ACSC updates Information Security Manual


Friday, 06 September, 2019


ACSC updates Information Security Manual

The Australian Government Information Security Manual (ISM) has undergone its ninth update in as many months to help Chief Information Security Officers and cybersecurity professionals stay up to date with cybersecurity risks and appropriate mitigation strategies.

The latest edition includes new cybersecurity principles which help set the strategic framework for protecting organisations’ systems and data from cyber threats, according to the Australian Cyber Security Centre (ACSC), which manages the document.

They are broken up into four key activities — govern, protect, detect and respond — and contain suggestions that businesses: embed cybersecurity risk management into their organisational frameworks; design, deploy, maintain and decommission systems according to their value, confidentiality, integrity and availability requirements; detect, contain, eradicate and recover from cybersecurity events or unusual activity in a timely manner and report any incidents to relevant internal and external bodies.

A maturity model is provided to help organisation assess their implementation of the principles individually, as a group or entirely.

The ISM also provides cybersecurity guidelines covering governance, physical security, personnel security and information and communications technology security, which are designed to “assist and empower” organisations in identifying security risks and selecting appropriate security risk management controls. They also allow organisations to be more flexible, giving them freedom to innovate and deliver creative and secure online services for the Australian public, the ACSC said. Most guideline changes in this round were minor language changes, modifications or corrections.

The ISM, including a list of updates and archived versions, can be found via the ACSC’s website.

Image credit: ©stock.adobe.com/au/Alex

Related News

Local governments urged to protect residents' privacy

Digital Rights Watch is calling on local governments to sign up to an international declaration...

UK parliament seeking Director of Cyber Security

The UK House of Commons has posted a job listing for a Director of Cyber Security to oversee UK...

OVIC publishes revised data security standards

The Office of the Victorian Information Commissioner has brought version 2.0 of the Victorian...


  • All content Copyright © 2019 Westwick-Farrow Pty Ltd