The Information Security Manual (ISM), developed and maintained by the Australian Signals Directorate (ASD), is a cybersecurity framework that organisations can apply, using their risk management framework, to protect their information technology and operational technology systems, applications, and data from cyber threats.
The Australian Signals Directorate (ASD) is a key player in Australia's national security landscape, focusing on intelligence, cybersecurity, and offensive operations to support the Australian Government and the Australian Defence Force (ADF).
Purpose of ISM
It equips organisations with a cybersecurity framework that integrates seamlessly with their existing risk management strategies, aiming to safeguard their systems and data against cyber threats.
Intended Stakeholders
It is tailored for Chief Information Security Officers (CISOs), Chief Information Officers (CIOs), cybersecurity professionals, and information technology managers.
How does the ISM Function?
The Information Security Manual (ISM) is structured around two key components:
Cybersecurity Principles
These principles offer strategic direction on safeguarding systems and data from cyber threats. They are categorised into four key actions: govern, protect, detect, and respond. Organisations must demonstrate adherence to these principles to comply with the ISM.
Cybersecurity Guidelines
These guidelines provide practical measures to protect systems and data from cyber-attacks. They cover governance, physical security, personnel security, and information and communications technology security. Organisations should apply relevant guidelines to each system they operate.
The Process
Our Assessment Approach
Our team specialises in conducting assessments tailored to your organisation's needs. We review your controls against ISM requirements, providing detailed recommendations for achieving compliance. Our focus is solely on assessment, ensuring thorough evaluation of your systems to support your cybersecurity goals.
Define
Data Usage
Data Classification
Data Availability
Data Protection
Get in Touch with Us
Have a question or want to learn more about what we do? We're here to help you.
