The Information Security Manual (ISM), developed and maintained by the Australian Signals Directorate (ASD), is a cybersecurity framework that organizations can apply, using their risk management framework, to protect their information technology and operational technology systems, applications, and data from cyber threats.
Overview of ASD?
The Australian Signals Directorate (ASD) is a key player in Australia's national security landscape, focusing on intelligence, cybersecurity, and offensive operations to support the Australian Government and the Australian Defence Force (ADF).
Purpose of ISM
It equips organizations with a cybersecurity framework that integrates seamlessly with their existing risk management strategies, aiming to safeguard their systems and data against cyber threats.
Intended Stakeholders
It is tailored for Chief Information Security Officers (CISOs), Chief Information Officers (CIOs), cybersecurity professionals, and information technology managers.
How does the ISM function?
The Information Security Manual (ISM) is structured around two key components:
Cybersecurity Principles
These principles offer strategic direction on safeguarding systems and data from cyber threats. They are categorized into four key actions: govern, protect, detect, and respond. Organizations must demonstrate adherence to these principles to comply with the ISM.
Cybersecurity Guidelines
These guidelines provide practical measures to protect systems and data from cyber-attacks. They cover governance, physical security, personnel security, and information and communications technology security. Organizations should apply relevant guidelines to each system they operate.
Process
Our Assessment Approach
Our team specializes in conducting assessments tailored to your organization's needs. We review your controls against ISM requirements, providing detailed recommendations for achieving compliance. Our focus is solely on assessment, ensuring thorough evaluation of your systems to support your cybersecurity goals.
