NCSC’s Cybersecurity Framework 

Get dedicated expertise in cybersecurity and compliance to align your cybersecurity posture with the National Cybersecurity Centre’s Cybersecurity Framework. Make use of industry best practices to secure your precious data, operations, and reputation and establishing an effective cybersecurity program. 

SPEAK WITH AN EXPERT
OVERVIEW

Understanding
NCSC’s Cybersecurity Framework

New Zealand’s National Cybersecurity Centre has developed the Cybersecurity framework to assist all the government entities including institutions of national significance and private organizations to secure their most critical systems, network and information from attacks and unauthorized access. The framework comprises of industry best practices that organizations can make use of to supercharge their cyber resilience. See how SharkStriker helps organizations implement the NCSC’s Cybersecurity Framework.

APPLICABILITY

On whom does the NCSC’s Cybersecurity Framework apply

All the government and public service department must mandatorily use this cybersecurity framework under the Protective Security Requirements.

However, the government recommends that any organization can use it from any sector to strengthen its cybersecurity and communicate how cybersecurity risk is communicated regardless of its size and focus. 

For organizations that don’t have a cybersecurity program yet, they can use the framework to establish a cybersecurity program. 

NCSC's Framework
BENEFITS

Benefits of NCSC’s Cybersecurity Framework

  • Improves overall security posture
  • Saves from the costs of cyber incidents
  • Promotes governance efforts in cybersecurity
  • Prepares organizations against data breaches 
  • Helps manage risks
  • Enhances data security
  • Secures against third-party security risks
  • Helps build a cybersecurity-centric culture
REQUIREMENTS

The NCSC’s Cybersecurity Framework’ Main functions

The following are the five functions that form the core of the framework:

Guide & Govern 

Creating awareness through systematized efforts and guidance such that the organization has a fundamental knowledge on keeping assets secure from cyber risks.


Promoting cyber security in an organization with governance efforts.

Detect & Contain 

Taking steps for incident response planning.

Ensuring security monitoring with appropriate controls for round-the-clock monitoring.

Identify & Understand 

Identifying the responsibilities of people of the organization, including the suppliers and third parties associated with the company.

Applying them based on the assets identified, the threat environment, and the context of the operation.

Respond & Recover 

Prioritizing security incident response to prevent damage, contain threats, and get critical services back to normal

Prevent & Protect 

Continuously improving and focusing on cyber risk reduction in general rather than becoming reliant on flawless cybersecurity in the future.

Taking a proactive approach towards cybersecurity that involves pre-emptive identification of security vulnerabilities.

APPROACH

Here is how we can help you become compliant to NCSC’s Cybersecurity Framework

We perform an inventory of all the critical assets and sensitive information assets that could be targeted by cyber threats.

We use multiple offensive attack techniques deployed by cybercriminals to measure the strength of cybersecurity posture and discover the level of risks an organization exposed to. It helps us determine the severity of the risk with their impact. We evaluate the effectiveness of the organization’s security efforts in identifying and detecting abnormal activities and responding to threats. By evaluating these measures against the NCSC recommendations, we identify the gaps in security and compliance.

By gaining a clear picture of the risks across the posture, we plan, develop, and implement security controls, policies, procedures, and rules to treat security risks and address compliance gaps. We also provide guidance for technological solutions to be implemented that support compliance adherence.

We identify gaps in awareness of the NCSC cybersecurity framework, cybersecurity best practices, and their roles and responsibilities, specifically in incident response. Based on the assessment, we prepare a comprehensive training and awareness program that addresses the gaps while preparing for future cyber incidents.

We perform continuous monitoring of the infrastructure, looking for deviations in security and compliance. By performing periodical assessments against the latest NCSC cybersecurity guidelines, we help pre-emptively address security and non-compliance risks before they turn serious.

BEST PRACTICES

NCSC best practices that we help implement

  • Provide assistance and guidance to organizations in determining their risk appetite
  • Perform asset inventory to identify the most critical assets
  • Assess reducing the impact of cyber attacks through system segregation
  • Check for assessments that mandate third party/vendors to perform security assessments regularly and address security weaknesses before they get exploited by attackers to orchestrate a data breach
  • Establish systems for isolation and containment of infected systems
  • Practice and train work for IR plans

Get the security and compliance expertise to meet your NCSC compliance goals

SPEAK WITH OUR TEAM