Read Time:1 Minute, 54 Second

The Australian Signals Directorate (ASD), a crucial member of Australia’s national security community, created the Australian Government Information Security Manual (ISM) to aid organisations by providing strategic guidance in safeguarding their systems and data from cyberattacks.

According to Business Information Security Officer Muralee Krishnan, “The ISM was created to be used by organisations’ Chief Information Security Officers (CISOs), Chief Information Officers (CIOs), as well as cyber security professionals and information technology managers.”

Krishnan also notes that the ISM consists of cybersecurity principles and cybersecurity guidelines. He describes cybersecurity principles as “principles that provide strategic guidance on how organisations can protect their systems and data from cyber-attacks and threats. These principles are divided into four key actions; govern, protect, detect and respond. To comply with the ISM, organisations must provide proof or demonstrate that they adhere to these principles.”

Cybersecurity guidelines are guidelines organisations can apply to help them protect their systems and data from cyber threats and even attacks. The guidelines often cover governance, physical security, personnel security, and information and communications technology security.

ISM allows professionals to apply a risk-based approach to managing their cyber security. The framework within ISM consists of six steps: Define the System, Select Controls, Implement Controls, Assess Controls, Authorise the system, and Monitor the System.

The framework was adapted from the National Institute of Standards and Technology’s Risk Management Framework for Information Systems and Organisations publication.

The Define the system step describes that the user must understand the type, value and security objectives the system will address based on assessing the impact if it was compromised.

The next step for a successful framework is to select the appropriate controls to achieve the desired security objectives. Once these controls are created, they should be translated into the system and its operating environment.

Once implemented, security professionals are recommended to continuously assess these controls and identify if they have been correctly implemented and are working as designed. After this, the system has to be authorised to work based on the perceived risk and associated controls. Continuous monitoring of the system, associated cyber threats and risks involved is the last step.

Understanding the ISM allows security professionals to continuously review and comply with the ACSC standards, effectively safeguarding their organisations against cyber criminals.

Happy
Happy
0 %
Sad
Sad
0 %
Excited
Excited
0 %
Sleepy
Sleepy
0 %
Angry
Angry
0 %
Surprise
Surprise
0 %
Futuristic business Previous post Australian Cyber Security Centre Joins Annual APCERT Drill
Australian Cyber Security Centre Next post Australian Organisations Under Threat From Iranian State-Sponsored APT Actors