Guides

Practical information on keeping systems and data safe from attack.

Reporting a vulnerability to CERT NZ

If you find a vulnerability in a service or product, CERT NZ can help you communicate with the vendor whose systems are affected. This is known as coordinated disclosure.

New Zealand Information Security Manual (NZISM)

The NZISM is the NZ government’s manual on information assurance and information systems security, published by the Government Communications Security Bureau (GCSB).

Traffic Light Protocol (TLP)

The TLP is a set of designations used to ensure that sensitive information is shared with the correct audience.

CERT NZ's critical controls 2018

CERT NZ’s ten critical controls would mitigate, or better contain, the majority of attacks we’ve seen. There are many controls that could improve an organisation’s information security.

Cyber-risk practice guide

This guide, published by NZ's Institute of Directors, provides boards with five useful principles to help them understand and monitor cyber-risk, develop strategies for seeking assurance, and oversee management in their organisations.

1 in 5

— the number of UK-based businesses who paid ransoms in 2016 and didn't get their data back
(Source: Trend Micro UK).

CIS Security Benchmarks

The Center for Internet Security have published free benchmarks for IT and security professionals. The CIS Benchmarks detail the recommended technical settings for operating systems, middleware and software applications, and network devices.

Common vulnerabilities and exposures (CVE)

CVE is a dictionary of common names for publicly known cyber security vulnerabilities. They make it easier to share data across separate network security databases and tools.

In the world of cyber security, the last thing you want is to have a target painted on you Tim Cook

CERT NZ is closed on 22 January for Wellington Anniversary. You can still report online and via 0800 CERT NZ.