Achieve ASD ISM Compliance
The latest Australian Government Information Security Manual (ISM), published in July 2019, outlines a cyber security framework formulated by the Australian Cyber Security Centre (ACSC) within the Australian Signals Directorate (ASD). The framework is designed to be applied by organisations, using their risk management framework, to protect their information and systems from cyber threats.
A summary of the ISM Risk Framework
The risk management framework used by the ISM draws from National Institute of Standards and Technology (NIST) Special Publication (SP) 800-37 Rev. 2. Broadly, the ISM risk management framework includes six steps that organisations should follow and maintain to protect their assets:
Step 1 – Define the system
Determine the value of the system, and the information it processes, stores and communicates, based on an assessment of the impact if it were to be compromised.
Step 2 – Select security controls
Using a risk assessment, select security controls for the system and tailor them to achieve an acceptable residual risk.
Step 3 – Implement security controls
Implement security controls and document how they are implemented within the system and its operational environment.
Step 4 – Assess security controls
Assess security controls for the system and its environment to determine if they have been implemented correctly and are operating as intended.
Step 5 – Authorise the system
Authorise the system to operate based on the acceptance of the security risks associated with its operation.
Step 6 – Monitor the system
Monitor the system, and associated cyber threats, security risks and security controls, on an ongoing basis.
How Huntsman Security supports ISM compliance
Huntsman Security’s technology helps you fulfil the requirements of the ISM within two key areas:
Essential 8 Scorecard
The Essential 8 Scorecard measures the effectiveness of your organisation’s security controls against the ACSC Essential 8 Framework. It delivers a continuous view of your cyber posture by automatically gathering data from ongoing security operations and through direct connections and configuration interfaces. The Scorecard identifies and reports on coverage, weak points, policy failures and vulnerabilities against each of the controls.
Essential 8 Scorecard – Trend Report
Next Gen SIEM
Next Gen SIEM is a high volume, high speed next generation SIEM with inbuilt threat intelligence and behaviour anomaly detection. The technology undertakes high speed analysis of large volume streams of data to accurately detect non-compliant system activity, anomalous behaviour, security issues and cyber threats in real-time.
The technology has a proven track record of protecting environments within government, defence, intelligence and critical infrastructure.
Next Gen SIEM Dashboard – Incident Status