NZISM Fundamentals
Live online
(Connection details will be emailed shortly before the event)
Also available on demand or in-house. Details
The New Zealand Information Security Manual (NZISM) is the New Zealand Government's security compliance handbook. It contains both a risk management framework and a number of security controls that NZ government agencies are required to have and that many NZ organisations are encouraged to have.
This NZISM fundamentals course highlights the most significant areas of the NZISM. In particular, this course emphasizes the fundamental requirements from the first 5 chapters of the NZISM that includes reporting requirements, risk management and the key roles required to meet the needs of the NZISM. In addition, the second half of the course delves into more detail about the most common area of the NZISM that organization struggle to match including cryptography requirements, documentation, the system auditing process and organizational security.
Dr Eldridge will also compare the NZISM requirements with international standards (such as ISO27002), and discuss prioritizing different controls to improve an organisation's security posture.
Target Audience and Prerequisites
The NZISM fundamental course is suitable for any technical or non-technical staff (e.g. IT professionals, project managers, managers or third-party service providers) from organizations within the New Zealand government, organizations that supply services to NZ government or anyone seeking to comply with government cybersecurity requirements. Previous information security and IT knowledge is helpful, but not required for this course.
It is suggested (but not required) that attendees have:
• experience with organization-specific IT infrastructure and practices.
• an interest in developing a solid understanding of New Zealand and international cybersecurity standards and compliance activities
Course Outcomes
This course will explain the fundamentals of the New Zealand Information Security Manual, including what its purpose is, who it is relevant and useful to and the structure of the document itself. Whilst the NZISM splits security controls into MUST haves and SHOULD haves, This course instead focuses on a core subset of these from both categories that practically reduce organisational risk. This course also explains what all these terms mean, and how to determine which are appropriate for your organisation.
The course includes time for open discussion of all areas of the NZISM to ensure that all students have to opportunity to ask questions about specific chapters or controls that are directly relevant to them.
On course completion, you will be able to:
• Navigate and use the NZISM to obtain specific controls required for your organization
• The key requirements to simplify adopting and assessing new controls as they are released
• Evaluate whether each control is required for your organization, and understand what may be required in order to comply with it
• Understand how the NZISM fits alongside other security documentation (such as the PSR, the NZCERT Critical Controls and the ASD Essential Eight)
Course Content
The course consists of a live webinar with dedicated time for questions and answers taught by a cybersecurity specialist. Attendees will also be provided with slides and reference materials relevant to the delivered content.
Module 1: NZISM Introduction
• What is the purpose of the NZISM?
• The security context of the NZISM
• Why is risk assessment important to the NZISM?
• Prioitising compliance activities and budgets
Module 2: Key NZISM concepts
• NZISM Documentation
• NZISM Roles and Responsibilities
• The system audit and certification process
• Designing systems for security risk assessments
Module 3: NZISM critical controls
• Organisational security
• Password policies and use
• Cryptography
• Cloud security assessments (Azure, AWS and others)
• Incident Response
About The Trainer
Dr Elf Eldridge is a security consultant for ZX Security. Dr. Eldridge has been working as a penetration tester and security auditor for ~ 5 years, and has extensive experience delivering technology courses to both public and private sector organisations. Previously he taught computer science, engineering, physics and mathematics at Victoria University of Wellington from 2013-2017 after obtaining his PhD through The MacDiarmid Institute for Advanced Materials and Nanotechnology.
Registration Details:
You can register for this event via Credit Card online now by using the link below, or alternatively call 0800 252 255 with your Credit Card details.
ITP Corporate Partners and approved organisations can opt to pay by invoice by calling 0800 252 255 or emailing attendee and business details through to [email protected]. Credit criteria and other conditions apply.
Want to run it at another time or place, or in-house?
Can't attend at the scheduled time, would like it in another city or want to enquire about running it in-house? No problem!
Simply register your interest and we'll look at whether we can bring to you when you want it. If you're interested in an in-house option, register your interest and we'll come back to you.
Attendance Cost
| All ITP Financial Members | $300.00 + GST / $345.00 incl GST |
| Staff of Corporate Partners (20% Discount) | $344.35 + GST / $396.00 incl GST |
| Non-Members | $430.43 + GST / $495.00 incl GST |
