Information security

INF027

Assess your existing security measures

Assessing your current security is the first step in planning an information security management programme.

You should ask yourself the following questions about your existing security measures.

  • How well would they protect your information against the risks and effects you’ve identified?
  • If information such as customer records, financial data and intellectual property were stolen, could you quickly and accurately determine what was lost and be able to recover it?
  • Are there multiple layers of security in place, referred to as ‘defence in depth’, to reduce the risk of breach if there is a loss of a single layer?
  • What action do you need to take to improve your security?

The New Zealand Information Security Manual (NZISM) identifies the information security controls organisations should have in place.

Page last modified: 4/05/2022