News & Thoughts from the Axenic Team
Integrating insights from threat modelling into your risk assessments enhances your security by helping you get a better view of your risks. While threat modelling is highly effective for helping to secure software systems, it is not as commonly used in broader risk assessments due to its specialised nature and focus on technical threats within software development.
We think that the new version of NIST’s Cyber Security Framework is a significant improvement. There’s one big change, but it is the lots of little changes that add up to a massive overall improvement. New Zealand organisations will still need to do some work to plug some of its idiosyncratic gaps, however.
Government agencies use the phrase "Must comply with the NZISM" in their RFPs when they don't know what to say about security. There is a better way.
Bear with me for a bit. When my son started intermediate school he wanted to scoot there. He had a flash scooter, so we got him a padlock and insisted he use it. Over the next few weeks we checked that this was happening. 6 months later we discovered that his padlock had seized up and he couldn’t use it. I reached for that old NZ standby – CRC – and got it working again.
As we welcome in 2022 with the team starting back this week, we thought we’d take a look back on 2021 and share our team volunteer work program. One of the Axenic employee benefits we are most proud of is our Employee Volunteer Leave program. This provides the Axenic team with the opportunity to develop their skills and most importantly – give back to our community. In our first blog for 2022, we thought we’d take the opportunity to highlight some of the activities the team has been up to throughout 2021.
If you have been following our ISO Blog Series you would have seen that in Part 4 we talked about the documentation stage we took during lockdown. At this stage of the game, we had a lot of documents that had been reviewed by our ISSG. We had also received valuable feedback from the Axenic team members. The ISMS documents we had after stage four were now ready to inform our first set of final documents.