Story image

Center for Internet Security recognises Kiwi compliance firm

17 Jul 2017

A New Zealand security assessment and compliance system has received recognition from the US-based Center for Internet Security (CIS).

SAM For Compliance provides a cloud-based service for organisations that wish to self-assess and manage compliance to meet CIS controls and other security standards.

Launched in April this year, SAM For Compliance was born from a common problem – a cure for the maker’s own frustration.

Tony Krzyzewski, the company’s founder and CEO, says it was a combination of his own frustration and what he was finding in workplaces across the country.

“I became increasingly frustrated as to why people were not implementing security changes based on internal and external assessments, so decided to do something about it,” he says.

As he investigated why, he found that organisations were putting security policies and best practice guidelines in the ‘too hard’ basket.

“It’s not that companies don’t want to implement good security practices, it’s just that at first glance there are so many different standards and guidelines that it has become increasingly difficult for them to keep track,” he adds.

One of the system’s key parts is to help improve the factors necessary for CIS control implementation.

Krzyzewski explains that the controls are important for helping organisations to protect their information assets, and that they are both pragmatic and achievable.

The CIS controls are a list of 20 controls that can help protect an organisation against cyber threats.

The top five controls include areas such as authorised and unauthorised devices and software; secure configurations for hardware and software; continuous vulnerability assessment and remediation; and controlled use of administrative privileges.

The other 15 includes topics such as malware defences, data protection, data recovery, application software security, wireless access control and penetration tests.

Kwzyzewski says the SAM For Compliance system leverages SAM-NZISM, a common interest for New Zealand government departments. He also says the system is designed to simplify controls in the New Zealand Information Security Manual.

“The SAM-NZISM system incorporates every requirement of NZISM broken down into easy-to-manage work plans with action and task management available for every NZISM control. Information within the work plans is collated and displayed, making it easy for government departments to access, manage, improve, track, and report on NZISM compliance over time,” he says.

New threat rears its head in new malware report
Check Point’s researchers view Speakup as a significant threat, as it can be used to download and spread any malware.
Oracle updates enterprise blockchain platform
Oracle’s enterprise blockchain has been updated to include more capabilities to enhance development, integration, and deployment of customers’ new blockchain applications.
Used device market held back by lack of data security regulations
Mobile device users are sceptical about trading in their old device because they are concerned that data on those devices may be accessed or compromised after they hand it over.
Gartner names ExtraHop leader in network performance monitoring
ExtraHop provides enterprise cyber analytics that deliver security and performance from the inside out.
Symantec acquires zero trust innovator Luminate Security
Luminate’s Secure Access Cloud is supposedly natively constructed for a cloud-oriented, perimeter-less world.
Palo Alto releases new, feature-rich firewall
Palo Alto is calling it the ‘fastest-ever next-generation firewall’ with integrated cloud-based DNS Security service to stop attacks.
The right to be forgotten online could soon be forgotten
Despite bolstering free speech and access to information, the internet can be a double-edged sword, because that access to information goes both ways.
Opinion: 4 Ransomware trends to watch in 2019
Recorded Future's Allan Liska looks at the past big ransomware attacks thus far to predict what's coming this year.