Video | Agriculture | Confidence | Economy | Energy | Employment | Finance | Media | Property | RBNZ | Science | SOEs | Tax | Technology | Telecoms | Tourism | Transport | Search


New York CIS case study lauds New Zealand security system

New York CIS case study lauds New Zealand security system

SAM for Compliance launches to international support

Auckland, New Zealand, 17 July 2017 – SAM for Compliance, a New Zealand developed security assessment and compliance system has got off to a great start, with a favourable case study review by the prestigious Albany, New York-based Center for Internet Security (CIS).

Launched in April, SAM for Compliance provides a cloud-based service that assists organisations to self-assess and manage compliance to meet the CIS Controls and other security standards. The service includes integrated activity and task management functions for users to keep track of the actions required for reducing information-related risk. SAM for Compliance includes a dashboard, trend graphs and management reports to keep organisations informed about their compliance status and progress.

Tony Krzyzewski, co-founder and director of SAM for Compliance, says the impetus to develop SAM was as a cure for his own frustration.

“I became increasingly frustrated as to why people were not implementing security changes based on internal and external assessments, so decided to do something about it. SAM for Compliance is the result.”

“As I investigated why companies weren’t implementing security policies and processes to meet best practice guidelines and established standards, I discovered that for many companies it has become almost too hard. It’s not that companies don’t want to implement good security practices, it’s just that at first glance there are so many different standards and guidelines that it has become increasingly difficult for them to keep track,” says Krzyzewski.

Krzyzewski says that SAM for Compliance system is unique in the market because it is not just a set of technical answers.

“Unlike purely technical solutions, SAM’s self-assessment is designed to help improve the technical, process and governance factors necessary for a successful implementation of the CIS Controls.”

“Each CIS Control requirement in the system has associated notes, actions, and tasks so that improvements can be managed and tracked. An exception marker and associated register is also implemented within the system. The system incorporates online workbooks covering all of the requirements within CIS Controls, with an assessment against each requirement being performed on a graded scale as to how well the organisation is implementing the Control requirements,” says Krzyzewski.

According to Krzyzewski, information from the individual workbooks collate into categories that show at a glance how well an organisation is performing, and clearly shows where further action is required. The categories then collate into a dashboard view and are also trend tracked over time with associated graphs and reports.

“I see CIS Controls as being an extremely important tool in assisting organisations to protect their information assets. The Controls provide a pragmatic and achievable set of requirements that are shown to reduce the level of information security related risk,” says Krzyzewski.

SAM for Compliance is available in a range of configurations, aimed at providing optimum information security processes and policies for government departments, public companies, small to medium businesses, and not-for-profit organisations. The range includes SAM-CIS Controls in foundational and advanced versions and SAM-Security, which offers a system-based approach to managing compliance with CIS Controls, in combination with the NIST Cyber Security Framework, for improving critical infrastructure cybersecurity.

With SAM-Security the emphasis is on achieving a prescribed level of compliance and assessing current capabilities, by offering a choice of three information security frameworks tailored to suit particular sizes of organisations, where resources may be limited but there is still a desire to improve information security capability.

SAM-PCI provides an assessment, management and reporting system for organisations requiring compliance with the Payment Card Industry Data Security Standard and helps manage the processes associated with protecting card data.

“Information security is not a one-size fits all situation, but needs to be tailored to an organisation’s requirements and obligations, while being realistically balanced against available resources. Setting unrealistic goals just discourages everybody involved,” says Krzyzewski.

Of particular interest to New Zealand government departments is SAM-NZISM, which is designed to make it easier to implement the controls contained in the New Zealand Information Security Manual.

“The SAM-NZISM system incorporates every requirement of NZISM broken down into easy-to-manage work plans with action and task management available for every NZISM control. Information within the work plans is collated and displayed, making it easy for government departments to access, manage, improve, track, and report on NZISM compliance over time,” says Krzyzewski.

Krzyzewski says SAM for Compliance can also provide training and external assessment services for initial and ongoing risk reviews, as well as remediation related professional services, for organisations that need short term external support because they do not have the required internal resources.

“Globally, SAM provides training for other professional services wishing to use SAM as a tool for managing and reducing risk within their client’s business,” says Krzyzewski.


© Scoop Media

Business Headlines | Sci-Tech Headlines


Fund For PPP Plans: Govt Embraces Targeted Rates To Spur Urban Infrastructure

The government's latest response to the Auckland housing shortage will see central government and private sector firms invest in 'special purpose vehicles' to fund essential roading, water and drains that Auckland Council can't fund without threatening its credit rating. More>>


Superu Report: Land Regulation Drives Auckland House Prices

Land use regulation is responsible for up to 56 per cent of the cost of an average house in Auckland according to a new research report quantifying the impact of land use regulations, Finance Minister Steven Joyce says. More>>


Fletcher Whittled: Fletcher Dumps Adamson In Face Of Dissatisfaction

Fletcher Building has taken the unusual step of dumping its chief executive, Mark Adamson, as the company slashed its full-year earnings guidance and flagged an impairment against Australian assets. More>>


No More Dog Docking: New Animal Welfare Regulations Progressed

“These 46 regulations include stock transport, farm husbandry, companion and working animals, pigs, layer hens and the way animals are accounted for in research, testing and teaching.” More>>


Employment: Most Kiwifruit Contractors Breaking Law

A Labour Inspectorate operation targeting the kiwifruit industry in Bay of Plenty has found the majority of labour hire contractors are breaching their obligations as employers. More>>