GCSB encourages leaders to connect with cyber security governance

The Government Communications Security Bureau is encouraging public and private sector leaders to get more connected with their organisations’ cyber security governance.

Following on from a study of New Zealand organisations’ cyber security resilience, the Bureau’s National Cyber Security Centre (NCSC) has produced a resource for boards to help improve cyber-security governance.

The NCSC study involved interviews with cyber security professionals from 250 of New Zealand’s nationally significant organisations to assess cyber security resilience using measures drawn from a range of security frameworks.

GCSB Director-General Andrew Hampton says the assessment identified a gap between leadership and governance, and cyber security practice across many organisations.  This was one of four focus areas; the others were preparedness, investment and supply chain.

“As part of our work to help organisations lift cyber security resilience in these areas the NCSC is producing a range of guidance resources which will help organisations focus their efforts.

“The first of these resources, focusing on improving cyber security governance has been published by the NCSC, with resources in the other focus areas to follow in 2020.”

Mr Hampton says the governance resource Charting Your Course: Cyber Security Governance sets out six areas to help focus engagement between an organisation’s governance and its security practitioners. It defines the principles of a cyber-security programme, provides a holistic view of risk, and provides advice on monitoring security performance.

“While the resource is intended to primarily support board and executive decision making around cyber-security resilience and risk, we also hope that practitioners will find it useful for supporting their engagement across organisations to achieve their security mission,” Mr Hampton says.

The Charting Your Course: Cyber Security Governance resources are available at: 

https://www.ncsc.govt.nz/guidance/charting-your-course-cyber-security-governance/