Computer Emergency Response Team (CERT) Top 10 Controls
- Patching
- Multi Factor Authentication
- Use a password manager
- Configure Logging and Alerting
- Asset Lifecycle Management
- Implement and test backups
- Implement application controls
- Enforce the principle of least privelege
- Implement network segmentation
- Set secure defaults for macros
New Zealand Government Communications Security Bureau (GCSB) Information Security Manual (NZISM)
- Information security governance – roles and responsibilities
- System Certification and Accreditation
- Information security documentation
- Information security monitoring
- Information Security Incidents
- Physical Security
- Personnel Security
- Infrastructure
- Communications Systems and Devices
- Product Security
- Media and IT Equipment Management, Decommissioning and Disposal
- Software security
New Zealand Protective Security Requirements
Governance
- GOV1 – Establish and maintain the right governance
- GOV2 – Take a risk-based approach
- GOV3 – Prepare for business continuity
- GOV4 – Build security awareness
- GOV5 – Manage risks when working with others
- GOV6 – Manage security incidents
- GOV7 – Be able to respond to increased threat levels
- GOV8 – Assess your capability
Information
- INFOSEC1 – Understand what you need to protect
- INFOSEC2 – Design your information security
- INFOSEC3 – Validate your security measures
- INFOSEC4 – Keep your security up to date
Personnel
- PERSEC1 – Recruit the right person
- PERSEC2 – Ensure their ongoing suitability
- PERSEC3 – Manage their departure
- PERSEC4 – Manage national security clearances
Physical
- PHYSEC1 – Understand what you need to protect
- PHYSEC2 – Design your physical security
- PHYSEC3 – Validate your security measures
- PHYSEC4 – Keep your security up to date
NZ GOVT GCDO/GCIO 105 – Risk assessment for public cloud services
- Value, Criticality and Sensitivity of Information
- Data Sovereignty
- Privacy
- Governance
- Confidentiality
- Data Integrity
- Availability
- Incident Response and Management
