The DSD's Information Security Manual (ISM) has been updated to provide more relevant information for government agencies and departments. The ISM consists of three parts — Executive Companion (PDF), Principles document (PDF), and Controls manual (PDF).
These changes include general updates to the ISM Principles document, and the addition of 387 controls in the Controls manual that have either been revised or newly created since the ISM was published last year.
Many recommendations in the ISM Controls manual provide agencies with a better understanding of what precautions should be taken, rather than being completely prescriptive. For instance, personnel have been given more advice on what they should do when travelling with mobile devices. Previously, agencies were not permitted to leave devices unattended or in checked baggage for any period of time, and if their devices were taken out of sight by customs personnel, were required to alert their IT security manager of a potential compromise of information.
However, additional controls now stipulate more than what agencies must do, and include measures that agencies should, optionally, implement. These include installing software on their devices to ensure that the data is also under their control, and if they had travelled overseas, that all passphrases associated with the device are changed once they return.
A complete summary of changes is available only to government users, however, previous versions of the ISM are still available online while the DSD updates the manual.