Australian Government Publications

Information Security Manual

March 1, 2024

“The purpose of the Information Security Manual (ISM) is to outline a cyber security framework that an organisation can apply, using their risk management framework, to protect their systems and data from cyber threats.”

February 19, 2024

Entities must mitigate their exposure to cyber security risks. Cyber threats faced by the Australian Government include both external and internal adversaries that steal data, destroy data or attempt to prevent systems from functioning.

November 1, 2023

The first edition of CISC’s Critical Infrastructure Annual Risk Review provides a summary of the key risk-driven issues that have been affecting the security of Australia’s critical infrastructure over the last 12 months.

May 19, 2023

This guide is an Australian Government initiative providing an overview of how entities can understand, identify and prevent insider threat. The guide focuses on the importance of establishing a pro-integrity organisational culture and utilising preventative measures. The guide has been designed for entities to use as an educational tool, for government employees from all levels of the APS.

February 21, 2023

In his 2023 annual threat assessment, ASIO Director-General Mike Burgess highlighted that Australia faces unprecedented levels of espionage and foreign interference, which have become the primary national security threats. Additionally, while the domestic terrorism threat level has been downgraded from “probable” to “possible,” ASIO continues to monitor and address the evolving and complex nature of these threats​.

June 23, 2020

The purpose of the page on malicious insiders on the website is to inform organisations about the threat posed by insiders who misuse their access to systems and data for malicious purposes. It provides guidance on identifying, preventing, and mitigating risks associated with malicious insiders through comprehensive security measures and best practices.

May 11, 2018

The government is focusing on enhancing its Protective Security Policy Framework (PSPF) to strengthen personnel vetting processes, continuous evaluation, and fostering a culture of security awareness to reduce insider risks​.

August 26, 2016

The article highlights the threat of “trusted insiders” misusing access to sensitive information, emphasizing the need for robust security measures. The Australian Government is addressing this through the Protective Security Policy Framework (PSPF), which includes ongoing vetting, risk assessments, and fostering a culture of security awareness to mitigate insider threats​.

April 1, 2012

This report examines previous research on malicious insiders with particular emphasis on the social and psychological factors that may have influenced the attacker and their behaviours. This research also draws on corresponding studies into fraud and espionage in non IT scenarios. A range of preventative measures is presented that approach the problem from personnel, policy and technical perspectives.

The ASIO website’s “Countering Insider Threat” section outlines the organisation’s strategy to manage risks from insiders who may intentionally or unintentionally compromise sensitive information or assets. The Australian Government is focusing on comprehensive measures including risk assessment, multi-disciplinary governance, and advanced monitoring technologies to detect, deter, and respond to insider threats, with a holistic approach that integrates human behavior analysis and technological tools​.

Terrorists can target workplaces that deal with chemicals of security concern. They may use a trusted insider – or become one – to gain access to chemicals that they can use for terrorist activities.

Policy 12: The policies under this outcome outline how to screen and vet personnel and contractors to assess their eligibility and suitability. They also cover how to assess the ongoing suitability of entity personnel to access government resources and how to manage personnel separation.