The Australian Signals Directorate produces the Information Security Manual (ISM). The ISM is a cyber security framework that an organisation can apply, using their risk management framework, to protect their information technology and operational technology systems, applications and data from cyber threats. The ISM is intended for Chief Information Security Officers, Chief Information Officers, cyber security professionals and information technology managers.
Within the pages linked to from this top level index there is supporting reference information related to the contents of the various ISM sections. The content comes from my years of experience in operations, engineering, and architecture roles.
The Infosec Registered Assessors Program (IRAP) is addressed separately here
ISM Table of Contents (Based on Version: September 2024)
- Using the Information Security Manual
- Cyber Security Principles
- The cyber security principles
- Guidelines for Cyber Security Roles
- Chief Information Security Officer
- System owners
- Guidelines for Cyber Security Incidents
- Managing cyber security incidents
- Responding to cyber security incidents
- Guidelines for Procurement and Outsourcing
- Cyber supply chain risk management
- Managed services and cloud services
- Guidelines for Security Documentation
- Development and maintenance of security documentation
- System-specific security documentation
- Guidelines for Physical Security
- Facilities and systems
- IT equipment and media
- Guidelines for Personnel Security
- Cyber security awareness training
- Access to systems and their resources
- Guidelines for Communications Infrastructure
- Cabling infrastructure
- Emanation security
- Guidelines for Communications Systems
- Guidelines for Enterprise Mobility
- Guidelines for Evaluated Products
- Guidelines for Information Technology Equipment
- Guidelines for Media
- Guidelines for System Hardening
- Guidelines for System Management
- Guidelines for System Monitoring
- Guidelines for Software Development
- Guidelines for Database Systems
- Guidelines for Email
- Guidelines for Networking
- Guidelines for Cryptography
- Guidelines for Gateways
- Guidelines for Data Transfers