Ensure Cyber Security Personnel Have Necessary Tools
Cyber security staff must have the tools and data to spot system threats quickly.
Plain language
Ensuring your cyber security team has the right tools and data is like giving a firefighter both a hose and water. They need them to spot problems, like hackers breaking in, before major damage is done. Without the necessary tools, cyber threats could go unnoticed, leading to serious breaches of security and potential data loss.
Framework
ASD Information Security Manual (ISM)
Control effect
Detective
Classifications
NC, OS, P, S, TS
ISM last updated
Apr 2020
Control Stack last updated
19 Mar 2026
E8 maturity levels
N/A
Guideline
Guidelines for cyber security incidentsOfficial control statement
Cyber security personnel have access to sufficient data sources and tools to ensure that systems can be monitored for key indicators of compromise.
Why it matters
If security staff lack access to key telemetry and detection tools (e.g., logs, SIEM/EDR), indicators of compromise may be missed, delaying response and increasing breach impact.
Operational notes
Periodically confirm cyber staff can access required data sources and tools (e.g., central logs, SIEM, EDR, DNS/proxy) and review coverage to detect key indicators of compromise.
Implementation tips
- The IT team should conduct an inventory of existing cyber security tools to identify any gaps. Review what tools you currently have, such as firewall systems and threat detection, and see if there's anything missing that would help spot threats better.
- Managers should liaise with cybersecurity experts to ensure all tools are updated and functioning as intended. Schedule regular check-ins to verify that systems like anti-virus software and monitoring applications are current and running smoothly.
- Procurement should work with the IT team to acquire any necessary new tools or software. Research industry standards and feedback from current software users to make informed purchasing decisions.
- The security officer should ensure staff are trained to use the existing tools efficiently. Organise workshops or training sessions where staff can practice using the tools to spot typical signs of compromise.
- Business owners should regularly review the company's data sources' security level with their IT team. Establish which informational resources are critical and ensure they are well protected with current security measures.
Audit / evidence tips
- AskA list of current tools and software used for threat detection GoodIncludes a comprehensive list with recent updates displayed
- AskThem about processes for monitoring threats and how effective they feel the current tools are GoodShows clear understanding and satisfaction with the tools provided
- GoodDemonstration will clearly show a streamlined process for detecting issues
- GoodRecord will display regularly updated agreements and recent purchases reflecting technology improvements
Cross-framework mappings
How ISM-0120 relates to controls across ISO/IEC 27001, ISO/IEC 42001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| handshake Supports (2) expand_less | ||
| Annex A 8.6 | Annex A 8.6 requires monitoring of resource use and subsequent adjustment to prevent performance degradation or outages | |
| Annex A 8.16 | ISM-0120 requires cyber security personnel to have sufficient data sources and tools to monitor systems for key indicators of compromise | |
E8
| Control | Notes | Details |
|---|---|---|
| handshake Supports (5) expand_less | ||
| extension Depends on (7) expand_less | ||
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.