cancel
Showing results for 
Search instead for 
Did you mean: 
No ratings
CoreyCarpenter1
Archer Employee
Archer Employee

The purpose of the Australian Government Information Security Manual (ISM) is to outline a cyber security framework that organizations can apply, using their risk management framework, to protect their systems and information from cyber threats.

The ISM is intended for Chief Information Security Officers (CISOs), Chief Information Officers (CIOs), cyber security professionals and information technology managers.

The ISM represents the considered advice of the Australian Cyber Security Centre (ACSC) within the Australian Signals Directorate (ASD). This advice is provided in accordance with ASD’s designated functions under section 7(1)(ca) of the Intelligence Services Act 2001.

The risk management framework used by the ISM draws from National Institute of Standards and Technology (NIST) Special Publication (SP) 800-37 Rev. 2, Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy. Within this risk management framework, the identification of security risks and selection of security controls can be undertaken using a variety of risk management standards, such as International Organization for Standardization (ISO) 31000:2018, Risk management – Guidelines. Broadly, the risk management framework used by the ISM has six steps: define the system, select security controls, implement security controls, assess security controls, authorize the system and monitor the system. 

 

Languages

This content is available in English only. 

 

Mappings

Mappings for the Australian Government Information Security Manual (ISM) Authoritative Source Content to the Archer Control Standard Library are available in the authoritative source content pack.

 

Content Source

The source of this content comes from the Australian Signals Directorate.

 

Licensing Restrictions

The Australian Government Information Security Manual (ISM) Authoritative Source Content is available with the use of the Archer Policy Program Management, Archer IT Policy Program Management, and/or Archer Authorization and Assessment use cases. No additional license is required.

 

For More Information

To learn more about the Australian Government Information Security Manual (ISM) Authoritative Source Content:

 

For Additional Support

To learn more about this content, please contact your Account Rep for additional details. For technical support questions, please open a support case.

Was this article helpful? Yes No
Version history
Last update:
‎2022-06-17 02:51 PM
Updated by: