NCSC offers cyber security guidance to boards

CERT NZ receives record number of incident reports

cyber security key lock keyboard
Getty Images

The government’s National Cyber Security Centre (NCSC) has produced a resource for company boards to help them improve cyber-security governance.

The move follows the release of an NCSC study highlighting a “cyber security governance gap” and issues with security practice across many organisations.

NCSC undertook a study of New Zealand organisations’ cyber security resilience for which it interviewed cyber security professionals from 250 of New Zealand’s nationally significant organisations.

Release of the resource has coincided with release of the latest quarterly report from CERT NZ showing cyber security incidents at an all-time high: 1354 incidents were reported to CERT NZ in the three month to 30 September 2019, the highest number since the organisation launched in 2017.

Government Communications Security Bureau (GCSB) director general Andrew Hampton said that the NCSC study had revealed issues with preparedness, investment and supply chains across NZ organisations.

“As part of our work to help organisations lift cyber security resilience in these the NCSC is producing a range of guidance resources which will help organisations focus their efforts in these areas,” he said. “Resources in the other focus areas [will] follow in 2020.”

Hampton said the governance resource Charting your course – cyber security governance sets out six areas to help focus engagement between an organisation’s governance and its security practitioners.

It defines the principles of a cyber-security programme, provides a holistic view of risk and provides advice on monitoring security performance.

“While the resources are intended to primarily to support board and executive consideration and decision making around cyber-security resilience and risk, we also hope that practitioners will find them useful for supporting their engagement across organisations to achieve their security mission,” Hampton said.

The resource is provided as an introduction and six separate documents each covering different aspects of cyber security governance: building a culture of cyber resilience; establishing roles and responsibilities; holistic risk management; cyber security collaboration; creating a cyber security programme; measuring resilience.


Copyright © 2019 IDG Communications, Inc.

8 simple ways to clean data with Excel
Shop Tech Products at Amazon