Information security
-
Understand the information security lifecycle
- Understand what information and ICT systems you need to protect
- Assess the risks to your information security
- Design fit-for-purpose information security measures
- Implement your information security measures
- Validate your security measures
- Operate and maintain to stay secure
- Review your security measures
- Retire information securely
INF030
Implement your information security measures
During this phase of the information security lifecycle, you implement the agreed security and privacy measures including policies, processes, and technical security measures.
Build secure solutions and supply chains
Work with your suppliers to ensure that they understand and can meet your security requirements. Build your security requirements into your contractual arrangements.
Security weaknesses in suppliers can compromise otherwise robust security measures in other parts of your business. Remember to account for the information risks involved in the ICT system development lifecycle, such as development providers accessing and using test data or defect tracking systems.
Consider separating development, test and operational facilities to reduce the risk of unauthorised access or changes to systems.
Supporting documents and information
- Supply chain security
- NZISM: Supply chains
- NZISM: Product Security
- NZISM: Web Application Development
- NZISM: Access Control
Test and control changes
Only do system testing after all security measures have been implemented and before acceptance. Use an effective change control process to ensure that changes conform to relevant standards.
Use a formal management process to control changes to all information systems.
Supporting documents and information
- NZISM: Penetration Testing
- NZISM: Gateway Testing
- NZISM: Software Testing
- NZISM: Product selection and acquisition / assurance
- NZISM: Change Management
Page last modified: 4/05/2022