Information security
INF032
Analyse evolving threats and vulnerabilities
To manage vulnerabilities in your information security, take the following action.
- Monitor your systems, networks, and processes for security vulnerabilities. Observe system and network events, configurations, and processes to detect suspicious or unauthorised events.
- Be proactive to stay on top of vulnerabilities or flaws in your technical environment.
- Assess your security measures against best practice and known security threats.
- Analyse, prioritise, and report on vulnerabilities that pose the most immediate risk to your organisation.
- Apply fixes and track them to completion to mitigate the risk of your information being compromised.
Threats are continually evolving. Your chief security officer (CSO) should use the following threat catalogues to stay abreast of emerging threats:
- Critical Controls — CERT NZ — check this page for frequent updates
- Cyber threat reports — National Cyber Security Centre
- Current Activity — US Computer Emergency Readiness Team
- Internet Storm Center
- Software Engineering Institute — Carnegie Mellon University
Page last modified: 4/05/2022