The Blog

The CSRB, Microsoft, China and You

What does the recent report on Microsoft security mean?

By Doug Newdick, on 7 May, 2024

In May-June 2023 a hacking group affiliated with the Chinese Ministry of State Security (known as Storm-0558) breached the email of several of Microsoft’s customers including the US State Department, the US Department of Commerce, several UK government organisations as well as customers in other countries. They also compromised the personal email accounts of key individuals involved in US relations with China. Read More

The New NIST Cyber Security Framework Is Coming

By Doug Newdick, on 8 August, 2023

We think that the new version of NIST’s Cyber Security Framework is a significant improvement. There’s one big change, but it is the lots of little changes that add up to a massive overall improvement. New Zealand organisations will still need to do some work to plug some of its idiosyncratic gaps, however. Read More

ISO 27001 Audits Made Easy…Sort Of

By Doug Newdick, on 19 March, 2023

Our clients pay us to give them good security advice. And there is nothing like taking your own advice and seeing how well that goes. So, a couple of years ago we decided to eat our own dog-food and go for ISO 27001 certification. This is an internationally recognised way to demonstrate that you have good security. We’ve recommended it to a number of our customers, and we’ve helped several gain it.

We had several things we wanted to achieve with this:

This Phrase in a Government RFP Fills Me with Dread

Government agencies use the phrase "Must comply with the NZISM" in their RFPs when they don't know what to say about security. There is a better way.

By Doug Newdick, on 9 December, 2022

As we head into the holiday season – that season of poorly timed RFPs – some government agency will trot out these dreaded words again: “Must comply with the NZISM”.

Analysing Organisation – Wide Cybersecurity Health

By James Laurenson, on 18 November, 2022

Whenever our team works on a project for one of our clients, we are most likely performing a risk assessment for a single information system. The purpose of this is for the organisation’s leadership to understand if that system falls within their risk appetite and to approve that system’s use. It’s like a warrant of fitness for your car – where the risk assessment is the development of items that need to be checked, and then when we audit the system, we’re playing the role of the mechanic checking each one of the items on that list. Then the organisation can approve the system for use (like when you get your WoF sticker and drive your car legally).

Archer Continuous Assurance September Release

By Michael, on 8 November, 2022

In September, we released an updated version of the Axenic Archer Continuous Assurance service. This service is being regularly updated and enhanced to ensure a high-quality and seamless user experience. These will be a regular occurrence and we will update the main changes here, ensuring that the solution is not only a continuous assurance product, it is also continually improving and innovating. Read on to find out all the latest release details and functions of the Archer Continuous Assurance product.

Get our news as it happens

Click here to subscribe to our newsletter