Guidelines for cyber security roles
42 controls in this part of theAustralian Government Information Security Manual. Each control links to plain-English guidance, audit tips and cross-framework mappings.
Board of directors and executive committee
ISM-1997
Define Cyber Security Roles for Leadership
ISM-1998
Integrate Cyber Security Across Business Functions
ISM-1999
Align Cyber Security with Business Strategy
ISM-2000
Regular Cyber Security Briefings for Executives
ISM-2001
Championing Cyber Security at an Executive Level
ISM-2002
Ensure Board Cyber Security Literacy for Compliance
ISM-2003
Monitor Cyber Security Workforce and Skill Gaps
ISM-2004
Enhancing Cyber Security Skills and Experience
Board of Directors and Executive Committee
Chief information security officer
ISM-0717
CISO Oversight of Cyber Security Personnel
ISM-0718
CISO Reporting to Board on Cyber Security
ISM-0720
Develop and Maintain a Cyber Security Communication Strategy
ISM-0724
Implement Cyber Security Metrics and KPIs
ISM-0726
Coordinate Security Risk Management Activities
ISM-0731
CISO Oversight of Cyber Supply Chain Risks
ISM-0732
Manage and Allocate Cyber Security Budget
ISM-0733
Ensure CISO Awareness of Cyber Incidents
ISM-0734
CISO Role in Disaster Recovery Planning
ISM-0735
Secure Facilities for Classified Systems
ISM-1478
CISO Management of Cyber Security Compliance
ISM-1617
Regular Review of Cyber Security Program
ISM-1618
CISO's Role in Cyber Security Incident Response
ISM-1918
Regular Cyber Security Reporting to Audit Committee
ISM-2020
Ensure Adequate Cyber Security Personnel Are Acquired
Chief Information Security Officer
System owners
ISM-0009
Identify Supplementary Controls for System Security
ISM-0027
Mandatory Authorisation for System Operation
ISM-1071
Assign System Ownership for Better Oversight
ISM-1203
Risk Assessment for System Security
ISM-1525
Register Systems with Authorising Officers
ISM-1526
Determine System Boundaries and Objectives
ISM-1587
Annual Security Status Reporting for Systems
ISM-1633
Implement Emanation Security Mitigation Recommendations
ISM-1634
Tailoring System Controls for Security and Resilience
ISM-1635
Ensure Security Controls for System Environments
ISM-1636
Security Assessment for System Controls
ISM-1967
Ensure Security Assessment of TOP SECRET Systems
ISM-1968
Obtain Authorisation for TOP SECRET Systems
ISM-2021
Implement and Maintain Data Minimisation Practices
Back to the full Information Security Manual (ISM) control list, or browse the complete control library.