New Zealand’s National Cyber Security Centre (NCSC) – a part of the Government Communications Security Bureau – has developed a nationwide understanding of the cyber security resilience of New Zealand’s NSOs. This report shares insight gathered from the frst comprehensive cyber security survey of New Zealand’s NSOs.
It identifes four key focus areas in which New Zealand organisations could improve, and provides practical steps that organisations can take to strengthen their cyber security posture and resilience.
It is important to use algorithms that adequately protect sensitive information and the NZISM prescribes approved algorithms and protocols. Each algorithm is carefully assessed for longevity, resistance to attack, ease of use and consumption of resource.
Agencies need to follow a security process when decommissioning and disposing of IT equipment and media that has been used for official, sensitive or security classified information. This process is outlined in the document Approved Secure Destruction Facilities - Guidance to Agencies.
The status of "approved facility" for the destruction of media and equipment may be granted by the Director-General GCSB under the NZISM. Approval depends upon the Director-General's satisfaction that the proposed facilities are capable of securely destroying IT equipment, devices and media to the standard required under the NZISM and related policies.
The process of obtaining approval is outlined in the document Approval of Secure Destruction Facilities - Information for Service Providers
China’s Cybersecurity Law aims to protect national security – the defnition of which extends to maintaining territorial integrity, social and economic stability, and the public order. It regulates how organisations and businesses should protect digital information, including whether and under what circumstances it can be transferred out of mainland China, and introduces measures aimed to safeguard internet systems, products and services against cyber-attacks.
It’s important that you understand how the law’s requirements may relate to you. This information sheet provides general information and does not constitute legal advice. You may wish to seek expert advice specifc to your circumstances.
Top Four Mitigation Strategies to Protect Your IT System
Top Four In A Linux Environment
Restricting Administrative Privileges Explained
Application Whitelisting Explained
Assessing Security Vulnerabliities and Patches
Bring Your Own Device (BYOD)
Classified Document Handling
Malicious Email Strategies
Traffic Light Protocol
ICT Security and Related Services Panel (SRS Panel)
The Security and Related Services Panel are a group of industry experts contracted to provide government agencies with ICT services and advice on a range of security and privacy practices. The Panel helps government agencies manage privacy and security issues effectively.
CERT NZ provides a central point for all New Zealanders to seek advice and report cyber incidents
While CERT NZ has a primary responsibility for cyber threat reporting, and a coordination role in threat response, NCSC takes the lead in the response to significant cyber events — particularly those which may impact on national security, and our nationally significant systems and information.
The ORB has been developed by Netsafe to offer all New Zealanders a simple and secure way to report their concerns about online incidents.
In some situations your Internet Service Provider may also be able to offer guidance
Internet Storm Centre is a program within the SANS Technology Institute, a branch of the SANS Institute which monitors the level of malicious activity on the Internet, particularly with regard to large-scale infrastructure events.
CERT Coordination Centre is part of the Software Engineering Institute, which is based in the Carnegie Mellon University, USA.
Team Cymru is a non-profit US federal organisation. They are a group of technologists passionate about making the Internet more secure and are dedicated to that goal.
Netsafe is an independent not for profit New Zealand organisation focused on online safety. They provide online safety help, support expertise and education to people in New Zealand.
Connect Smart contains advice for home-users, businesses and schools, to help New Zealander's protect themselves and their businesses online. Connect Smart is led by the government's National Cyber Policy Office (NCPO), part of the Department of the Prime Minister and Cabinet, in partnership with a range of government agencies, non-government organisations, and private sector.
The Department of Internal Affairs is responsible for investigating complaints about unsolicited commerical electronic messages, commonly referred to as SPAM.
GitHUB - An Open Source Information Security hub providing tools, techniques and reference material.