Our Essential Eight whitepaper has recently been published (Aug 2022) and outlines the journey we undertake as part of our Managed Compliance and Risk (MCR) service. Please download a free copy here:

Cybercrime is one of the most significant threats to individuals and businesses in Australia in terms of overall volume and impact. The Australian Cyber Security Centre (ACSC) Annual Cyber Threat Report shows that malicious cyber activity against Australia’s national and economic interests is increasing in frequency, scale, and sophistication. Between July 2019 and June 2020, ACSC responded to 2,266 cyber security incidents that have targeted large organisations, key supply chain, Commonwealth, and state government entities.

The cyber incidents reported were caused by various malicious activities such as targeted reconnaissance, phishing emails, and ransomware. Cybercriminals quickly adapted their phishing methods to take advantage of the COVID-19 pandemic, for example.

The Essential Eight (ES8) provides a realistic framework for improving an organization’s overall security posture. At CSP, we have developed the Essential Eight + a combination of Essential Eight mitigation strategies built on top of a Zero Trust foundation. This includes configuration and integration across a wide range of solutions readily available within the Microsoft A5/E5 stack, along with a few third-party vendors at the forefront of cloud technology.

We help rapidly increase maturity levels and then maintain them long-term. This includes a clear roadmap for uplifting your cloud security posture, and is geared specifically for the Microsoft 365 and Azure hybrid ecosystems. Our managed service CSP Lighthouse also includes the option for Managed Compliance and Risk (MDR) where we augment your existing IT team to continually align security controls using Defender 365 and Microsoft Endpoint Manager.

If you are seeking to meet the ACSC’s compliance and build a strong security foundation please reach out for more information about our MCR:


There are eight mitigation strategies and each strategy has three maturity levels. Those eight strategies cover three very important control objectives and we have bolstered them by adding a fourth that has Cloud Security in mind called “Zero Trust”.

Control objectives

CSP ES8 objectives