The Australian government’s Information Security Manual has been simplified with the removal of 258 recommended cyber security controls and the addition of 63.
Words like “should” and “must” were also removed from the descriptions of 687 entries to get away from “compliance-based language” in the manual, according to a report listing all the changes.
Presumably, the idea is to encourage executives to take charge of managing cyber security risks and to use the ISM as a guide, but not to rely on it too much as a kind of checklist.
The latest update sees a net reduction of 20% on the 950 individual security tips that were listed in the previous version of the ISM.
Others were “modified to merge in content from other security controls, clarify their intent or clarify the classifications that they were applicable to” as well, the Australian Cyber Security Centre reports.
READ MORE: Alastair MacGibbon explains why cyber catastrophe is society’s ‘greatest existential threat’ right now
Public service leaders often hear that compliance does not equal security — a handy point to bring up when you’re non-compliant…
