Information security

INF052

Why information security matters

Every organisation relies on the confidentiality, integrity, and availability of the information it processes, stores, and communicates. Robust information security is a business enabler.




Mandatory requirements

The core information security requirements that mandated government agencies must follow and other organisations should consider as best practice.




Management protocol for information security

Protect your organisation’s information with robust security practices.




Take a risk-based approach to information security

In response to these threats, using a risk-based approach that applies sound risk management will best allow you to tailor an information security framework to your organisation’s operating context and the threats it may face. Not all information should be treated equally.




Creating a security culture

Everyone in your organisation needs to be part of your security culture, otherwise your security processes and tools won’t be effective.




Adopt a framework to manage information security

Your organisation should establish a framework to direct and coordinate the management of your information security.




Security classification system and handling requirements

Guidance on protecting official information from unauthorised access and accidental disclosure




Understand the information security lifecycle

The information security lifecycle describes the process to follow to mitigate risks to your information assets.




New Zealand Information Security Manual (NZISM)

The New Zealand Information Security Manual (NZISM) is the New Zealand Government’s manual on information assurance and information systems security.




Managing specific scenarios

Guidance on a range of scenarios that each have specific security requirements.