What is ISM by the Australian Signals Directorate?

The Information Security Manual (ISM) by the Australian Signals Directorate outlines a risk-based cybersecurity framework that organisations can apply. It details important information about cyber threats and outlines principles and controls to protect agency systems and their information.

When assessing cyber risk status, ISM outlines five key questions that organisations must ask themselves to assess and manage their cyber security risk.  These are:

  • Is the organisation ready to respond to targeted cyber security incidents?
  • What would the cost be of a cyber security incident?
  • Who would benefit from having access to our information?
  • What controls do we have in place to protect ourselves from cyber threats?
  • Does staff behaviour foster a strong security culture?

Complying with the ISM?

Compliance with ISM controls is categorised into ‘must’ and ‘should’ requirements. Requirements are evaluated according to the degree of risk an organisation is accepting by not complying with the ISM control.

Non-compliance with ‘must’ requirements represent a high cyber security risk.  Non-compliance with ‘should’ controls represent a medium to low-security risk.

How We Do It

The StickmanCyber team can help review your organisations controls against the requirements of ISM and provide recommendations to achieve compliance. We follow a standard 5-step approach to help evaluate current systems and work towards compliance.

ISM by Aus. Signals Directorate-1


Arm yourself with up-to-date information and insights into building a successful cybersecurity strategy, with blogs and webinars from the StickmanCyber team, and industry experts.

Ready to Improve and Enhance Your Cybersecurity Posture?

Know your exact challenge and want a solution partner? Just starting out on the cybersecurity journey? The StickmanCyber team can help.