Why Corporates and Business should focus on cybersecurity
Business depends on the integrity and availability of its information, and the systems that process that information, in order to maintain their day to day operational capability. Business depends on proprietary information not being divulged to unauthorised third parties. Customers and clients have the expectation that information held about them by businesses is kept secure. In many regions around the world the confidentiality of information, be it for personnel management purposes or in relation to third party information held by the business is covered by Government regulation or legislation with severe penalties being applicable in some cases.
Every business has a responsibility to ensure that their regulatory obligations are met, and that their shareholder investment is protected through the implementation of effective technical controls, operational practices and management processes.
The cybersecurity frameworks within the SAM for Compliance system are designed to help corporates and businesses establish effective controls for the protection of systems and information irrespective of business size. SAM for Compliance helps establish core controls, identifies where resolution is required and then assists with management of the remediation and improvement in cybersecurity improvement.
MANAGE, TRACK AND REPORT IN REAL TIME, INFORMATION ASSET RISK AND DEMONSTRATE COMPLIANCE USING SAM for COMPLIANCE
COMPLIANCE WITH CIS CONTROLS
The Center for Internet Security (CIS) is a not-for-profit organization dedicated to enhancing the cyber security readiness and response among public and private sector entities. Utilising its strong industry and government partnerships, CIS combats evolving cyber security challenges on a global scale and helps organizations adopt key best practices to achieve immediate and effective defenses against cyber attacks. CIS is home to the Multi-State Information Sharing and Analysis Center (MS-ISAC), CIS Security Benchmarks, and CIS Critical Security Controls. CIS, in association with the City of London Police and the Office of the New York County District Attorney, is a founding partner in the Global Cyber Alliance, an international cross-sector effort designed to confront, address, and prevent malicious cyber activity.
The CIS Controls are:
- Clearly defined and practical controls
- Technically focused to deliver measurable improvement;
- Designed with input from cybersecurity practitioners around the world, and
- Categorised into Implementation Groups suitable for any sized organisation.
CIS Controls is a recognised, best practice Standard which is reviewed and updated regularly, and has global support from cybersecurity professionals. The SAM-CIS Controls frameworks allows you to assess, manage, track and report on your compliance against the CIS controls. SAM for Compliance has CIS Controls v7.1 and CIS Controls v8 available under seperate subscriptions.
If you would like to know more about how CIS Controls can help you organisation improve cybersecurity click on the buttons below to request further information or book a demonstration.
SAM-Security has been designed by us as a basic cybersecurity Standard suitable for implementation by small to medium enterprises.
The framework includes the CIS Controls and also covers additional areas such as Governance, Risk Assessment and Management, Response and Recovery.
With 269 controls, this framework is not difficult to implement and can easily be managed within existing resources. It is practical, pragmatic and effectively reports on the organisation's cybersecurity status in real-time. Features include Exemption and Exception Registers, Action and Task Managers and a variety of reports showing compliance at different levels.
This framework has a wide application and may be used by larger organisations that are just beginning their cybersecurity maturity journey.
If you would like to know whether SAM-Security would suit your organisation or would like to view the content, click on the buttons below to request further information or book a demonstration.
The Payment Card Industry Data Security Sandard (PCI DSS) was developed to encourage and enhance cardholder data security and facilitate the broad adoption of consistent data security measures globally. PCI DSS provides a baseline of technical and operational requirements designed to protect account data. PCI DSS applies to all entities involved in payment card processing - including merchants, processors, acquirers, issuers and service providers. PCI DSS also applies to all other entities that store, process or trnasmit cardholder data (CHD) and/or sensitive authentication data (SAD).
PCI DSS is broken down six overarching focus areas that contain twelve PCI DSS requirements.
The SAM-PCIDSS framework is designed around this structure and uses the defined testing procedures as the basis for the controls enabling this framework to be used as a tool to assess compliance with the Standard.
If you would like to know whether you should comply with PCI DSS or would like more information, click on the buttons below to request further information or book a demonstration.
NIST SP 800-171 - Protecting Controlled Unclassified Information in nonfederal Information Systems and Organisations
This is an overarching Standard developed to protect Controlled Unclassified information (CUI) residing in nonfederal information systems and organisations. It is applicable to organisations providing services to Federal Government but also has wider applicability for larger corporates and businesses wanting a cybersecurity Standard with an Information Security perspective.
The responsibility of federal agencies to protect and ensure the control of CUI does not change when such information is shared with nonfederal partners. Therefore a similar level of protection is needed when CUI is processed, stored or transmitted by nonfederal organisations using nonfederal information systems.
The CUI security requirements have been developed based on three fundamental assumptions:
- Statutory and regulatory requirements for the portection of CUI are sonsistent, whether such information resides in federal information systems or nonfederal information systems, including the environments in which those systems operate;
- Safeguards implemented to protect CUI are sonsistent in both federal and non federal information systems and organisations; and
- The confidentiality impact value for CUI is no lower than moderate in accordance with the Federal Information Processing Standards (FIPS) Publication 199.
Additional assumptions impacting the development of the CUI security requirements also included:
- Organisations have information technology infrastructures in place, and are not necessarily developing or acquiring information systems specifically for the purpose of processing, storing or transmitting CUI;
- Organisations have specific safeguarding measures in place to protect their information which may also be sufficient to satisfy the CUI security requirements;
- Organisations can implement a variety of potential security solutions either directly or through the use of managed services to satisfy CUI security requirements; and
- Organisations may not have the necessary organisational structure or resorces to satisfy every CUI security requirement and may implement alternative, but equally effective, security measures to compensate for the inability to satisfy a particular requirement.
The Standard's security requirements are organised into fourteen families, each containing the requirements relating to the general security topic of the family. These are closely aligned with the minimum security requirements for federal information and information systems described in FIPS Publication 200.
The Standard provides a mapping to relevant security controls found within NIST SP 800-53 and ISO 27002, and we have derived our underlying controls for SAM-Protect from these sources as well as the CIS Controls, where applicable.
SAM-Protect is one of our larger frameworks and with its focus on information security, it is applicable to larger corporates and businesses that focus their security programmes on this aspect of cybersecurity.
If you would like to know whether SAM-Protect is applicable to your organisation or would like to view the content, click on the buttons below to request further information or book a demonstration.