Direct link: cyber.gov.au/resources-business-and-government/essential-cyber-security/ism
Responsible agency: Australian Cyber Security Centre
Last updated: December 2024
The Information security manual (ISM) is a cyber security framework that an organisation can apply, using their risk management framework, to protect their information technology and operational technology systems, applications and data from cyber threats. The ISM is intended for Chief Information Security Officers (CISOs), Chief Information Officers (CIOs), cyber security professionals and information technology managers.
The ISM is delivered as a series of cyber security principles and guidelines.
Applicability
The ISM represents the considered advice of the Australian Signals Directorate (ASD). This advice is provided in accordance with ASD’s designated functions under the Intelligence Services Act 2001 (ISA).
The ISM is recommended for non-corporate Commonwealth entities.
Access the manual
The cyber.gov.au website hosts the Information security manual (full text).
Cyber security principles
The purpose of the cyber security principles is to provide strategic guidance on how an organisation can protect their information technology and operational technology systems, applications and data from cyber threats. These cyber security principles are grouped into five functions:
- GOVERN: Develop a strong cyber security culture.
- IDENTIFY: Identify assets and associated security risks.
- PROTECT: Implement controls to manage security risks.
- DETECT: Detect and analyse cyber security events to identify cyber security incidents.
- RESPOND: Respond to and recover from cyber security incidents.
Cyber security guidelines
The purpose of the cyber security guidelines is to provide practical guidance on how an organisation can protect their information technology and operational technology systems, applications and data from cyber threats.