ICT equipment

Any device that can process, store or communicate electronic information, for example, computers, multi-function devices and copiers, landline and mobile phones, digital cameras, electronic storage media and other radio devices.

ICT facility

A building, floor of a building or designated space on the floor of a building used to house or process large quantities of data, for example, server and gateway rooms, data centres, back-up repositories, storage areas for ICT equipment and communications and patch rooms.

ICT system

A related set of hardware and software used for the processing, storage or communication of information and the governance framework in which it operates.

ICT system equipment

A subset of ICT equipment that is used to maintain an ICT system, for example, servers, communications network devices, such as PABX, and gateways and network infrastructure, such as cabling and patch panels. This equipment is normally continuously operational.



IN CONFIDENCE (security classification)

A security classification that shows that compromise of official information would be likely to prejudice the maintenance of law and order, impede the effective conduct of government in New Zealand or adversely affect the privacy of its citizens.

Incident reporting

A scheme whereby security incidents (which can include security infringements, breaches, violations, contacts or approaches) are reported to a central point in the agency (usually the CSO). This enables the agency to undertake investigations, monitor the effectiveness of security controls, advise other affected agencies and collect statistics on its security vulnerabilities.

Information and Communications Technology (ICT)

Describes any device or application used to communicate, record, process, store and/or transfer information, including data storage devices (for example, magnetic disk/tape, compact disks or digital video disks (CD/DVD), flash memory) mobile telephones and mp3 players, and the operating systems, hardware and software applications used to operate networks and systems.

Information Assurance (IA)

Measures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality and non-repudiation. These measures include providing for restoration of information systems by incorporating protection, detection and reaction capabilities.

Information Privacy Principles (IPPs)

Contained in the Privacy Act 1993, part 2, IPPs regulate the collection, storage, access, use and disclosure of personal information by New Zealand government agencies.

Information Security (INFOSEC)

The application of security controls to information systems that are commensurate with the protective marking, sensitivity and/or value of that information and compliant with government policy. See also Communications security.

Information Technology Security Manager (ITSM)

ITSMs are executives within an agency who act as a conduit between the strategic directions provided by the CISO and the technical efforts of system administrators. The main responsibility of ITSMs is the administrative controls relating to cyber security within the agency.

Information, information assets or information resources

Documents and papers, electronic data, the software or systems and networks on which the information is stored, processed or communicated, intellectual information acquired by individuals and physical items from which information regarding design, components or use could be derived that add value to an organisation.

Insider threat

Insider threats come from our past or present employees, contractors or business partners. They can misuse their inside knowledge or access to harm our people, our customers, our assets or our reputation.

An ‘insider threat’, or ‘insider’, is any person who exploits, or intends to exploit, their legitimate access to an organisation’s assets to harm the security of their organisation or New Zealand, either wittingly or unwittingly, through espionage, terrorism, unauthorised disclosure of information or loss or degradation of a resource (or capability).


Integrity means that information is protected from unauthorised changes to ensure it remains reliable and correct. See also Availability and Confidentiality.


Incident Response Plan