We think that the new version of NIST’s Cyber Security Framework is a significant improvement. There’s one big change, but it is the lots of little changes that add up to a massive overall improvement. New Zealand organisations will still need to do some work to plug some of its idiosyncratic gaps, however.
Whenever our team works on a project for one of our clients, we are most likely performing a risk assessment for a single information system. The purpose of this is for the organisation’s leadership to understand if that system falls within their risk appetite and to approve that system’s use. It’s like a warrant of fitness for your car – where the risk assessment is the development of items that need to be checked, and then when we audit the system, we’re playing the role of the mechanic checking each one of the items on that list. Then the organisation can approve the system for use (like when you get your WoF sticker and drive your car legally).
In September, we released an updated version of the Axenic Archer Continuous Assurance service. This service is being regularly updated and enhanced to ensure a high-quality and seamless user experience. These will be a regular occurrence and we will update the main changes here, ensuring that the solution is not only a continuous assurance product, it is also continually improving and innovating. Read on to find out all the latest release details and functions of the Archer Continuous Assurance product.
As a non-Muslim I knew nothing about Ramadan – I’d heard that it involved fasting but was ignorant of any details or of its significance. Realising that it was an important part of the lives of some of my colleagues, I decided to ask them about it. What surprised me – knowing little about Ramadan – was the joy that they clearly felt.
Axenic is proud to announce our new product offering which will substantially improve security at government agencies!
Government agencies have been telling us for years that they have struggled to implement the cable colour standards in the NZISM. Hampered by the fact that they don’t own the data centres, that it is hard to discover which cables are carrying which traffic, and that many of the data centres are overseas – agencies have given up. No longer!
ISO/IEC 27002 has been updated in 2022. So, what’s changed?
This international standard of generic information security controls is widely used across the information security community as a benchmark for implementing good security practices, and has been largely unchanged since 2013. However, earlier this year the updated standard has had more than a facelift – it’s had a full makeover. Fundamentally there are three main changes, which I’ll go into.