The Government Communications Security Bureau (GCSB) is encouraging leaders to get more connected with their organisations’ cyber security governance.
GCSB director-general Andrew Hampton said a new assessment identified a gap between leadership and governance, and cyber security practice across many organisations.
The Bureau’s National Cyber Security Centre (NCSC) has produced a resource in seven sections for boards to help improve cyber-security governance, informed by a new study of organisational cyber security resilience.
The effort aims to help to focus engagement between senior leadership and security practitioners.
The initial study involved interviews with cyber security professionals from 250 of New Zealand’s nationally significant organisations to assess cyber security resilience using measures drawn from a range of security frameworks.
The governance gap was one of four focus areas; the others were preparedness, investment and supply chain.
“As part of our work to help organisations lift cyber security resilience in these areas the NCSC is producing a range of guidance resources which will help organisations focus their efforts," Hampton said.
“The first of these resources, focusing on improving cyber security governance has been published by the NCSC, with resources in the other focus areas to follow in 2020.”
The governance resource, titled "Charting your course: cyber security governance", sets out six areas to help focus engagement between an organisation’s governance and its security practitioners.
It also defines the principles of a cyber-security programme, provides a wide view of risk, and provides advice on monitoring security performance.
“While the resource is intended to primarily support board and executive decision making around cyber-security resilience and risk, we also hope that practitioners will find it useful for supporting their engagement across organisations to achieve their security mission,” Hampton said.