ACSC's 2018 Information Security Manual released
The Australian Cyber Security Centre (ACSC) has released the latest update to the Australian Government Information Security Manual (ISM), which aims to support a move to a risk-based approach to cybersecurity.
The ISM outlines a best practice approach to cybersecurity based on the ACSC’s experience in responding to Australian incidents.
The 2018 release of the manual aims to provide government organisations with greater flexibility to manage their cybersecurity based on their own unique circumstances.
It includes guidance covering a wide range of areas, including responding to cybersecurity incidents, as well as guidelines for enterprise mobility, communications systems and infrastructure security, physical and personnel security, email and network management, and the use of cryptography.
Updates to the guidance mostly concentrate on streamlining and simplifying existing content, as well as the move from a compliance-based regime to a risk management approach.
The ISM now also includes new controls to support the implementation of the Australian Securities Directorate’s Essential Eight cyber threat mitigation strategies.
“The ISM is updated regularly to make sure people are best equipped to tackle the security risks associated with prevailing cyber threats. You’ll see the document has been streamlined, to remove duplication and make it easier to use,” ACSC Head Alastair MacGibbon said.
“What hasn’t changed is each organisation’s responsibility to protect their people, information and assets.”
Frameworks for data sharing, as opposed to data release, need to be developed to preserve...
The US Government Accountability Office (GAO) has uncovered major issues during an audit of 23...
Nearly half of security professionals at public sector organisations in markets including...