The Australian Government Information Security Manual (ISM) is the standard that governs the security of Government ICT systems. Do you comply?
ISM is designed to help Government agencies to apply a risk-based approach to protecting their information and ICT systems. It details important information about cyber threats and outlines principles and controls to protect agency systems and their information.
When assessing cyber risk status, ISM outlines five key questions that organisations must ask themselves to assess and manage their cyber security risk. These are:
- Is the organisation ready to respond to targeted cyber security incidents?
- What would the cost be of a cyber security incident?
- Who would benefit from having access to our information?
- What controls do we have in place to protect ourselves from cyber threats?
- Does staff behaviour foster a strong security culture?
Compliance with ISM
Compliance with ISM controls is categorised into ‘must’ and ‘should’ requirements. Requirements are evaluated according to the degree of risk an organisation is accepting by not complying with the ISM control.
Non-compliance with ‘must’ requirements represent a high cyber security risk. Non-compliance with ‘should’ controls represent a medium to low security risk.
Stickman is able to review your organisations controls against the requirements of ISM and provide recommendations to achieve compliance.
For more information about ISM compliance talk to a consultant today.