This course will explain the fundamentals of the New Zealand Information Security Manual, including what its purpose is, who it is relevant and useful to and the structure of the document itself. Whilst the NZISM splits security controls into MUST haves and SHOULD haves, This course instead focuses on a core subset of these from both categories that practically reduce organisational risk. This course also explains what all these terms mean, and how to determine which are appropriate for your organisation.
The course includes time for open discussion of all areas of the NZISM to ensure that all students have the opportunity to ask questions about specific chapters or controls that are directly relevant to them.
On course completion, you will be able to:
- Navigate and use the NZISM to obtain specific controls required for your organisation
- The key requirements to simplify adopting and assessing new controls as they are released
- Evaluate whether each control is required for your organisation, and understand what may be required in order to comply with it
- Understand how the NZISM fits alongside other security documentation (such as the PSR, the CERT NZ Critical Controls and the ASD Essential Eight)
The course consists of a live webinar with dedicated time for questions and answers taught by a cybersecurity specialist. Attendees will also be provided with slides and reference materials relevant to the delivered content.
Module 1: NZISM Introduction:
- What is the purpose of the NZISM?
- The security context of the NZISM
- Why is risk assessment important to the NZISM?
- Prioritising compliance activities and budgets
Module 2: Key NZISM concepts
- NZISM Documentation
- NZISM Roles and Responsibilities
- The system audit and certification process
- Designing systems for security risk assessments
Module 3: NZISM critical controls
- Organisational security
- Password policies and use
- Cryptography
- Cloud security assessments (Azure, AWS and others)
- Incident Response