AbstractsComputer Science

Identification and analysis of security risks in New Zealand information technology

by Kevan Quinn

Institution: University of Otago
Year: 0
Keywords: security; cyber security; computer crime and security; computer crime; CSI; FBI; GCSB; AusCERT; infrastructure; New Zealand; information security; Robert Richardson; survey; information infrastructure; Australian Institute of Criminology; security technologies
Record ID: 1301540
Full text PDF: http://hdl.handle.net/10523/5214


Many organisations invest heavily in backup and cyber insurance because they recognise that when they lose their information systems, their survival is at risk, with outages sometimes costing as much as millions per hour. It is therefore an important part of business to assess and measure possible IT-related risks. The Computer Security Institute and Australian Computer Emergency Response Team studies provided benchmark figures for international comparison, but New Zealand literature searches brought nothing comparable to light. While New Zealand might appear in many aspects similar to these two nations, it might be considered to require separate study to investigate how far similarities extend in the domain of computer crime and security. One of the NZ government’s cyber-strategy goals was to build strategic relationships to improve cyber security for critical national infrastructure and other businesses, so one of the current research goals was to provide a resource to assist NZ Information Technology managers with regard to security budget planning and choosing which security technologies to implement within the risk context of their particular organizational size and industry sector. It was expected that apart from where nations differed obviously in governmental, legal and economic systems, the state of information security in the New Zealand Information Technology Infrastructure would be similar to that of the United States as measured by the Computer Security Institute surveys, and that of Australia as measured by the Australian Computer Emergency Response Team surveys. A survey was constructed based on the CSI/FBI question set, with additional questions from the corresponding Australian survey and other relevant sources. The resulting data were not suitable for formal tests of statistical significance, but comparison of the various studies provided evidence for the research question.