The ISM is the Australian Government's flagship document designed to assist Australian government agencies in applying a risk-based approach to protecting their information and ICT systems. This manual supports the guiding principles and strategic priorities outlined in the Australian Government Cyber Security Strategy by providing detailed information about the cyber security threat, as well as assisting agencies in determining appropriate controls to protect their information and systems.
The ISM comprises three documents, which target different levels within the Australian federal government, making the ISM accessible to more users and promoting information security awareness across government:
- Executive Companion (2011) (full-text): This Executive Companion details the cyber security threat and introduces considerations for those most senior in an organisation (such as Deputy Secretaries, Secretaries and Chief Executive Officers) in mitigating the risks presented by this threat environment.
- Principles document (Sept. 2012) (full-text): This Principles document is aimed at Security Executives, Chief Information Security Officers, Chief Information Officers and senior decision makers across government and focuses on providing agencies with a better understanding of the cyber threat environment and rationale to assist agencies in developing informed information security policies within their organisations; and
- Controls manual (Sept. 2012) (full-text): This Controls manual is aimed at IT Security Advisors, IT Security Managers and security practitioners across government. This manual provides a set of detailed controls that, when implemented, will help agencies.