Increasing the maturity and effectiveness of a security control.
The possibility that an IT system has a breach or other failure that leads to data loss, data integrity issues, or is unavailable. Risk is quantified in terms of likelihood and consequence. Most organisations have a ‘risk appetite’, which is the level of risk the organisation is prepared to accept. High likelihood and high consequence risks are never accepted, while low likelihood and low consequence risks may be completely acceptable unless they are easy to address.
IT services and applications that support a set of business processes, and store and manage information.
An intensive testing process where an expert in security testing (or “hacking”) techniques attempts to breach an IT system. This helps identify vulnerabilities that can be addressed before a malicious person finds them.
Personal Identifiable Information (PII)
Information about an identifiable individual, such as a member, employee, provider or adviser, governed by New Zealand’s privacy laws and (where it contains health information) the Health Information Privacy Code.
A safeguard or measure that we’ve implemented to avoid, detect or minimise security risks to data, business applications, systems or physical property.
An external partner, vendor, consultant, or an independent contractor that provides specialised products, services and other expertise to Southern Cross.