08/06/2016

Regulatory Compliance and Preparation

Many industries and regions are governed or guided by mature standards and guidelines to minimise Cyber, IT Security and Organisational risks. The CyberOps team is here to help.

The team have assisted many organisations to align and prepare for certifications with the following and many other standards and guidance.

These include:

  • Standards, guidance, industry, regulatory and legal requirments.
    • Australian Signals Directorate (ASD) guidelines – TOP 35 and Essential 8 Information Security Manual.
    • Australian Defence Security Manual (DSM) and Protective Security Policy Framework (PSPF).
    • Australian Government Information Security Manual (ISM).
    • US National Institute of  Standards and Technology (NIST) cybersecurity guidelines.
    • Payment Card Industry Data Security Standards (PCI-DSS).
    • Australian Securities & Investment Commission 26 (ASIC 26).
    • SANS and Centre for Internet Security (CIS) guidelines, hardening guides and security benchmarks.
    • Open Web Application Security Project (OWASP) Web, Mobile and thick application development and testing guidelines.
    • Office of the Australian Information Commissioner (OAIC) personal information security and Privacy Principles guidelines.
    • Australian mandatory Notifiable Data Breach (NDB) law and EU General Data Protection Regulation (GDPR).
    • Australian Prudential Regulation Authority’s (APRA’s) security and governance requirements, guidelines and standards.
    • US Health Insurance Portability and Accountability Act (HIPAA).
    • International Standards Organisation security and risk standards such as ISO 27001/2, ISO 22301, ISO 27032, ISO 31000 and others.
    • COBiT – Control Objectives for Information and related Technology.
    • AS/NZS 4360 – Risk Management.
    • AS2805 – Electronic funds transfer.
    • Capability Maturity Model (CMM).
    • Defence Signals Directorate ACSI33 (Security Guidelines for Australian Government IT Systems), Gateway Certification Guide & Evaluated Products List.
  • Cyber Security Health Checks of critical operating environments, organisational policies, processes and business alignment to required guidelines/standards/laws/regulatory requirements. Assessments include:
    • Review and/or establishment of a Cyber Security road map or framework for the organisation, inline with industry standards/guidelines, laws and regulatory requirements.
    • Review and/or establishment of Cyber Risk Management plan consistent with the Risk tolerance of the organisation and industry.
    • Cyber Security Operations reviews, assessments of processes & procedures to improve the efficiency of security operations and incident management processes.
    • Disaster Recovery (DR) and Business Continuity (BC) maturity.

Specialist assessments include:

  • IoT Cyber Security Assessment as per Cloud Security Alliance (CSA) security guidelines, including IoT Vulnerability Assessment & Penetration Testing (VAPT).
  • Critical infrastructure Cyber Security Maturity Assessments.
    • Oil and Natural Gas Cyber Security Capability maturity modeling.
    • Electricity Cyber Security Capability maturity modeling.
    • Water Cyber Security maturity modeling.
    • Smart Grid Cyber Security modeling.
  • Australian Defence subcontractor or supplier organisational readiness reviews.
  • SCADA / Critical Infrastructure Cyber Security Operations reviews as per critical infrastructure NIST or other related standards.

 

Contact us to discuss how we can help.

    sales@cyberops.com.au