The Information Security Manual (ISM) by the Australian Signals Directorate outlines a risk-based cybersecurity framework that organisations can apply. It details important information about cyber threats and outlines principles and controls to protect agency systems and their information.
When assessing cyber risk status, ISM outlines five key questions that organisations must ask themselves to assess and manage their cyber security risk. These are:
Who are the Australian Signals Directorate or ASD?
The Australian Signals Directorate (ASD) is a crucial member of Australia’s national security community, working across intelligence, cyber security, and offensive operations in support of the Australian Government and Australian Defence Force (ADF).
What is the Information Security Manual (ISM) ?
The purpose of the Australian Government Information Security Manual (ISM) is to outline a cyber security framework that organisations can apply, using their risk management framework, to protect their systems and data from cyber threats.
Who is the ISM intended for?
The ISM is intended for Chief Information Security Officers (CISOs), Chief Information Officers (CIOs), cyber security professionals and information technology managers.
Cyber security principles - these principles provide strategic guidance on how organisations can protect their systems and data from cyber attacks and threats. These principles are divided into four key actions; govern, protect, detect and respond. To comply with the ISM, organisations must provide proof or demonstrate that they are adhering to these principles.
Cyber security guidelines - these are practical guidelines that an organisation can apply to safeguard its systems and data from cyber attack and threats. These cyber security guidelines cover governance, physical security, personnel security, and information and communications technology security matters. Organisations should consider the cyber security guidelines that are relevant to each of the systems that they operate.
Compliance with ISM controls is categorised into ‘must’ and ‘should’ requirements. Requirements are evaluated according to the degree of risk an organisation is accepting by not complying with the ISM control.
Non-compliance with ‘must’ requirements represent a high cyber security risk. Non-compliance with ‘should’ controls represent a medium to low-security risk.
The StickmanCyber team can help review your organisations controls against the requirements of ISM and provide recommendations to achieve compliance. We follow a standard 5-step approach to help evaluate current systems and work towards compliance.
Arm yourself with up-to-date information and insights into building a successful cybersecurity strategy, with blogs and webinars from the StickmanCyber team, and industry experts.
In this exclusive live webinar, Ajay will be sharing key insights, learnings and takeaways from the 100’s of projects run and executed by StickmanCyber’s and industry knowledge from the last 12 months culminating in the Top 10 investment focus areas organisation’s need to have in place for 2021-2022 when it comes to improving and uplifting their cybersecurity posture.
Know your exact challenge and want a solution partner? Just starting out on the cybersecurity journey? The StickmanCyber team can help.