Story image

Center for Internet Security recognises Kiwi compliance firm

17 Jul 17

A New Zealand security assessment and compliance system has received recognition from the US-based Center for Internet Security (CIS).

SAM For Compliance provides a cloud-based service for organisations that wish to self-assess and manage compliance to meet CIS controls and other security standards.

Launched in April this year, SAM For Compliance was born from a common problem – a cure for the maker’s own frustration.

Tony Krzyzewski, the company’s founder and CEO, says it was a combination of his own frustration and what he was finding in workplaces across the country.

“I became increasingly frustrated as to why people were not implementing security changes based on internal and external assessments, so decided to do something about it,” he says.

As he investigated why, he found that organisations were putting security policies and best practice guidelines in the ‘too hard’ basket.

“It’s not that companies don’t want to implement good security practices, it’s just that at first glance there are so many different standards and guidelines that it has become increasingly difficult for them to keep track,” he adds.

One of the system’s key parts is to help improve the factors necessary for CIS control implementation.

Krzyzewski explains that the controls are important for helping organisations to protect their information assets, and that they are both pragmatic and achievable.

The CIS controls are a list of 20 controls that can help protect an organisation against cyber threats.

The top five controls include areas such as authorised and unauthorised devices and software; secure configurations for hardware and software; continuous vulnerability assessment and remediation; and controlled use of administrative privileges.

The other 15 includes topics such as malware defences, data protection, data recovery, application software security, wireless access control and penetration tests.

Kwzyzewski says the SAM For Compliance system leverages SAM-NZISM, a common interest for New Zealand government departments. He also says the system is designed to simplify controls in the New Zealand Information Security Manual.

“The SAM-NZISM system incorporates every requirement of NZISM broken down into easy-to-manage work plans with action and task management available for every NZISM control. Information within the work plans is collated and displayed, making it easy for government departments to access, manage, improve, track, and report on NZISM compliance over time,” he says.

Symantec releases neural network-integrated USB scanning station
Symantec Industrial Control System Protection Neural helps defend against USB-borne cyber attacks on operational technology.
SingleSource scores R&D grant to explore digital identity over blockchain
Callaghan Innovation has awarded a $318,000 R&D grant to Auckland-based firm SingleSource, a company that applies risk scoring to digital identity.
Ramping up security with next-gen firewalls
The classic firewall lacked the ability to distinguish between different kinds of web traffic.
Spark Lab launches free cybersecurity tool for SMBs
Spark Lab has launched a new tool that it hopes will help New Zealand’s small businesses understand their cybersecurity risks.
Gartner names LogRhythm leader in SIEM solutions
Security teams increasingly need end-to-end SIEM solutions with native options for host- and network-level monitoring.
Cylance makes APIs available in endpoint detection offering
Extensive APIs enable security teams to more efficiently view, enrich, and contextualise real-time intelligence collected at the endpoint to keep systems secure.
SolarWinds adds SDN monitoring support to network management portfolio
SolarWinds announced a broad refresh to its network management portfolio, as well as key enhancements to the Orion Platform. 
JASK prepares for global rollout of their AI-powered ASOC platform
The JASK ASOC platform automates alert investigations, supposedly freeing the SOC analyst to do what machines can’t.