The Australian Signals Directorate’s Australian Government Information Security Manual (ISM) outlines a cyber security framework that organisations can apply, using their risk management framework, to protect their information and systems from cyber threats.
The ISM is intended for Chief Information Security Officers, Chief Information Officers, cyber security professionals and information technology managers.
The purpose of the cyber security principles within the ISM is to provide strategic and practical guidance on how organisations can protect their systems and data from cyber threats. These cyber security principles are grouped into four key activities: govern, protect, detect and respond. Organisations should be able to demonstrate that the cyber security principles are being adhered to within their organisation.
Cyber security guidelines cover governance, physical security, personnel security, and information and communications technology security topics. Organisations should consider the cyber security guidelines that are relevant to each of the systems they operate.