INDEPENDENT NEWS

New York CIS case study lauds New Zealand security system

By: SAM Compliance
Published: Mon 17 Jul 2017 12:46 PM
New York CIS case study lauds New Zealand security system
SAM for Compliance launches to international support
Auckland, New Zealand, 17 July 2017 – SAM for Compliance, a New Zealand developed security assessment and compliance system has got off to a great start, with a favourable case study review by the prestigious Albany, New York-based Center for Internet Security (CIS).
Launched in April, SAM for Compliance provides a cloud-based service that assists organisations to self-assess and manage compliance to meet the CIS Controls and other security standards. The service includes integrated activity and task management functions for users to keep track of the actions required for reducing information-related risk. SAM for Compliance includes a dashboard, trend graphs and management reports to keep organisations informed about their compliance status and progress.
Tony Krzyzewski, co-founder and director of SAM for Compliance, says the impetus to develop SAM was as a cure for his own frustration.
“I became increasingly frustrated as to why people were not implementing security changes based on internal and external assessments, so decided to do something about it. SAM for Compliance is the result.”
“As I investigated why companies weren’t implementing security policies and processes to meet best practice guidelines and established standards, I discovered that for many companies it has become almost too hard. It’s not that companies don’t want to implement good security practices, it’s just that at first glance there are so many different standards and guidelines that it has become increasingly difficult for them to keep track,” says Krzyzewski.
Krzyzewski says that SAM for Compliance system is unique in the market because it is not just a set of technical answers.
“Unlike purely technical solutions, SAM’s self-assessment is designed to help improve the technical, process and governance factors necessary for a successful implementation of the CIS Controls.”
“Each CIS Control requirement in the system has associated notes, actions, and tasks so that improvements can be managed and tracked. An exception marker and associated register is also implemented within the system. The system incorporates online workbooks covering all of the requirements within CIS Controls, with an assessment against each requirement being performed on a graded scale as to how well the organisation is implementing the Control requirements,” says Krzyzewski.
According to Krzyzewski, information from the individual workbooks collate into categories that show at a glance how well an organisation is performing, and clearly shows where further action is required. The categories then collate into a dashboard view and are also trend tracked over time with associated graphs and reports.
“I see CIS Controls as being an extremely important tool in assisting organisations to protect their information assets. The Controls provide a pragmatic and achievable set of requirements that are shown to reduce the level of information security related risk,” says Krzyzewski.
SAM for Compliance is available in a range of configurations, aimed at providing optimum information security processes and policies for government departments, public companies, small to medium businesses, and not-for-profit organisations. The range includes SAM-CIS Controls in foundational and advanced versions and SAM-Security, which offers a system-based approach to managing compliance with CIS Controls, in combination with the NIST Cyber Security Framework, for improving critical infrastructure cybersecurity.
With SAM-Security the emphasis is on achieving a prescribed level of compliance and assessing current capabilities, by offering a choice of three information security frameworks tailored to suit particular sizes of organisations, where resources may be limited but there is still a desire to improve information security capability.
SAM-PCI provides an assessment, management and reporting system for organisations requiring compliance with the Payment Card Industry Data Security Standard and helps manage the processes associated with protecting card data.
“Information security is not a one-size fits all situation, but needs to be tailored to an organisation’s requirements and obligations, while being realistically balanced against available resources. Setting unrealistic goals just discourages everybody involved,” says Krzyzewski.
Of particular interest to New Zealand government departments is SAM-NZISM, which is designed to make it easier to implement the controls contained in the New Zealand Information Security Manual.
“The SAM-NZISM system incorporates every requirement of NZISM broken down into easy-to-manage work plans with action and task management available for every NZISM control. Information within the work plans is collated and displayed, making it easy for government departments to access, manage, improve, track, and report on NZISM compliance over time,” says Krzyzewski.
Krzyzewski says SAM for Compliance can also provide training and external assessment services for initial and ongoing risk reviews, as well as remediation related professional services, for organisations that need short term external support because they do not have the required internal resources.
“Globally, SAM provides training for other professional services wishing to use SAM as a tool for managing and reducing risk within their client’s business,” says Krzyzewski.
~ENDS~

Next in Business, Science, and Tech

Gaffer Tape And Glue Delivering New Zealand’s Mission Critical Services
By: John Mazenier
Every debt, eventually, has to be repaid. Right now, the day of reckoning is fast approaching for one of the most crippling, but least discussed, debts burdening government across New Zealand – technical debt. Technical debt is the cost of generations ...
Ivan Skinner Award Winner Inspired By Real-life Earthquake Experience
By: Earthquake Commission
Ben Exton is the first engineer outside of academia to receive the Ivan Skinner Award, which is funded by EQC Toka Tū Ake.
Consultation Opens On A Digital Currency For New Zealand
By: Reserve Bank
The Reserve Bank of New Zealand – Te Pūtea Matua is continuing its exploration of a central bank digital currency. “We are calling this ’digital cash’. It would be a new type of money in addition to the banknotes and coins we have today, ...
Ship Anchors May Cause Extensive And Long-lasting Damage To The Seafloor, According To New NIWA Research
By: NIWA
NIWA anchored their research vessel in Wellington Harbour and observed in real-time how its anchor changed the surrounding environment.
A Step Forward For Simpler Trade Between New Zealand And Singapore
By: New Zealand Customs Service
The New Zealand Customs Service has signed an arrangement with Singapore that will help to make trade simpler for exporters. A cooperation arrangement with Singapore Customs and Singapore’s Infocomm Media Development Authority (IMDA) was signed ...
68% Say Make Banks Offer Fraud Protection
By: Horizon Research Limited
Results are from a Horizon Research omnibus survey conducted between 22 to 26 March 2024.The survey was conducted as part of Horizon's public-interest research programme.
View as: DESKTOP | MOBILE
Scoop Contact About Services Newsagent Login
Connect Submit News Social Media Scoop Network
Ethical Paywall Accredited Orgs. Licensing Terms of Use
© Scoop Media