Personal study notes compiled by Yadav Ghorasainee — IS Auditor and Cybersecurity professional based in Perth, WA, Australia.
Covers Australian government cybersecurity frameworks, privacy law, and international data protection standards relevant to GRC, IS audit, and compliance roles in Australia.
| Topic | Description |
|---|---|
| Australian Information Security Manual (ISM) | ASD/ACSC ISM controls, principles, and implementation guidance |
| ACSC Essential Eight | Mitigation strategies, maturity levels, and implementation notes |
| Australian Privacy Principles (APPs) | Privacy Act 1988 — all 13 APPs with notes and examples |
| GDPR | EU General Data Protection Regulation — key articles and compliance notes |
| ISO27001:2022 | Information Security Management Systems — key clauses, Annex A, SOA and risk management notes |
| NIST_CSF_2.0 | Cybersecurity Study notes - Govern, Identify, Protect, Detect, Respond and Recover |
Note: Files are being progressively detailed. Last updated April 2026.
- Cybersecurity and GRC professionals preparing for audits or compliance assessments
- Students studying for certifications such as CISA, (ISC)² CC, or ISO 27001 Lead Auditor
- IT professionals transitioning into governance, risk, and compliance roles
- Anyone preparing for work with Australian government or regulated-industry clients
| Aspect | ISM / Essential Eight | ISO 27001:2022 | NIST CSF 2.0 | GDPR / APPs |
|---|---|---|---|---|
| Scope | Australian govt & critical infra | Any organisation globally | Any organisation globally | Personal data processing |
| Mandate | Mandatory for APS; recommended for others | Voluntary (certification available) | Voluntary | Legally binding (EU/AU) |
| Focus | Technical controls & maturity | ISMS management system | Risk-based cyber resilience | Privacy rights & obligations |
| Audit body | ACSC / ASD | Accredited certification body | Self-assessed or third-party | OAIC (AU) / regulators (EU) |
These are personal study notes — not official documentation. Always refer to the primary source documents from ACSC, NIST, ISO, and the OAIC for authoritative guidance.
Primary sources:
- ACSC Australian ISM
- ACSC Essential Eight
- OAIC Australian Privacy Principles
- NIST CSF 2.0
- ISO/IEC 27001:2022
- GDPR (EUR-Lex)
Yadav Ghorasainee — MSc IT & Applied Security | ISO 27001 Internal Auditor
(ISC)² CC Passed · Fortinet NSE · Perth, WA · Full Australian Working Rights
📧 yadavg.cybernet@gmail.com
💼 linkedin.com/in/yadav-ghorasainee
🌐 Portfolio
These notes are shared under the Creative Commons Attribution 4.0 licence. You are free to share and adapt with attribution.