Compliance Management

A cyber security framework is crucial to effective governance within this area of your business. It enables you to intelligently manage your cyber risk in line with your overall business risk appetite. A cornerstone of your framework is a set of policies that set out the principles for cyber security efforts within your organisation. They should clearly define the rules you expect to be adhered to so that risk is managed appropriately.

Want to know more?

Contact us on 04 917 6670 or sales@sss.co.nz if you would like to know more about our Cyber Security Framework and Policies.

How we can help

We help you select an overarching cyber security framework that meets the unique requirements of your organisation, or develop a bespoke framework if required.

We then help you develop policies that reflect both your operational needs and your risk appetite.

We recommend an annual review of your framework and policies as your risk profile, the threat environment, and technology change regularly.

Benefits to your organisation

This service ensures that your cyber security framework enables your business to operate your way, safely. 

• Tailored to your organisation
• Identify and document your cyber security goals
• Guidance on how to achieve these goals.

How we deliver your framework and policies

We tailor an approach to best suit your needs. This may include the following:

• Reviewing your existing framework and policies - and whether these are relevant and living, or gathering dust
• Developing an overarching governance policy
• Developing a policy set for you that enables your business to operate safely

We can base policies on existing frameworks such as:

• CIS-20
• ISO 27001
• HISF
• NZISM
• SANS
• COBIT
• PCI-DSS 

Government entities are often required to certify (and re-certify) a system's cyber security posture as part of an assessment and authorisation process.

Similarly, commercial entities may be required by their customers or partners to demonstrate a level of cyber maturity by becoming certified.

To increase the likelihood of a successful outcome, the entity seeking authorisation of their system should first perform a certification readiness assessment.

A security certification readiness assessment provides greater knowledge and understanding of your system's cyber security posture before entering into the certification phase of the authorisation process.

Contact us on 04 917 6670 or sales@sss.co.nz if you would like to know more about our Security Certification Readiness Assessments.

Benefits to your organisation

Performing a security certification readiness assessment provides your organisation with:

• knowledge of cyber security shortcomings to enable proactive and timely remediation
• the ability to focus on implementing changes to increase the likelihood of achieving authorisation.

How we deliver a certification readiness assessment

By testing your system before the official certification assessment, we can identify areas of concern within the assessor's planned security control set.

We can work with you to prioritise findings for remediation, develop mitigation strategies, and create mitigation statements.

Typical activities

• Assessing the system against the designated security control set.
• Providing input on which findings should be prioritised for remediation or mitigation.
• Providing mitigation statements that clearly explain why a finding has a lower risk than might be initially assumed by the assessor.

Often business managers and technical teams do not have a clear understanding of what is required to protect both the business and its information assets in an increasingly connected operational environment.

It is essential in modern business practice to gain a clear and concise understanding of what your critical information assets are, where they are stored and, how they are protected.

We provide an overview of your organisation’s security maturity or posture, bringing to light the ‘unknown unknowns’.

Want to know more?

Contact us on 04 917 6670 or sales@sss.co.nz if you would like to know more about our Security Gap Analysis service.

Benefits to your organisation

This service provides an overview of your organisation’s security maturity or posture. This provides:

• a baseline providing insight into your current security posture
• a remediation plan helping you to better secure your systems
• a measurement of how well your technical and non-technical controls implement the full scope of your cybersecurity framework
• an understanding of how well your organisation integrates security into your business planning.

How we deliver a gap analysis

An independent assessment of your current cyber security state which includes the following:

• Identifying your information assets and ownership
• Conducting a gap analysis against your chosen standard or framework
• Providing recommendations for remediation work to address identified gaps
• Producing a full gap analysis review, including summary report that can be consumed and understood at the Executive level, detailed findings for technical personnel
• Aiding delivery of the findings to senior management

Standards and frameworks

We can base the gap analysis on standards or frameworks including:

• CIS-20,
• ISO 27001,
• HISF,
• NZISM,
• SANS,
• COBIT, and
• PCI-DSS.

We can also help you select a framework appropriate for your organisation.