Security Monitoring: Align to the latest ASD ISM recommendations
The updated Australian Government Information Security Manual (ISM) was released by the Australian Cyber Security Centre (ACSC) at the end of 2018. The manual represents the ACSC and ASD’s knowledge of best practice cyber security measures based on their experience in responding to cyber security incidents within Australia.
Originally designed for government agencies, the ISM also helps private sector organisations protect information and systems from cyber threats.
Figure 1 Australian Government Information Security Manual
The latest release supports a move towards a risk-based approach that gives you greater flexibility to manage your cyber security based on your own circumstances. The ISM also complements the Australian Government’s Protective Security Policy Framework (PSPF).
Latest ASD ISM updates
The ISM Manual has been revised in five ways:
- reflects the updated Australian Government Security Classification Scheme to be introduced as part of PSPF reforms;
- aligns to the PSPF’s move from a compliance-based regime to a risk management approach for protective security within government;
- removes residual compliance concepts in favour of risk management concepts;
- adds new controls to support the implementation of the ‘Essential Eight’;
- consolidates and simplifies existing content.
How to comply with ISM Guidelines for System Monitoring
The Huntsman Security ISM System Monitoring Compliance Guide has been created to summarise the security controls recommended within the ISM Guidelines for System Monitoring and explains how Huntsman SIEM & Security Analytics technology supports them. You can download a copy of the guide here:
Monitoring your environment against the Essential Eight
The Essential Eight security controls now recommended in the ISM are eight key controls that have been assessed by the ASD to defend against 85% of targeted attacks.
The Huntsman Security Scorecard benchmarks your controls against the Essential Eight maturity levels and delivers clear, objective metrics of your cyber posture. Whether you have one or eight of the controls in place you can assess your risk exposure at any one point in time.
Figure 3 Security Scorecard – Security Controls dashboard
To find out more, download an overview of the Security Scorecard:
Make 2019 the year to build your organisation’s cyber resilience
The first step to developing your cyber resilience is to understand your current position. Contact us to learn how to benchmark your organisation’s cyber posture against the key government recommendations and start your journey today.