Video | Agriculture | Confidence | Economy | Energy | Employment | Finance | Media | Property | RBNZ | Science | SOEs | Tax | Technology | Telecoms | Tourism | Transport | Search


New York CIS case study lauds New Zealand security system

New York CIS case study lauds New Zealand security system

SAM for Compliance launches to international support

Auckland, New Zealand, 17 July 2017 – SAM for Compliance, a New Zealand developed security assessment and compliance system has got off to a great start, with a favourable case study review by the prestigious Albany, New York-based Center for Internet Security (CIS).

Launched in April, SAM for Compliance provides a cloud-based service that assists organisations to self-assess and manage compliance to meet the CIS Controls and other security standards. The service includes integrated activity and task management functions for users to keep track of the actions required for reducing information-related risk. SAM for Compliance includes a dashboard, trend graphs and management reports to keep organisations informed about their compliance status and progress.

Tony Krzyzewski, co-founder and director of SAM for Compliance, says the impetus to develop SAM was as a cure for his own frustration.

“I became increasingly frustrated as to why people were not implementing security changes based on internal and external assessments, so decided to do something about it. SAM for Compliance is the result.”

“As I investigated why companies weren’t implementing security policies and processes to meet best practice guidelines and established standards, I discovered that for many companies it has become almost too hard. It’s not that companies don’t want to implement good security practices, it’s just that at first glance there are so many different standards and guidelines that it has become increasingly difficult for them to keep track,” says Krzyzewski.

Krzyzewski says that SAM for Compliance system is unique in the market because it is not just a set of technical answers.

“Unlike purely technical solutions, SAM’s self-assessment is designed to help improve the technical, process and governance factors necessary for a successful implementation of the CIS Controls.”

“Each CIS Control requirement in the system has associated notes, actions, and tasks so that improvements can be managed and tracked. An exception marker and associated register is also implemented within the system. The system incorporates online workbooks covering all of the requirements within CIS Controls, with an assessment against each requirement being performed on a graded scale as to how well the organisation is implementing the Control requirements,” says Krzyzewski.

According to Krzyzewski, information from the individual workbooks collate into categories that show at a glance how well an organisation is performing, and clearly shows where further action is required. The categories then collate into a dashboard view and are also trend tracked over time with associated graphs and reports.

“I see CIS Controls as being an extremely important tool in assisting organisations to protect their information assets. The Controls provide a pragmatic and achievable set of requirements that are shown to reduce the level of information security related risk,” says Krzyzewski.

SAM for Compliance is available in a range of configurations, aimed at providing optimum information security processes and policies for government departments, public companies, small to medium businesses, and not-for-profit organisations. The range includes SAM-CIS Controls in foundational and advanced versions and SAM-Security, which offers a system-based approach to managing compliance with CIS Controls, in combination with the NIST Cyber Security Framework, for improving critical infrastructure cybersecurity.

With SAM-Security the emphasis is on achieving a prescribed level of compliance and assessing current capabilities, by offering a choice of three information security frameworks tailored to suit particular sizes of organisations, where resources may be limited but there is still a desire to improve information security capability.

SAM-PCI provides an assessment, management and reporting system for organisations requiring compliance with the Payment Card Industry Data Security Standard and helps manage the processes associated with protecting card data.

“Information security is not a one-size fits all situation, but needs to be tailored to an organisation’s requirements and obligations, while being realistically balanced against available resources. Setting unrealistic goals just discourages everybody involved,” says Krzyzewski.

Of particular interest to New Zealand government departments is SAM-NZISM, which is designed to make it easier to implement the controls contained in the New Zealand Information Security Manual.

“The SAM-NZISM system incorporates every requirement of NZISM broken down into easy-to-manage work plans with action and task management available for every NZISM control. Information within the work plans is collated and displayed, making it easy for government departments to access, manage, improve, track, and report on NZISM compliance over time,” says Krzyzewski.

Krzyzewski says SAM for Compliance can also provide training and external assessment services for initial and ongoing risk reviews, as well as remediation related professional services, for organisations that need short term external support because they do not have the required internal resources.

“Globally, SAM provides training for other professional services wishing to use SAM as a tool for managing and reducing risk within their client’s business,” says Krzyzewski.


© Scoop Media

Business Headlines | Sci-Tech Headlines


Maritime Union: Deepening Supply Chain Crisis Requires Action

Maritime Union of New Zealand National Secretary Craig Harrison says the global COVID-19 pandemic exposed pre-existing weaknesses in our logistics sector, and created enormous problems... More>>

Air New Zealand: Employees Recognised With $1,000 Share Award

The efforts Air New Zealand employees made during one of the airline’s toughest years will be recognised via an award of $1,000 worth of company shares to all permanent employees... More>>

Consumer NZ: Bank Complaints On The Rise, Survey Shows

Nearly one in five Kiwis had a problem with their bank in the past year, Consumer NZ’s latest satisfaction survey finds. Consumer NZ chief executive Jon Duffy said the number of bank customers reporting problems had jumped to 18%, up from 11% in 2020... More>>

Mercury: Enters Into Binding Agreements To Acquire Trustpower’s Retail Business

Mercury NZ Limited (Mercury) has announced that it has entered into binding agreements with Trustpower Limited (Trustpower, NZX:TPW) to acquire Trustpower’s retail business for NZ$441 million... More>>


ASB: New Zealanders Missing Out On Hundreds Of Millions In KiwiSaver Government Contributions

New Zealanders have just over a week to ensure they’re eligible for the maximum annual government KiwiSaver contribution... More>>

Stats NZ: GDP Climbs 1.6 Percent In March 2021 Quarter Following December Dip

Gross domestic product (GDP) rose by 1.6 percent in the March 2021 quarter, following a 1.0 percent fall in the December 2020 quarter, Stats NZ said today. "After an easing of economic activity in the December quarter, we’ve seen broad-based growth in the first quarter of 2021... More>>