The National Cyber Security Centre (NCSC) has released a resource document to help improve cyber-security governance across the public and private sectors.
The study involved interviews with cyber security professionals from 250 of New Zealand’s nationally significant organisations to assess cyber security resilience using measures drawn from a range of security frameworks.
Director–General of the Government Communications Security Bureau, Andrew Hampton said the assessment identified a gap between leadership and governance, and cyber security practice across many organisations.
“This was one of four focus areas; the others were preparedness, investment and supply chain,” Mr Hampton said.
“As part of our work to help organisations lift cyber security resilience in these areas the NCSC is producing a range of guidance resources which will help organisations focus their efforts.”
He said the first focused on improving cyber security governance and that resource documents on the other focus areas would follow in 2020.
Mr Hampton said the governance resource, Charting Your Course: Cyber Security Governance, set out six areas to help focus engagement between an organisation’s governance and its security practitioners.
“It defines the principles of a cyber-security program, provides a holistic view of risk, and provides advice on monitoring security performance,” he said.
“While the resource is intended to primarily support board and executive decision making around cyber-security resilience and risk, we also hope that practitioners will find it useful for supporting their engagement across organisations to achieve their security mission.”
The Charting Your Course: Cyber Security Governance resources are available at this PS News link.