Skip to content
Control Stack logo Control Stack
ISM-0733 ASD Information Security Manual (ISM)

Ensure CISO Awareness of Cyber Incidents

The CISO should be informed about all cyber security incidents in the organisation.

Responsive Non-classified OFFICIAL: Sensitive PROTECTED SECRET TOP SECRET Roles and responsibilitiesIncident managementASD Information Security ManualGuidelines for cyber security roles

🏛️ Framework

ASD Information Security Manual (ISM)

🧭 Control effect

Responsive

🔐 Classifications

NC, OS, P, S, TS

🗓️ ISM last updated

Sept 2020

✏️ Control Stack last updated

22 Feb 2026

🎯 E8 maturity levels

N/A

Guideline

Guidelines for cyber security roles

Section

Chief information security officer

Topic

Overseeing Cyber Security Incident Response Activities
Official control statement
The CISO is fully aware of all cyber security incidents within their organisation.

Source: ASD Information Security Manual (ISM)

Plain language

This control means that the Chief Information Security Officer (CISO) must be kept in the loop about every cyber security issue that happens within the organisation. It matters because if incidents are kept hidden or not communicated promptly, the organisation could face bigger security risks, leading to data breaches, financial loss, or damage to its reputation.

Why it matters

Unchecked cyber incidents can escalate threats, causing severe reputational damage and financial loss if the CISO is not promptly informed.

Operational notes

Ensure incident reports are relayed to the CISO within 24 hours, enabling timely decision-making and effective response coordination.

Implementation tips

  • CIO (Chief Information Officer) should establish a process: Develop a clear communication plan to inform the CISO of any cyber incidents. Set up automatic alerts through email or a secure messaging platform each time an incident is reported.
  • IT security team should document incidents: Keep a detailed record of what happens during each incident, complete with timelines and response actions. Use a shared system where the CISO can access and review these records anytime.
  • Office Manager should coordinate regular updates: Schedule a weekly briefing with the CISO to review all incidents reported during the period. Use this time to discuss any changes in response strategies or upcoming risks.
  • HR should train staff: Educate employees about the importance of reporting cybersecurity incidents. Provide simple guidelines on how to escalate issues to ensure the CISO is informed quickly.
  • Procurement should ensure tools are in place: Acquire the right tools for tracking and managing incidents. Ensure these tools have user-friendly reporting features so that incidents can be logged and accessed by the CISO efficiently.

Audit / evidence tips

  • Ask: the incident communication plan: Request a written document that outlines how cyber incidents are communicated to the CISO

    Good: includes clear procedures and contact channels for alerting the CISO

  • Ask: to see incident logs: Request access to recent cybersecurity incident records

    Good: shows complete logs with time stamps and actions taken

  • Ask: meeting records: Request minutes or notes from the CISO’s regular briefing meetings

    Good: includes dates, attendees, and summarized discussions of incidents

  • Ask: about staff training records: Obtain proof of staff training on reporting incidents

    Good: shows high participation rates and relevant, up-to-date content

  • Ask: tool usage reports: Request data on the usage of tools designed for incident tracking and reporting

    Good: shows regular, documented usage and CISO engagement

Cross-framework mappings

How ISM-0733 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.

These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.

ISO 27001

Control Notes Details
Partially overlaps (1)
Annex A 5.24 Annex A 5.24 requires the organisation to define and communicate incident management processes and roles to be prepared to manage incidents
Related (1)
Annex A 5.2 ISM-0733 requires that the CISO is fully aware of all cyber security incidents within their organisation

E8

Control Notes Details
Related (4)
E8-AC-ML2.9 ISM-0733 requires that the CISO is fully aware of all cyber security incidents within their organisation
E8-MF-ML2.10 ISM-0733 requires that the CISO is fully aware of all cyber security incidents within their organisation
E8-RA-ML2.11 ISM-0733 requires that the CISO is fully aware of all cyber security incidents within their organisation
E8-AH-ML2.16 ISM-0733 requires that the CISO is fully aware of all cyber security incidents within their organisation

Mapping detail

Mapping

Direction

Controls