ACSC updates Information Security Manual

The Australian Government Information Security Manual (ISM) has undergone its ninth update in as many months to help Chief Information Security Officers and cybersecurity professionals stay up to date with cybersecurity risks and appropriate mitigation strategies.

The latest edition includes new cybersecurity principles which help set the strategic framework for protecting organisations’ systems and data from cyber threats, according to the Australian Cyber Security Centre (ACSC), which manages the document.

They are broken up into four key activities — govern, protect, detect and respond — and contain suggestions that businesses: embed cybersecurity risk management into their organisational frameworks; design, deploy, maintain and decommission systems according to their value, confidentiality, integrity and availability requirements; detect, contain, eradicate and recover from cybersecurity events or unusual activity in a timely manner and report any incidents to relevant internal and external bodies.

A maturity model is provided to help organisation assess their implementation of the principles individually, as a group or entirely.

The ISM also provides cybersecurity guidelines covering governance, physical security, personnel security and information and communications technology security, which are designed to “assist and empower” organisations in identifying security risks and selecting appropriate security risk management controls. They also allow organisations to be more flexible, giving them freedom to innovate and deliver creative and secure online services for the Australian public, the ACSC said. Most guideline changes in this round were minor language changes, modifications or corrections.

The ISM, including a list of updates and archived versions, can be found via the ACSC’s website.

Image credit: ©stock.adobe.com/au/Alex