Video | Agriculture | Confidence | Economy | Energy | Employment | Finance | Media | Property | RBNZ | Science | SOEs | Tax | Technology | Telecoms | Tourism | Transport | Search


New York CIS case study lauds New Zealand security system

New York CIS case study lauds New Zealand security system

SAM for Compliance launches to international support

Auckland, New Zealand, 17 July 2017 – SAM for Compliance, a New Zealand developed security assessment and compliance system has got off to a great start, with a favourable case study review by the prestigious Albany, New York-based Center for Internet Security (CIS).

Launched in April, SAM for Compliance provides a cloud-based service that assists organisations to self-assess and manage compliance to meet the CIS Controls and other security standards. The service includes integrated activity and task management functions for users to keep track of the actions required for reducing information-related risk. SAM for Compliance includes a dashboard, trend graphs and management reports to keep organisations informed about their compliance status and progress.

Tony Krzyzewski, co-founder and director of SAM for Compliance, says the impetus to develop SAM was as a cure for his own frustration.

“I became increasingly frustrated as to why people were not implementing security changes based on internal and external assessments, so decided to do something about it. SAM for Compliance is the result.”

“As I investigated why companies weren’t implementing security policies and processes to meet best practice guidelines and established standards, I discovered that for many companies it has become almost too hard. It’s not that companies don’t want to implement good security practices, it’s just that at first glance there are so many different standards and guidelines that it has become increasingly difficult for them to keep track,” says Krzyzewski.

Krzyzewski says that SAM for Compliance system is unique in the market because it is not just a set of technical answers.

“Unlike purely technical solutions, SAM’s self-assessment is designed to help improve the technical, process and governance factors necessary for a successful implementation of the CIS Controls.”

“Each CIS Control requirement in the system has associated notes, actions, and tasks so that improvements can be managed and tracked. An exception marker and associated register is also implemented within the system. The system incorporates online workbooks covering all of the requirements within CIS Controls, with an assessment against each requirement being performed on a graded scale as to how well the organisation is implementing the Control requirements,” says Krzyzewski.

According to Krzyzewski, information from the individual workbooks collate into categories that show at a glance how well an organisation is performing, and clearly shows where further action is required. The categories then collate into a dashboard view and are also trend tracked over time with associated graphs and reports.

“I see CIS Controls as being an extremely important tool in assisting organisations to protect their information assets. The Controls provide a pragmatic and achievable set of requirements that are shown to reduce the level of information security related risk,” says Krzyzewski.

SAM for Compliance is available in a range of configurations, aimed at providing optimum information security processes and policies for government departments, public companies, small to medium businesses, and not-for-profit organisations. The range includes SAM-CIS Controls in foundational and advanced versions and SAM-Security, which offers a system-based approach to managing compliance with CIS Controls, in combination with the NIST Cyber Security Framework, for improving critical infrastructure cybersecurity.

With SAM-Security the emphasis is on achieving a prescribed level of compliance and assessing current capabilities, by offering a choice of three information security frameworks tailored to suit particular sizes of organisations, where resources may be limited but there is still a desire to improve information security capability.

SAM-PCI provides an assessment, management and reporting system for organisations requiring compliance with the Payment Card Industry Data Security Standard and helps manage the processes associated with protecting card data.

“Information security is not a one-size fits all situation, but needs to be tailored to an organisation’s requirements and obligations, while being realistically balanced against available resources. Setting unrealistic goals just discourages everybody involved,” says Krzyzewski.

Of particular interest to New Zealand government departments is SAM-NZISM, which is designed to make it easier to implement the controls contained in the New Zealand Information Security Manual.

“The SAM-NZISM system incorporates every requirement of NZISM broken down into easy-to-manage work plans with action and task management available for every NZISM control. Information within the work plans is collated and displayed, making it easy for government departments to access, manage, improve, track, and report on NZISM compliance over time,” says Krzyzewski.

Krzyzewski says SAM for Compliance can also provide training and external assessment services for initial and ongoing risk reviews, as well as remediation related professional services, for organisations that need short term external support because they do not have the required internal resources.

“Globally, SAM provides training for other professional services wishing to use SAM as a tool for managing and reducing risk within their client’s business,” says Krzyzewski.


© Scoop Media

Business Headlines | Sci-Tech Headlines


Real Estate: Foreign Buyers Ban Passes Third Reading

The Bill to put in place the Government’s policy of banning overseas buyers of existing homes has passed its third and final reading in the House. More>>


Nine Merger: Fairfax Slashes Value Of NZ Business

Fairfax Media Group more than halved the value of its Kiwi assets, attaching just A$40 million to mastheads that were once the core of a billion dollar investment. More>>

Collecting Scalpers: Commerce Commission To Sue Viagogo

The Commission will claim that Viagogo made false or misleading representations: • that it was an “official” seller, when it was not • that tickets were limited or about to sell out • that consumers were “guaranteed” to receive valid tickets for their event • about the price of tickets... More>>


Price Of Cheese: Fonterra CEO Goes Early After Milk Price Trimmed

Aug. 15 (BusinessDesk) - Fonterra Cooperative Group chief executive Theo Spierings is leaving the role early after the world's biggest dairy exporter lowered its farmgate payout and trimmed its dividend to retain cash. More>>