NZ Cyber Security Framework


 Welcome to the NZ Cyber Security Framework, an information security knowledge base and reference architecture for NZ organisations. 


Why do we need a NZ Cyber Security Framework?

Cyber security is about as volatile, uncertain, complex, and ambiguous (VUCA) as it gets. Yet the risk of not meeting data privacy regulations or consumer expectations can be fatal. The rise of political unrest, state-sponsored attacks and AI mean that the cyber landscape is constantly changing. While we don’t know where the next cyber-attack will come from, what it will look like, or how to defend against it. We do know that if we collaborate on cyber security knowledge, we can strengthen our herd immunity, increase resilience and reduce our collective risk. 


Who is it for?

This open source StrataMap model introduces a specifically New Zealand approach to managing and measuring cyber security risk. The intended user audience are information system managers, security officers and leaders of small to medium NZ businesses, enterprise and government. The framework is intended to develop into both a guide and a tool for these organisations, enabling them to customise their control validation plans and manage security risks. 

NZ Cyber Security Framework Model

NZ Cyber Security Framework Model

NZ Security Compliance Metamodel

NZ Security Compliance Metamodel

What does the framework contain?

The approach to this framework is to model it in ArchiMate and provide it as open source. This is to ensure domain knowledge is well structured, layered, inclusive and visual.  The model contains the following catalogues:  

  • Business Layer, catalogues of all government agencies, adversaries, protectors and other groups that have a significant function in the NZ cyber security landscape.  

  • Motivation Layer, catalogue of best practice industry standards and frameworks used by NZ organisations along with guidance for organisations big and small.  

  • Strategy Layer, resources and objectives as applied by NZ Cyber Security Strategy 2019 and aligned to the agency leading the initiative. 

Maps include a NZ compliance metamodel and views of the NZ cyber landscape. Examples, blueprints and patterns will be added over time.


How to use the framework.

The NZ Cyber Security Framework is documented using the ArchiMate standard, provided as open source and read only by default. The framework is hosted in StrataMap’s model repository and can be viewed online, downloaded, opened and edited in any ArchiMate editor. 

Join the expert team to submit changes and keep your framework synchronised.