Welcome guest, is this your first visit? Create Account now to join.
  • Login:

Welcome to the NZ Hunting and Shooting Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed.

Alpine Terminator


User Tag List

+ Reply to Thread
Results 1 to 10 of 10
Like Tree5Likes
  • 1 Post By Bagheera
  • 1 Post By Bagheera
  • 3 Post By vulcannz

Thread: NZ Information Security Manual

  1. #1
    Member
    Join Date
    Mar 2012
    Location
    Waikato
    Posts
    2,109

    NZ Information Security Manual

    Relevant to the new Firearms Registry.
    It is intended that the registry should meet this standard.
    Here is a link to the 364 page 5MB pdf document:

    https://www.nzism.gcsb.govt.nz/ism-document/
    Bol Tackshin likes this.

  2. #2
    Member
    Join Date
    May 2016
    Location
    Nz
    Posts
    1,340
    I'm considering doing an oia request to find out what security classification the registry will be

  3. #3
    Member
    Join Date
    Mar 2012
    Location
    Waikato
    Posts
    2,109
    It should be "SENSITIVE".

    Definition:
    Compromise would likely cause harm to organisations, damage the interests of New Zealand, or endanger the safety or wellbeing of its citizens.

    This is from the classification guidance at https://www.protectivesecurity.govt....w-to-classify/

    An outline of the required handling of such information is:
    SENSITIVE information should not generally be stored on systems accessible from the public Internet and must:

    not be transmitted via email
    use GCSB-encrypted access
    when working off-site, use encryption on mobile devices communicating over public infrastructure, the Internet or non-agency-controlled networks
    use RealMe login authentication.

    source: https://www.digital.govt.nz/standard...y-information/
    Moa Hunter likes this.

  4. #4
    Member
    Join Date
    Sep 2017
    Location
    Wellington
    Posts
    1,752
    Quote Originally Posted by Bagheera View Post
    An outline of the required handling of such information is:
    SENSITIVE information should not generally be stored on systems accessible from the public Internet and must:

    not be transmitted via email
    use GCSB-encrypted access
    when working off-site, use encryption on mobile devices communicating over public infrastructure, the Internet or non-agency-controlled networks
    use RealMe login authentication.

    source: https://www.digital.govt.nz/standard...y-information/
    They could debate the finer points between IN-CONFIDENCE and SENSITIVE.

    I also hate to tell you this, but some the information on that site is incorrect (and bad). For example email can be used for information up to RESTRICTED, this is what Seemail is for. There is no such thing as "GCSB-encrypted", GCSB encrypt jack shit for other organisations. And encryption is used on almost everything, and nobody in their right mind would use RealMe in the way they prescribe.

    If you are looking at NZISM as a path to say the registry cannot exist (or be on the internet) you are barking up the wrong tree. I give you this advice as a person who works in this space.
    Bagheera, Finnwolf and Eat Meater like this.

  5. #5
    Member MarkN's Avatar
    Join Date
    Apr 2020
    Location
    Auckland
    Posts
    623
    Quote Originally Posted by vulcannz View Post
    They could debate the finer points between IN-CONFIDENCE and SENSITIVE.

    I also hate to tell you this, but some the information on that site is incorrect (and bad). For example email can be used for information up to RESTRICTED, this is what Seemail is for. There is no such thing as "GCSB-encrypted", GCSB encrypt jack shit for other organisations. And encryption is used on almost everything, and nobody in their right mind would use RealMe in the way they prescribe.

    If you are looking at NZISM as a path to say the registry cannot exist (or be on the internet) you are barking up the wrong tree. I give you this advice as a person who works in this space.
    Wot you said

  6. #6
    Member
    Join Date
    Mar 2012
    Location
    Waikato
    Posts
    2,109
    Thanks @vulcannz.
    I was hoping you'd educate us on this.
    Too good to be true, eh ?

  7. #7
    Member
    Join Date
    Sep 2017
    Location
    Wellington
    Posts
    1,752
    Happy to share, that stuff on digital.govt.nz is annoying. It creates great confusion.

  8. #8
    Member
    Join Date
    Dec 2021
    Location
    Tauranga
    Posts
    5,275
    Question I have, is who writes that manual if no Govt department is required to follow it? There isn't any way that you can keep the data that they are wanting to record secure in that format, been proven multiple times around the planet.

  9. #9
    Member
    Join Date
    Sep 2017
    Location
    Wellington
    Posts
    1,752
    Quote Originally Posted by No.3 View Post
    Question I have, is who writes that manual if no Govt department is required to follow it? There isn't any way that you can keep the data that they are wanting to record secure in that format, been proven multiple times around the planet.
    NZISM is released by the GCSB. Government departments use it as a standard, and will typically audit themselves against it annually. It is entirely possible to secure such a system.

  10. #10
    Member
    Join Date
    Dec 2021
    Location
    Tauranga
    Posts
    5,275
    Quote Originally Posted by vulcannz View Post
    It is entirely possible to secure such a system.
    Yes agreed, with the correct design, engineering, resourcing and staffing. Which is where they always fail...

 

 

Similar Threads

  1. Newbie information
    By AWBates in forum Reloading and Ballistics
    Replies: 23
    Last Post: 23-12-2019, 09:21 PM
  2. Tides and other such information
    By Gibo in forum Fishing
    Replies: 20
    Last Post: 26-04-2018, 03:12 PM
  3. AR-15 information where to start out?
    By Dan88 in forum Firearms, Optics and Accessories
    Replies: 25
    Last Post: 17-06-2016, 07:29 PM
  4. Information regarding GSPs...
    By EeeBees in forum Trial, Pedigree and Bird Dogs
    Replies: 7
    Last Post: 23-02-2015, 11:22 PM
  5. Information
    By gamekeeper39 in forum Hunting
    Replies: 3
    Last Post: 17-07-2013, 09:08 AM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
Welcome to NZ Hunting and Shooting Forums! We see you're new here, or arn't logged in. Create an account, and Login for full access including our FREE BUY and SELL section Register NOW!!