ASD Information Security Manual

ISM by Australian Signals Directorate

The Information Security Manual (ISM), developed and maintained by the Australian Signals Directorate (ASD), is a cybersecurity framework that organisations can apply, using their risk management framework, to protect their information technology and operational technology systems, applications, and data from cyber threats.

Contact Us
Industries

Overview of ASD?

The Australian Signals Directorate (ASD) is a key player in Australia's national security landscape, focusing on intelligence, cybersecurity, and offensive operations to support the Australian Government and the Australian Defence Force (ADF).

Purpose of ISM

It equips organisations with a cybersecurity framework that integrates seamlessly with their existing risk management strategies, aiming to safeguard their systems and data against cyber threats.

Intended Stakeholders

It is tailored for Chief Information Security Officers (CISOs), Chief Information Officers (CIOs), cybersecurity professionals, and information technology managers.

How does the ISM Function?

The Information Security Manual (ISM) is structured around two key components:

Cybersecurity Principles

These principles offer strategic direction on safeguarding systems and data from cyber threats. They are categorised into four key actions: govern, protect, detect, and respond. Organisations must demonstrate adherence to these principles to comply with the ISM.

Cybersecurity Guidelines

These guidelines provide practical measures to protect systems and data from cyber-attacks. They cover governance, physical security, personnel security, and information and communications technology security. Organisations should apply relevant guidelines to each system they operate.
The Process

Our Assessment Approach

Our team specialises in conducting assessments tailored to your organisation's needs. We review your controls against ISM requirements, providing detailed recommendations for achieving compliance. Our focus is solely on assessment, ensuring thorough evaluation of your systems to support your cybersecurity goals.

Define

Data Usage

Data Classification

Data Availability

Data Protection

Get in Touch with Us

Have a question or want to learn more about what we do? We're here to help you.
Contact Us
Risk Associates Logo White
Together Towards Secure Digital Frontier
Quick Links
Home About Us Partners RA-Academy Careers Contact Us
Services
Compliances PCI Compliance ISO/IEC Services Managed Security Services Data Protection Security Testing Cybersecurity Solutions
Get In Touch
Copyright © 2026. All Rights Reserved by Risk Associates.

Invitation Request Form

Complete your details to be considered for an exclusive invitation to the RA Cybersec Summit 2026, a gathering of CISOs, CIOs, CTOs, senior cybersecurity and enterprise leaders.

Product configuration

Billing Term *

Summary
Microsoft 365 O365 - F3 Frontline Worker
Billing Cycle 1-year
Total A$116.16