Information Security Manual ( Ism )

1884 Words Apr 14th, 2016 8 Pages
2. Information Security
2.1 Research
Information Security Manual
The Information Security Manual (ISM) is produced by the Australian Signals Directorate under the Department of Defence (Australian Signals Directorate, 2016). The Information Security Manual is the standard which governs the security of government ICT Systems and it complements the Protective Security Policy Framework.
The ISM guides departments in how to ensure their information is secure. The ISM states that “Information is a continual process, one that extends beyond ensuring that s system is secure at the time of deployment (Department of Defence- Intelligence and Security, 2015).” It includes managing, detecting and reporting cyber security threats and well as
…show more content…
The PSPF also has a list of mandatory requirements that government agencies must follow. It states
“GOV-1 Agencies must provide all staff, including contractors, with sufficient information and security awareness training to ensure they are aware and meet the requirements of the Protective Security Policy Framework.
GOV-5 Agencies must develop their own set of protective security policies and procedures to meet their specific business needs.
GOV-6: Agencies must adopt a risk management approach to cover all areas of protective security activity across their organisation, in accordance with the Australian Standards AS/NZS ISO 31000:2009 Risk management—Principles and guidelines and HB 167:2006 Security risk management.
INFOSEC 1: Agency heads must provide clear direction on information security through the development and implementation of an agency information security policy, and address agency information security requirements as part of the agency security plan.
INFOSEC 2: Each agency must establish a framework to provide direction and coordinated management of information security. Frameworks must be appropriate to the level of security risks to the
Open Document