{"id":10,"date":"2022-04-12T00:52:01","date_gmt":"2022-04-12T00:52:01","guid":{"rendered":"http:\/\/tcm.gov.to\/?page_id=10"},"modified":"2022-05-02T22:12:31","modified_gmt":"2022-05-02T22:12:31","slug":"home","status":"publish","type":"page","link":"https:\/\/tcm.gov.to\/","title":{"rendered":"Home"},"content":{"rendered":"
\n \t\n\t
\n\t \t
\n\t\t\t
\n\t \t \t
\n\t\t \n
\n
\n

Tonga Cybersecurity Manual<\/h2> <\/div>\n<\/div>\n\n\t <\/div>\n\t \t<\/div>\n\t\t <\/div>\n\t \n\t<\/div>\n\t\n\t\t\n\t
\n\t \t
\n\t\t\t
\n\t \t \t
\n\t\t \n
\n
\n

Purpose:<\/strong><\/h2>\n

The purpose of the Tonga Cybersecurity Manual is to provide strategic and practical guidance on how organizations in Tonga can protect their systems and data from cyber threats.<\/p>\n

Scope<\/b>:<\/h2>\n

The manual was developed taking into account internationally recognized IT security frameworks, especially ISO standards ISO\/IEC 27002 (Code of practice for information security controls) and ISO\/IEC 27005 (Information security risk management).<\/p>\n

Target audience<\/b>:<\/h2>\n

The Tonga Cybersecurity Manual is targeted at Tongan Government agencies<\/strong> to improve the overall security profile and ICT capabilities across the government. The manual also addresses enterprises through raising risk awareness and improving corporate cyber hygiene.<\/p> <\/div>\n<\/div>\n\n\n

\n
\n

Steps of Cybersecurity Management<\/h2>\n

\"\"<\/p>\n

Figure 1: Steps of cybersecurity management<\/p>\n

The Management of the organization initiates the implementation of the Tonga Cybersecurity Manual by assigning a responsible person for the information security management (see also 1.1.2 Information security roles and responsibilities). Furthermore, the Management is responsible for providing the required resources, e.g. training, time and finances. For efficient and effective implementation, the Management should support the information security manager with high-level decisions and receive and review periodical overviews about the progress of information security management and information security incidents. \u00a0\u00a0<\/p>\n

There are several vital steps to be performed in the process of cybersecurity implementation. These steps are cyclical (the completion of the last step initiates the first step one more time, ideally within annual cycles) and are descibed in detail in the next chapters. They can be summarized as follows:<\/p>\n

1.\u00a0INFORMATION ASSET INVENTORY<\/strong>
Protection of information assets starts with establishing a clear picture of the organization\u2019s information assets \u2013 systems, applications, data and other resources that are vital to keeping information systems running. Secondly, system owners assign systems and data with the requirements of confidentiality, integrity and availability.<\/p>\n

2.a.\u00a0\u00a0[BASELINE] RISK SCENARIOS<\/strong>
Once the organization has a good understanding of what systems and data need protection, security risks are identified, analysed and evaluated. For smaller organizations, a simplified method of risk scenarios can be used as a step in cyber risk management.<\/p>\n

2.b.\u00a0\u00a0[ADVANCED] RISK ASSESSMENT<\/strong>
Risk assessment identifies the applicable threats and vulnerabilities, determines the potential consequences and, finally, prioritizes the derived risks.<\/p>\n

3.\u00a0\u00a0RISK TREATMENT<\/strong>
All important cyber security risks that can impact systems and data are managed by selecting and applying protective measures \u2013 the security controls. The highest risks should be considered with highest priority.<\/p>\n

4.\u00a0SECURITY CONTROL ASSESSMENT<\/strong>
After the security controls have been applied, an assessment of their effectiveness must be introduced in order to verify that the measures are implemented correctly and are operating as intended.<\/p>\n

5.\u00a0MONITORING OF CYBER THREATS<\/strong>
Finally, as the cyber security environment never stops changing, monitoring of cyber threats and associated risks must be introduced to enable corrective actions.<\/p> <\/div>\n<\/div>\n\n\t <\/div>\n\t \t<\/div>\n\t\t <\/div>\n\t \n\t<\/div>\n\t\n\t<\/div>\n\n\n","protected":false},"excerpt":{"rendered":"

Tonga Cybersecurity Manual Purpose: The purpose of the Tonga Cybersecurity Manual is to provide strategic and practical guidance on how organizations in Tonga can protect their systems and data from cyber threats. Scope: The manual was developed taking into account internationally recognized IT security frameworks, especially ISO standards ISO\/IEC 27002 (Code of practice for information […]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-10","page","type-page","status-publish","hentry","has-post-title","has-post-date","has-post-category","has-post-tag","has-post-comment","has-post-author",""],"builder_content":"

Tonga Cybersecurity Manual<\/h2>\n

Purpose:<\/strong><\/h2>

The purpose of the Tonga Cybersecurity Manual is to provide strategic and practical guidance on how organizations in Tonga can protect their systems and data from cyber threats.<\/p>

Scope<\/b>:<\/h2>

The manual was developed taking into account internationally recognized IT security frameworks, especially ISO standards ISO\/IEC 27002 (Code of practice for information security controls) and ISO\/IEC 27005 (Information security risk management).<\/p>

Target audience<\/b>:<\/h2>

The Tonga Cybersecurity Manual is targeted at Tongan Government agencies<\/strong> to improve the overall security profile and ICT capabilities across the government. The manual also addresses enterprises through raising risk awareness and improving corporate cyber hygiene.<\/p>\n

Steps of Cybersecurity Management<\/h2>

\"\"<\/p>

Figure 1: Steps of cybersecurity management<\/p>

The Management of the organization initiates the implementation of the Tonga Cybersecurity Manual by assigning a responsible person for the information security management (see also 1.1.2 Information security roles and responsibilities). Furthermore, the Management is responsible for providing the required resources, e.g. training, time and finances. For efficient and effective implementation, the Management should support the information security manager with high-level decisions and receive and review periodical overviews about the progress of information security management and information security incidents. \u00a0\u00a0<\/p>

There are several vital steps to be performed in the process of cybersecurity implementation. These steps are cyclical (the completion of the last step initiates the first step one more time, ideally within annual cycles) and are descibed in detail in the next chapters. They can be summarized as follows:<\/p>

1.\u00a0INFORMATION ASSET INVENTORY<\/strong>
Protection of information assets starts with establishing a clear picture of the organization\u2019s information assets \u2013 systems, applications, data and other resources that are vital to keeping information systems running. Secondly, system owners assign systems and data with the requirements of confidentiality, integrity and availability.<\/p>

2.a.\u00a0\u00a0[BASELINE] RISK SCENARIOS<\/strong>
Once the organization has a good understanding of what systems and data need protection, security risks are identified, analysed and evaluated. For smaller organizations, a simplified method of risk scenarios can be used as a step in cyber risk management.<\/p>

2.b.\u00a0\u00a0[ADVANCED] RISK ASSESSMENT<\/strong>
Risk assessment identifies the applicable threats and vulnerabilities, determines the potential consequences and, finally, prioritizes the derived risks.<\/p>

3.\u00a0\u00a0RISK TREATMENT<\/strong>
All important cyber security risks that can impact systems and data are managed by selecting and applying protective measures \u2013 the security controls. The highest risks should be considered with highest priority.<\/p>

4.\u00a0SECURITY CONTROL ASSESSMENT<\/strong>
After the security controls have been applied, an assessment of their effectiveness must be introduced in order to verify that the measures are implemented correctly and are operating as intended.<\/p>

5.\u00a0MONITORING OF CYBER THREATS<\/strong>
Finally, as the cyber security environment never stops changing, monitoring of cyber threats and associated risks must be introduced to enable corrective actions.<\/p>","_links":{"self":[{"href":"https:\/\/tcm.gov.to\/index.php?rest_route=\/wp\/v2\/pages\/10","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/tcm.gov.to\/index.php?rest_route=\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/tcm.gov.to\/index.php?rest_route=\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/tcm.gov.to\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/tcm.gov.to\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=10"}],"version-history":[{"count":16,"href":"https:\/\/tcm.gov.to\/index.php?rest_route=\/wp\/v2\/pages\/10\/revisions"}],"predecessor-version":[{"id":300,"href":"https:\/\/tcm.gov.to\/index.php?rest_route=\/wp\/v2\/pages\/10\/revisions\/300"}],"wp:attachment":[{"href":"https:\/\/tcm.gov.to\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=10"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}