Information Security Manual (ISM) Fundamentals

The Information Security Manual (ISM) Fundamentals Course is designed for organisations who intend to have an Infosec Registered Assessors Program (IRAP) Assessment conducted in their workplace

Facilitated by our expert trainer with extensive experience in cybersecurity and risk management, this short two-day program supports members in an organisation to better prepare them for an IRAP Assessment by understanding the Australian Government Information Security Manual and how it applies to the IRAP assessment process. 

It aims to give participants a basic understanding of why an organisation would engage an IRAP Assessor and what processes are involved during an IRAP Assessment. It also covers the foundational documentation that supports this process, the Australian Government Information Security Manual (ISM).

Created and maintained by the Australian Cyber Security Centre (ACSC), the Information Security Manual (ISM) is the key document used as the national industry-standard for cyber security practices. 

Aiming to protect the data, systems, and information of individual organisations, the ISM acts as a framework for organisations that they can apply using their own risk management frameworks. 

It’s used by high level security officers, chief information officers, cybersecurity professionals, and information technology managers. The ISM offers best practice and essential protocols, which IRAP Assessors follow and report on during an assessment.

Learners can expect to learn about:

• The governance of cyber security and Australian Government policy frameworks
• The benefits of an IRAP Assessment for their organisation
• The ACSC’s Information Security Manual
• How the ISM is used for an IRAP Assessment

Additional Information:

The course covers how the principles from the Information Security Manual will be applied during an IRAP Assessment. By understanding the fundamentals of the Information Security Manual, participants will better prepare themselves and their organisation for an IRAP Assessment.

Learning Outcomes:

• Discuss security controls as outlined in policy and guidance, including the ISM
• Explain and contrast the roles of ASD, system owners, and relevant security authorities, and explain the relationships between them
• Describe the threats present and the role of security controls
• Apply a risk-based approach to implementing appropriate security controls
• Communicate the merits of a particular implementation or deviation from security controls