11. End matter
Referenced documents
[1] State Services Commission. 2006. Authentication key strengths standard. Version 1.0. www.e.govt.nz
[2] State Services Commission. 2006. New Zealand e-government interoperability framework (NZ e-GIF). Version 3.0. www.e.govt.nz
[3] Department of the Prime Minister and Cabinet. 2002. Security in the government sector. www.security.govt.nz
[4] Government Communications Security Bureau. October 2005. New Zealand security of information technology manual - NZSIT 400. Version 1.0. www.gcsb.govt.nz
[5] State Services Commission. 2006. Guide to authentication standards for online services. Version 1.0. www.e.govt.nz
[6] State Services Commission. 2005. Development goals for the state services. www.e.govt.nz
[7] Privacy Act 1993. www.privacy.org.nz
[8] AS/NZS 4360:2004. Risk management (Australian/ New Zealand Standard). www.standards.co.nz
[9] SAA/SNZ HB 436:2004. Risk management guidelines - Companion to AS/NZS 4360:2004 (Australian/New Zealand handbook). www.standards.co.nz
[10] SAA/SNZ HB 231:2004. Information security risk management guidelines (Australian/New Zealand handbook). www.standards.co.nz
[11] AS/SNZ ISO/IEC 17799:2006. Information technology - security techniques - code of practice for information security management. www.standards.co.nz
[12] AS/SNZ ISO/IEC 27001:2006. Information technology - security techniques - information security management systems - requirements. www.standards.co.nz
[13] State Services Commission. 24th November 2004. Trust and security on the internet - keeping the Internet safe for e-government in New Zealand. www.e.govt.nz
[14] Emigh, Aaron. 3rd October 2005. Online identity theft: Phishing technology, chokepoints and countermeasures. www.antiphishing.org (Accessed 17th May 2006)
[15] Allan, Ant. 12th May 2003. Authentication tokens: Overview. Gartner Research Report DPRO-104977. www.gartner.com
[16] APEC Telecommunications and Information Working Group. 2002. Electronic authentication: Issues relating to its selection and use. www.apec.org/apec
[17] Burr, William. Dodson, Donna D. Polk, W. Timothy. April 2006. NIST special publication NIST 800-63 - electronic authentication guideline. Version 1.0.2. www.csrc.nist.gov
[18] Henderson, Marie. February 1999. Smart cards and PC cards. Defence Science and Technology Organisation Technical Report DSTO-TR-0774. www.dsto.defence.gov.au
[19] Federal Financial Institutions Examination Council. October 12th 2005. FFIEC guidance - authentication in an internet banking environment (FIL-103-2005). www.fdic.gov
[20] Grand, Joe. 19th September 2001. Authentication tokens: Balancing the security risks with business requirements. www.atstake.com (Accessed 17th May 2006)
[21] Smith, Richard. 2001. Authentication: From passwords to public keys. Addison-Wesley.
[22] Matsumoto, Tsutomu. 2nd-3rd October 2004. Gummy finger and paper iris: an update. Presentation at the 2004 Workshop on Information Security Research, Fukuoka Japan. www-kairo.csce.kyushu-u.ac.jp/WISR2004/presentation12.pdf (Accessed 17th May 2006).
[23] Biometrics Institute. 30th November 2005. Biometrics institute privacy code. www.biometricsinstitute.org (Accessed 17th May 2006).
[24] Roberts, Chris. Biometrics. November 2005. Unpublished research. (Personal communication - received 16th November 2005.)
[25] Office of the Privacy Commissioner. Privacy impact assessment handbook. www.privacy.org.nz
[26] IDABC - eGovernment Observatory. eGovernment factsheets. europa.eu.int/idabc/ (Accessed 17th May 2006.)
[27] CardTechnology. 1st June 2005. Going global with national ID. www.cardtechnology.com (Accessed 17th May 2006.)
[28] Downing, Jim. 20th September 2005. One-time password (OTP). www.smartmobs.com (Accessed 17th May 2006.)
[29] Government Technology International. 29th April 2003. MyKad: The Malaysian Government multipurpose card. www.centerdigitalgov.com/international/ (Accessed 17th May 2006.)
[30] Lips, M. Taylor, J. Organ, J. 9th September 2005. Electronic government: Towards new forms of authentication, citizenship and governance. www.oii.ox.ac.uk/research/cybersafety/ (Accessed 17th May 2006.)
[31] Department of Internal Affairs. 2006. Evidence of identity standard. Version 1.0. www.dia.govt.nz
[32] State Services Commission. 2006. Password standard. Version 1.0. www.e.govt.nz
[33] State Services Commission. 2005. Authentication for e-government: Government Logon Service design overview. www.e.govt.nz
[34] AusCERT, Australian Federal Police, Australian High Tech Crime Centre, New South Wales Police, Northern Territory Police, Queensland Police, South Australia Police, Tasmania Police, Victoria Police, Western Australia Police. 2006. 2006 Australian computer crime and security survey. www.auscert.org.au/crimesurvey
[35] Ilett, Dan. 6th September 2005. Fighting back against the phishers. software.silicon.com (Accessed 17th May 2006.)
[36] Greenwood, Darren. 1st April 2005. Phishing for security. www.misweb.com (Accessed 17th May 2006.)
[37] New Zealand Herald. 7th March 2005. Internet banking under scrutiny after hacker accesses accounts. www.nzherald.co.nz (Accessed 17th May 2006.)
[38] Sonti, Chalpat. 16th May 2006. Robbed by the spy in her PC. www.stuff.co.nz (Accessed 17th May 2006.)
[39] Thompson, Kerry. 18th September 2004. A security review of the ASB bank netcode authentication system. www.crypt.gen.nz (Accessed 17th May 2006.)
[40] Schwarz, Reuben. 31st October 2005. ASB device ups online security. www.stuff.co.nz (Accessed 17th May 2006.)
[41] Robertson, Struan. 19th October 2005. UK law will demand better authentication for online banking. www.out-law.com (Accessed 17th May 2006.)
[42] Land Information New Zealand. Landonline service. www.landonline.govt.nz
Latest revisions
This Guidance is to be reviewed from time to time, so that it keeps up to date with changes in the sector.
Users should ensure they access the latest revisions of this Guidance. These can be found at www.e.govt.nz. Users should also access the latest revisions of the documents included in the list of referenced documents.
Review of Guidance
Suggestions for improvement of this Guidance are welcomed. They
should be sent to the Manager, e-GIF Operations, State Services
Commission, PO Box 329, Wellington. Alternatively, suggestions can be
sent by email to e-gif@ssc.govt.nz
