The Australian Signals Directorate has provided its quarterly update for the Information Security Manual (ISM). This latest revision reflects the ever-evolving landscape of modern digital threats and the need for robust security measures. Compliance with the ISM is encouraged albeit voluntary.
The ASD identified several notable new controls that have been added in this edition, namely:
- Governance of operational technology cybersecurity
- Recommendation that an organisation’s Chief Information Security Officer provide cybersecurity leadership on operational technology cybersecurity, alongside their traditional leadership roles relating to information technology cybersecurity
- Operational technology supply chain security
- Recommendation that cybersecurity supply chain security should be extended to cover operational technology equipment
- Artificial intelligence application development
- Recommendation that the Open Worldwide Application Security Project’s (OWASP) top ten vulnerabilities in large language model applications be mitigated
- Recommendation that large language model applications evaluate user prompts to detect and mitigate adversarial suffixes designed to generate sensitive or harmful content
- Mobile app development
- Recommendation that OWASP’s mobile app security verification standard be used in support of “secure-by-design” for mobile app development activities
- Internal cybersecurity reporting
- Recommendation that the Chief Information Security Officer’s report on cybersecurity matters to their organisation’s audit, risk, and compliance team, on top of their reporting obligations to the organisation’s Executive Committee or Board of Directors
For a full reading of the updates, see here.