Australian Government Information Security Manual (ISM) Authoritative Source Content

Document created by Corey Carpenter Employee on Aug 8, 2018Last modified by Gloria Higley on Aug 18, 2020
Version 11Show Document
  • View in full screen mode

The purpose of the Australian Government Information Security Manual (ISM) is to outline a cyber security framework that organizations can apply, using their risk management framework, to protect their systems and information from cyber threats.

The ISM is intended for Chief Information Security Officers (CISOs), Chief Information Officers (CIOs), cyber security professionals and information technology managers.

The ISM represents the considered advice of the Australian Cyber Security Centre (ACSC) within the Australian Signals Directorate (ASD). This advice is provided in accordance with ASD’s designated functions under section 7(1)(ca) of the Intelligence Services Act 2001.

The risk management framework used by the ISM draws from National Institute of Standards and Technology (NIST) Special Publication (SP) 800-37 Rev. 2, Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy. Within this risk management framework, the identification of security risks and selection of security controls can be undertaken using a variety of risk management standards, such as International Organization for Standardization (ISO) 31000:2018, Risk management – Guidelines. Broadly, the risk management framework used by the ISM has six steps: define the system, select security controls, implement security controls, assess security controls, authorize the system and monitor the system. 

 

Languages

This content is available in English only. 

 

Mappings

Mappings for the Australian Government Information Security Manual (ISM) Authoritative Source Content to the RSA Archer Control Standard Library are available in the authoritative source content pack.

 

Content Source

The source of this content comes from the Australian Signals Directorate.

 

Licensing Restrictions

The Australian Government Information Security Manual (ISM) Authoritative Source Content is available with the use of the RSA Archer Policy Program Management, RSA Archer IT Policy Program Management, and/or RSA Archer Authorization and Assessment use cases. No additional license is required.

 

For More Information

To learn more about the Australian Government Information Security Manual (ISM) Authoritative Source Content:

 

For Additional Support

To learn more about this content, please contact your Account Rep for additional details. For technical support questions, please open a support case or contact RSA Archer at archersupport@rsa.com for more information.

Attachments

    Outcomes