Victorian Government Leveraging Alyne to Manage Cyber Risk

The Victorian Government (Australia) is using Alyne to help manage its cyber security and risk management, including monitoring its compliance with the Australian Government's Information Security Manual (ISM).

As part of its service, Alyne has added full coverage support for the ISM’s 945 Controls to its content library. In addition to measuring its compliance with the 37 standards, laws and regulations that were already part of Alyne, the Victorian Government may now run assessments and manage cyber risks using Alyne’s ISM Control Sets.

The ISM, produced by the Australian Signals Directorate (ASD), assists Australian government agencies, organisations and entities in applying a risk-based approach to protecting their information and systems. The Controls are designed to mitigate the most likely threats to Australian government agencies, but may also be implemented by non-government entities, working with the government, to demonstrate compliance.

Comprising 945 Information Security Controls, the ISM is extremely comprehensive and can be fairly unwieldy in its native form. In Alyne the ISM Controls are split into 17 Control Sets, each covering a unique ISM topic, including Information Security Governance, Physical Security, Personnel Security, Communications Security and various other aspects of Information Security. As with all Alyne Controls, the ISM Controls can be filtered and arranged in any number of ways, to suit the relevant entity and its purpose. For example, a compliance assessment of an IT system classified as Protected against only the “must have” requirements of the ISM can be easily configured within minutes.

Contact our team at to learn how Alyne can help your ISM initiative or learn about how you can experience Alyne’s capabilities in a Proof of Concept.


Cyrus Ardeshirian

Related Posts

Blog thumbnail

Library Update: EBA Guidelines under SREP

The latest deployment to our Content Library - the European Banking Authority Guidelines on ICT Risk Assessment under the Supervisory Review and Evaluation process (EBA/GL/2017/05).