SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
New Zealand
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewall
#
ransomware
Search
Story image
#
Compliance
#
Center for Internet Security
#
NDI
Center for Internet Security recognises Kiwi compliance firm
Mon, 17th Jul 2017
FYI, this story is more than a year old
Author image
By Sara Barker, Copywriter and Senior News Editor
Follow us

A New Zealand security assessment and compliance system has received recognition from the US-based Center for Internet Security (CIS).

SAM For Compliance provides a cloud-based service for organisations that wish to self-assess and manage compliance to meet CIS controls and other security standards.

Launched in April this year, SAM For Compliance was born from a common problem – a cure for the maker's own frustration.

Tony Krzyzewski, the company's founder and CEO, says it was a combination of his own frustration and what he was finding in workplaces across the country.

“I became increasingly frustrated as to why people were not implementing security changes based on internal and external assessments, so decided to do something about it,” he says.

As he investigated why, he found that organisations were putting security policies and best practice guidelines in the ‘too hard' basket.

“It's not that companies don't want to implement good security practices, it's just that at first glance there are so many different standards and guidelines that it has become increasingly difficult for them to keep track,” he adds.

One of the system's key parts is to help improve the factors necessary for CIS control implementation.

Krzyzewski explains that the controls are important for helping organisations to protect their information assets, and that they are both pragmatic and achievable.

The CIS controls are a list of 20 controls that can help protect an organisation against cyber threats.

The top five controls include areas such as authorised and unauthorised devices and software; secure configurations for hardware and software; continuous vulnerability assessment and remediation; and controlled use of administrative privileges.

The other 15 includes topics such as malware defences, data protection, data recovery, application software security, wireless access control and penetration tests.

Kwzyzewski says the SAM For Compliance system leverages SAM-NZISM, a common interest for New Zealand government departments. He also says the system is designed to simplify controls in the New Zealand Information Security Manual.

“The SAM-NZISM system incorporates every requirement of NZISM broken down into easy-to-manage work plans with action and task management available for every NZISM control. Information within the work plans is collated and displayed, making it easy for government departments to access, manage, improve, track, and report on NZISM compliance over time,” he says.

Related stories
Keepit appoints cybersecurity veteran Kim Larsen as new CISO
Can misconceptions derail the effectiveness of operational resilience?
One wrong click can devastate your small business: so what can you do?
Oracle launches AI-powered platform to combat money laundering
Snowflake's Data Clean Rooms now available after Samooha acquisition
Top stories
Cisco launches Hypershield for AI-driven security upgrade
Axis unveils hybrid cloud platform for adaptable security solutions
Spirent partners with online payments platform to boost cyber defenses
Trustifi launches innovative phishing detection training for MSPs
Keeper Security launches user-friendly passphrase generator