The Australian Cyber Security Centre (ACSC) recently released an updated version of its Information Security Manual (ISM). The purpose of the ISM is to outline a cybersecurity framework that organizations can apply, using a risk management framework to protect information and systems from cyber threats. The ISM is intended for both executives and network defenders.

Accordingly, the ISM provides information on cybersecurity principles which outlines strategic guidance for organizations to defend systems and data. The cybersecurity guidelines section offers practical steps and advice organizations can enact now to strengthen defenses. The cybersecurity guidelines cover governance, physical security, personnel security, and information and communications technology security topics. According to ACSC, “the risk management framework used by the ISM has six steps: define the system, select controls, implement controls, assess controls, authorize the system and monitor the system.” Access the ISM at ACSC.