Reporting cyber security incidents to NCSC
Reporting cyber security incidents helps the New Zealand NCSC (National Cyber Security Center) to develop a threat environment picture for government systems and Critical National Infrastructure (CNI) and assist other agencies who may also be at risk. Cyber security incident reports are also used for developing new policies, procedures, techniques and training measures to help prevent future incidents. The NCSC provides enhanced services to government agencies and critical infrastructure providers to assist them to defend against cyber-borne threats.
Reporting cyber security incidents to NCSC through the appropriate communication channels ensures that appropriate and timely assistance can be provided.
If you are a government organization or Critical National Infrastructure organization and you have encountered or suspect a cyber threat, please contact NCSC and/or download, complete and return an Incident Reporting Form from www.ncsc.govt.nz
Recording cyber security incidents
The purpose of recording cyber security incidents in a register is to identify the nature and frequency so that mitigation actions can be taken.
- The Responsible Entity should ensure that all cyber security incidents are recorded in a register.
- The Responsible Entity should include, at the minimum, the following information in its register:
- The date the cyber security incident was discovered
- The date the cyber security incident occurred
- A description of the cyber security incident and whether it was reported
- The file reference.
The Responsible Entity should use their register as a reference for future security risk assessments.
Outsourcing and cyber security incidents
When a Responsible Entity outsources information technology services and functions, they are still responsible for the reporting of cyber security incidents. The Responsible Entity must ensure that the service provider informs it of all cyber security incidents to allow it to formally report to NCSC and /or where relevant, NZ Police.
Responsible Entities that outsource their information technology services and functions must ensure that the services provider consults with the Responsible Entity when a cyber security incident occurs.