Module Application
The CYBERSECURITY module can assist organisations to create an effective and appropriate digital security framework on any scale.
Does your organisation transact with New Zealand residents online?
Does your organisation store information collected from New Zealand residents on local hardware, using third party storage provider, or in the cloud?
Does your organisation rely upon digital systems to conduct operations or possess commercially sensitive data?
If so, then the CYBERSECURITY module is for you.
Module Scope
The CYBERSECURITY module is divided into 21 topics. These topics reflect the format of the NIST Framework for Improving Critical Infrastructure Cybersecurity and provide a sequential process for constructing a risk-management-based framework of cybersecurity measures.
The 21 topics are:
- Asset Management
- Business Environment
- Governance
- Risk Assessment
- Risk Management Strategy
- Supply Chain Risk Management
- Identity Management, Authentication and Access Control
- Awareness and Training
- Data Security
- Information Protection Processes
- Maintenance
- Protective Technologies
- Incident Alert Threshold
- Security Continuous Monitoring
- Detection Processes
- Response Planning
- Communication
- Mitigation
- Improvements
- Recovery Planning
- Recovery Communications
The module covers legal requirements from New Zealand and international sources including:
- Privacy Act 2020 (NZ)
- Harmful Digital Communications Act (NZ)
- Crimes Act 1961 (NZ)
- General Data Protection Regulation (EU)
- Federal Trade Commission Act 1914 (USA)
- Data Protection Act 2018 (UK)
- Privacy Act 1988 (Australia)