The Australian Signals Directorate (ASD)’s Australian Cyber Security Centre (ACSC) has released updates to the Australian Government Information Security Manual (ISM) to help organisations set the strategic framework for protecting their systems and information from cyber threats.
Updated monthly, the ISM is created primarily for Chief Information Security Officers and cyber security professionals to keep up-to-date with current cyber security risks and appropriate mitigation strategies.
The ISM is based on a set of foundational cyber security principles centred on four key activities: govern, protect, detect and respond. These principles set the strategic framework for protecting organisation’s systems and information from cyber threats.
Cyber Security Principles
The foundational cyber security principles represent part of the continual effort over the last 12 months to transition the ISM from a compliance-based information security manual to a principles-based cyber security framework that organisations can apply, using their corporate risk management framework, to protect their systems and information from cyber threats.
With the release of these updated principles, government, industry and academia are strongly encouraged to consider the strategic guidance they provide when designing and implementing new systems and services.
Cyber Security Guidelines
The ISM also contains various cyber security guidelines covering governance, physical security, personnel security, and information and communications technology security. These guidelines assist and empower organisations to identify cyber security risks and select appropriate security controls to effectively manage these risks.
The guidelines also support organisations to be more flexible, enabling them to innovate and deliver creative, yet secure, online services for the Australian public.
Updates to the ISM are available at https://www.cyber.gov.au/ism.