Resources

New Zealand’s National Cyber Security Centre (NCSC) – a part of the Government Communications Security Bureau – has developed a nationwide understanding of the cyber security resilience of New Zealand’s NSOs. This report shares insight gathered from the first comprehensive cyber security survey of New Zealand’s NSOs.
It identifes four key focus areas in which New Zealand organisations could improve, and provides practical steps that organisations can take to strengthen their cyber security posture and resilience.

‘Thinking ahead. Being prepared. Cyber security resilience of New Zealand’s nationally Significant Organisations 2017-2018’

China’s Cybersecurity Law aims to protect national security – the defnition of which extends to maintaining territorial integrity, social and economic stability, and the public order. It regulates how organisations and businesses should protect digital information, including whether and under what circumstances it can be transferred out of mainland China, and introduces measures aimed to safeguard internet systems, products and services against cyber-attacks.

It’s important that you understand how the law’s requirements may relate to you. This information sheet provides general information and does not constitute legal advice. You may wish to seek expert advice specifc to your circumstances.

Understanding China's cybersecurity Law

ICT Security and Related Services Panel (SRS Panel) 
The Security and Related Services Panel are a group of industry experts contracted to provide government agencies with ICT services and advice on a range of security and privacy practices. The Panel helps government agencies manage privacy and security issues effectively.

CERT NZ provides a central point for all New Zealanders to seek advice and report cyber incidents
While CERT NZ has a primary responsibility for cyber threat reporting, and a coordination role in threat response, NCSC takes the lead in the response to significant cyber events — particularly those which may impact on national security, and our nationally significant systems and information.

The ORB has been developed by Netsafe to offer all New Zealanders a simple and secure way to report their concerns about online incidents.
In some situations your Internet Service Provider may also be able to offer guidance

Internet Storm Centre is a program within the SANS Technology Institute, a branch of the SANS Institute which monitors the level of malicious activity on the Internet, particularly with regard to large-scale infrastructure events.
CERT Coordination Centre is part of the Software Engineering Institute, which is based in the Carnegie Mellon University, USA.
Team Cymru is a non-profit US federal organisation.  They are a group of technologists passionate about making the Internet more secure and are dedicated to that goal.

Netsafe is an independent not for profit New Zealand organisation focused on online safety.  They provide online safety help, support expertise and education to people in New Zealand.
Connect Smart contains advice for home-users, businesses and schools, to help New Zealander's protect themselves and their businesses online.  Connect Smart is led by the government's National Cyber Policy Office (NCPO), part of the Department of the Prime Minister and Cabinet, in partnership with a range of government agencies, non-government organisations, and private sector.

The Department of Internal Affairs is responsible for investigating complaints about unsolicited commerical electronic messages, commonly referred to as SPAM.

CERT NZ
The ORB and send a copy to NCSC
Contact your local Police station

SCADA - Supervisory Control and Data Acquisition

US CERT CSSP
Browse the NCSC website
Email NCSC (liaison@ncsc.govt.nz) for questions on SCADA security
Incidents to report SCADA security issues to NCSC

It is important to note these are supplementary references and resources to assist agencies in having a more complete understanding of the context of the controls specified in  the NZISM.

The Cloud Security Alliance (CSA)  provides a number of resources on cloud security and cloud management – see:  https://cloudsecurityalliance.org/

CSA also publish the Cloud Control Matrix (CCM) now at version 3.0.1 (December 2018 update) – see: https://cloudsecurityalliance.org/working-groups/cloud-controls-matrix/#_overview 

The Center for Internet Security (CIS) publishes their CIS Controls - 20 important cybersecurity recommendations. Now in version 7.0 (April 2019), the CIS Controls are a prioritised set of actions any organisation can follow to help improve their cybersecurity posture – see: https://www.cisecurity.org/blog/cis-controls-version-7-whats-old-whats-new/   Controls can be downloaded as an Excel or .pdf file. 

Forbes Insights - Perception Gaps in Cyber Resilience: Where Are Your Blind Spots? The hidden risks of shadow IT, cloud and cyber insurance

Beazley - 2019 Breach Briefing

 

GitHUB - An Open Source Information Security hub providing tools, techniques and reference material.

https://github.com/rmusser01/Infosec_Reference/blob/master/README.md