The Information security manual (ISM) is a cyber security framework that an organisation can apply, using their risk management framework, to protect their information technology and operational technology systems, applications and data from cyber threats. The ISM is intended for Chief Information Security Officers (CISOs), Chief Information Officers (CIOs), cyber security professionals and information technology managers.
The ISM is delivered as a series of cyber security principles and guidelines.
Applicability
The ISM represents the considered advice of the Australian Signals Directorate (ASD). This advice is provided in accordance with ASD’s designated functions under the Intelligence Services Act 2001 (ISA).
The ISM is recommended for non-corporate Commonwealth entities.
Access the manual
The cyber.gov.au website hosts the Information security manual (full text).