Australian Signals Directorate (ASD) Information Security Manual
Disclaimer: Organisations are not required as a matter of law to comply with this document, unless legislation, or a direction given under legislation or by some other lawful authority, compels them to comply. This document does not override any obligations imposed by legislation or law. Furthermore, if this document conflicts with legislation or law, the latter takes precedence.
The Australian Cyber Security Centre (ACSC) within the Australian Signals Directorate (ASD) produces, and updates every month, the Australian Government Information Security Manual (ISM). The ISM helps organizations use their risk management framework to protect information and systems from cyber threats by applying security controls where appropriate. The cyber security guidelines within the ISM are based on the experience of the ACSC within ASD and should be treated as a best practice framework for organisations in accordance with their business requirements and threat environment. The guidelines are intended for Chief Information Security Officers (CISOs), Chief Information Officers (CIOs), cyber security professionals, and information technology managers. As such, these guidelines discuss both governance and technical concepts to support the protection of organisations’ information and systems.
The published guidelines cover areas including:
- Cyber Security Roles
- Authorizing Systems
- Cyber Security Incidents
- Outsourcing
- Security Documentation
- Physical Security
- Personnel Security
- Communications Infrastructure
- Communications Systems
- Enterprise Mobility
- Evaluated Products
- ICT Equipment Management
- Media Management
- System Hardening
- System Management
- System Monitoring
- Software Development
- Database Systems Management
- Email Management
- Network Management
- Using Cryptography
- Gateway Management
- Data Transfers and Content Filtering
No single mitigation strategy is guaranteed to prevent cyber security incidents, and the ISM is cognizant of this fact. Organisations are recommended to implement eight essential mitigation strategies as a baseline. This baseline, which the ISM is founded on, is known as the Essential Eight and makes it much harder for adversaries to compromise systems. There is a suggested implementation order for each adversary to assist organisations in building a strong cyber security posture for their systems to eventually reach mature, full alignment, with each mitigation strategy. More detailed information on the Essential Eight may be found here.
Control objectives are supported through LogRhythm AI Engine (AIE) rules, Alarms, Reports, Investigations, and general SIEM functionality with the aim of helping your organization to satisfy certain controls outlined by the ISM and the collection, management, and analysis of log data are integral to meeting many ISM guidelines. LogRhythm also understands that organizations may be at different points of compliance maturity, so the Compliance Automation Suite: ASD is flexible to allow organizations to realize value at any point along that maturity scale. The Compliance Automation Suite: The ASD module is focused on the control requirements, which are traditionally the requirements used to attest for best practice purposes. The use of LogRhythm supports some of the ISM’s recommendations and decreases the cost of meeting others through pre-built content and functionality. Using advanced LogRhythm functionality such as NetMon, TrueIdentity, SysMon, Threat Research content, and Case Management may enhance pre-built content to better support an organization's compliance efforts. IT environments consist of heterogeneous devices, systems, and applications—all reporting log data. Millions of individual log entries can be generated daily, if not hourly. The task of organizing this information can be overwhelming. Additional recommendations to analyze and report on log data render manual processes or homegrown remedies inadequate and cost-prohibitive for many organizations. LogRhythm delivers log collection, archiving, and recovery across the entire IT infrastructure and automates the first level of log analysis. Log data is categorized, identified, and normalized for easy analysis and reporting. LogRhythm’s powerful alerting capabilities automatically identify the most critical issues and notify relevant personnel. This module and associated reporting package work out of the box with some level of customization available. Utilizing the Compliance Automation Suite: ASD assists in building and maintaining a sound compliance program.