The Australian Cyber Security Centre (ACSC) within the Australian Signals Directorate (ASD) produces the Australian Government Information Security Manual (ISM). The ISM helps organisations use their risk management framework to protect information and systems from cyber threats. The cyber security guidelines within the ISM are based on the experience of the ACSC and ASD. The ISM was last updated in November 2018.
Is ASD ISM Compliance important to your business?
The Information Security Manual recognises that both public and private networks are subject to persistent and sophisticated levels of cyber security threat from numerous sources. Huntsman Security ASD ISM Compliance Guide for System Monitoring details how to monitor your environment to the guidelines.
To deal with increasingly sophisticated targeted attacks, the ISM Principles advise Australian organisations to adopt a risk-based approach to protecting their information and ICT systems. The Australian Government Protective Security Policy Framework, and other nominated references, provide information about how to implement Information Security Risk Management processes to support the policy.
The key components of ISM Compliance
- IT security risk, IT security monitoring, risk mitigation
- Security breach, policy breach, cyber security, information security
- Security Event and Information Management (SIEM), IT risk management
- Event logging, root cause analysis, forensic audit, incident management
- Behaviour Anomaly Detection, security awareness training
How to achieve compliance to the ISM controls
The Huntsman® ISM Compliance Guide for System Monitoring summarises the System Monitoring controls of the ISM, shows how Huntsman technology maps to them, and how it helps organisations to assess and manage key aspects of their IT risk status, such as:
- Readiness to respond to targeted cyber security incidents
- The controls to protect the organisation from serious threats
- The potential cost of a cyber security incident
- Effectiveness of fostering a strong security culture