Review your current systems and get compliant with the Australian government's Information Security Manual.

What is ISM by the Australian Signals Directorate


The Information Security Manual (ISM) by the Australian Signals Directorate outlines a risk-based cybersecurity framework that organisations can apply. It details important information about cyber threats and outlines principles and controls to protect agency systems and their information.

When assessing cyber risk status, ISM outlines five key questions that organisations must ask themselves to assess and manage their cyber security risk.  These are:

  • Is the organisation ready to respond to targeted cyber security incidents?
  • What would the cost be of a cyber security incident?
  • Who would benefit from having access to our information?
  • What controls do we have in place to protect ourselves from cyber threats?
  • Does staff behaviour foster a strong security culture?

Who are the Australian Signals Directorate or ASD?


The Australian Signals Directorate (ASD) is a crucial member of Australia’s national security community, working across intelligence, cyber security, and offensive operations in support of the Australian Government and Australian Defence Force (ADF).

What is the Information Security Manual (ISM) ?


The purpose of the Australian Government Information Security Manual (ISM) is to outline a cyber security framework that organisations can apply, using their risk management framework, to protect their systems and data from cyber threats.

Who is the ISM intended for?


The ISM is intended for Chief Information Security Officers (CISOs), Chief Information Officers (CIOs), cyber security professionals and information technology managers.

How does it work?

The ISM consists of cybersecurity principles and cybersecurity guidelines:

Cyber security principles - these principles provide strategic guidance on how organisations can protect their systems and data from cyber attacks and threats. These principles are divided into four key actions; govern, protect, detect and respond. To comply with the ISM, organisations must provide proof or demonstrate that they are adhering to these principles. 

Cyber security guidelines - these are practical guidelines that an organisation can apply to safeguard its systems and data from cyber attack and threats. These cyber security guidelines cover governance, physical security, personnel security, and information and communications technology security matters. Organisations should consider the cyber security guidelines that are relevant to each of the systems that they operate.

Complying with the ISM

Compliance with ISM controls is categorised into ‘must’ and ‘should’ requirements. Requirements are evaluated according to the degree of risk an organisation is accepting by not complying with the ISM control.

Non-compliance with ‘must’ requirements represent a high cyber security risk.  Non-compliance with ‘should’ controls represent a medium to low-security risk.

How We Do It

The StickmanCyber team can help review your organisations controls against the requirements of ISM and provide recommendations to achieve compliance. We follow a standard 5-step approach to help evaluate current systems and work towards compliance.

ISM by Aus. Signals Directorate-1


Arm yourself with up-to-date information and insights into building a successful cybersecurity strategy, with blogs and webinars from the StickmanCyber team, and industry experts.

Ready to Improve and Enhance Your Cybersecurity Posture?

Know your exact challenge and want a solution partner? Just starting out on the cybersecurity journey? The StickmanCyber team can help.