maintain the integrity of the assessment exam process, each participant's work must be original. Collusion with other participants is strictly forbidden. Any infringement of these conditions will result in the participant's disqualification from receiving the completion certificate and they will be ineligible to retake the assessment.
A minimum score of 80 per cent is required to pass the assessment exam. All participants will be provided with 2 attempts at the assessment exam and if required, both attempts are to be completed within a 3-month period.
Project aims
This project closely aligns with Minister of Home Affairs and Cyber Security priorities, specifically:
- Increasing whole of nation cyber security efforts to protect Australian and our economy: This course will leverage partnerships with industry and education sectors partners in every jurisdiction.
- Ensuring CI and government systems are resilient and cyber-secure: Essential Eight is a technical cyber security framework which has been adopted by many State governments, and is one of the approved frameworks in the Security of Critical Infrastructure Act.
- Growing and sustaining a national cyber workforce, focusing on education, skills and training: This training course will become a new Australian industry certification and will form a key part of the Australian cyber security training ecosystem.