UNCLASSIFIED Protective Security Requirements A Risk Based Approach UNCLASSIFIED
What is the PSR? “.…a new framework of New Zealand Protective Security Requirements which provides clear guidance and support for State sector departments to achieve improved security standards…..”
What does it look like? Tier 1: Tier 3: PSR Cabinet Paper Detailed protocols for and Directive on the governance, personnel security, physical security security of government and information security business (including the NZISM). Tier 2: Tier 4: Overarching security Agencies ’ own policies policies and 29 core and procedures requirements
Risk based approach Protective Security The starting point for for the Agency an agency’s protective Protective Protective security policy security planning security – their security planning, policies and RISK ASSESSMENT procedures – is a risk assessment Protective security procedures
How did we get here? Deliver a more Open source website accessible framework Out of date, standards Outreach function and Lack of engagement to lift security awareness, capability Update standards ‘Living documents’ – tools Lack of support for agencies and templates Enhance outreach Security is not Training for government seen a agencies business enabler High profile breaches Cross-government Assurance reporting initiatives
A closer look at the PSR risk based approach….
Open source website Open source ce websit ite e Outre reach ach functi nction on and engageme ement nt to lift t securi rity ty capab abil ilit ity ‘Living documents’ – tools ols and templat lates Traini aining ng for gove vernme rnment nt agencie cies Assurance ance reporti ting ng www.protectivesecurity.govt.nz
Outreach and engagement o Support in understanding and Open source ce websit ite e implementing the PSR o 36 mandatory agencies + voluntary Outre reach ach functi nction on and engageme ement nt to lift t securi rity ty capab abil ilit ity agencies o Facilitators in completing the Capability ‘Living documents’ – tools ols and templat lates Maturity Model and the PSR Roadmap o Emphasis on effective and accountable Traini aining ng for gove vernme rnment nt agencie cies governance Assurance ance reporti ting ng o Collaboration across agencies
Tools and templates CMM Element Agency / Unit Target Current Open source ce websit ite e Leadership and culture Executive commitment, governance oversight Optimized Basic Management structure, roles, responsibilities Optimized Basic + Outre reach ach functi nction on and engageme ement nt Monitoring and assurance Optimized Core to lift t securi rity ty capab abil ilit ity Organisation culture and behaviour Managed Core Education and communications Optimized Core + ‘Living documents’ – tools ols and Planning, policies and protocols templat lates Strategy development, delivery Managed Basic Policies, processes, procedures Managed Basic Risk management Optimized Core + Traini aining ng for gove vernme rnment nt agencie cies Incident management Optimized Core + Security dimensions Personnel security Core + Basic Assurance ance reporti ting ng Information security Managed + Core + Physical security Optimized Core +
Tools and templates Open source ce websit ite e Outre reach ach functi nction on and engageme ement nt to lift t securi rity ty capab abil ilit ity ‘Living documents’ – tools ols and templat lates Traini aining ng for gove vernme rnment nt agencie cies Assurance ance reporti ting ng
PSR Training o Additional support for implementation Open source ce websit ite e o Introductory courses Outre reach ach functi nction on and engageme ement nt o Specific physical security, personnel to lift t securi rity ty capab abil ilit ity security and information security ‘Living documents’ – tool ols and courses templat lates o Emphasis on holistic approach to protective security Traini aining ng for gove vernme rnment nt agencie cies o Providing agencies with the tools and Assurance ance reporti ting ng information to take ownership
Assurance Reporting o PSR Agency Self-Assessment Report o March 2016 – Creating the new baseline Open source ce websit ite e o Chief Executive accountability ‘Living documents’ – tools ols and templat lates o Based on tools departments will be familiar with Outre reach ach functi nction on and engageme ement nt to lift t securi rity ty capab abil ilit ity - The Capability Maturity Model - 29 Core Requirements Traini aining ng for gove vernme rnment nt agencie cies - PSR Roadmap o Ability to seek further evidence if Assurance ance reporti ting ng necessary
What difference does it make?
What will success look like? o Trust and confidence: Ministers and public o Risks can be mitigated, but not eliminated . Minimize the likelihood, be prepared for the impact, and react accordingly o Governance – accountability and ownership at the top o Ability to adapt to changes in the threat environment o Strong security culture with all personnel o All boats rising
Where to from here?
Questions?
Contact us Website: www.protectivesecurity.govt.nz Email: psr@nzsis.govt.nz
Recommend
More recommend
