The Government Communications Security Bureau from New Zealand is encouraging public and private sector leaders to get more connected with their organizations’ cybersecurity governance.
Following on from a study of New Zealand organizations’ cybersecurity resilience, the Bureau’s National Cyber Security Centre (NCSC) has produced a resource for boards to help improve cybersecurity governance.
The NCSC study involved interviews with cybersecurity professionals from 250 of New Zealand’s nationally significant organizations to assess cybersecurity resilience using measures drawn from a range of security frameworks.
GCSB Director-General Andrew Hampton says the assessment identified a gap between leadership and governance, and cybersecurity practice across many organizations. This was one of four focus areas; the others were preparedness, investment and supply chain.
“As part of our work to help organizations lift cybersecurity resilience in these areas the NCSC is producing a range of guidance resources which will help organizations focus their efforts. The first of these resources, focusing on improving cybersecurity governance has been published by the NCSC, with resources in the other focus areas to follow in 2020," says Hampton.
Mr. Hampton says the governance resource Charting Your Course: Cybersecurity Governance sets out six areas to help focus engagement between an organization’s governance and its security practitioners. It defines the principles of a cybersecurity program, provides a holistic view of risk and provides advice on monitoring security performance.
“While the resource is intended to primarily support board and executive decision making around cybersecurity resilience and risk, we also hope that practitioners will find it useful for supporting their engagement across organizations to achieve their security mission,” Mr Hampton says.