Automate today to observe tomorrow, 6 standards

Even though cybersecurity has been an element of IT systems for decades, companies who still view it as a bolt-on component will never be effective at preventing attacks. The focus must now turn to working with vendors capable of testing, automating, and building roadmaps and supporting tools for observability of compliance for organisations.

Automate with Obsidian Systems’ Testing Automation Compliance Observability (TACO) security auditing tool that provides your organisation with complete visibility through an integrated dashboard.

Due to the complexity involving with compliance auditing, whether it is for systems in the cloud or on-premise, result in many organisations only managing this critical process once a year. The problem with doing such a mission-critical process annually is that it results in at least two weeks of intensive man-hours trying to get everything according to standard.

But with TACO, getting audited compliance results does not have to be a chore. Instead, its integrated and automated value proposition sees it delivering continuous auditing. This translates to performing a 20 000 point compliance check every 20 minutes.

Think about it. What would ordinarily take two weeks of significant work now happens automatically every 20 minutes. But that is not all.

via GIPHY

TACO delivers alerts to inform you of any red flags in the compliance process. It is no stretch of the imagination to say this continuous compliance checking process is a game-changer for South African organisations.

Another significant advantage of the Obsidian TACO tool is that it automatically creates a report of everything that happened on the system to empower your security consultants with the knowledge on how to optimise your compliance and auditing.

GDPR and Security

Regulation on the protection of natural person concerning the processing of personal data and on the free movement of such data has resulted on some heavy penalties on large brands such as Google, H&M, British Airways and Marriott Hotels to name a few.

Regulation on the protection of natural person concerning the processing of personal data and on the free movement of such data has resulted on some heavy penalties on large brands such as Google, H&M, British Airways and Marriott Hotels to name a few.

The GDPR has set out 7 key principles to guide the use of one’s personal information for which business must be held accountable and justify the use of personal information including lawfulness, purpose, data minimisation, accuracy, storage limitation, integrity and confidentiality. In other words, giving us peace of mind that our data is secure.

POPI and Compliance

South Africa has rung the bell for the Protection of Personal Information Act or abbreviated as the POPI Act or POPIA. It was enacted by the South African Parliament, with a commencement date of 1 July 2020.

CIS Benchmarks

The Centre for Internet Security focuses on industry-standards for a wide range of IT platforms, primarily for infrastructure regarding configuration, checklists and mitigation processes for securing vulnerabilities.

Mandated PCI DSS

Mandatory security standards are legislated by the Payment Card Industry Data Security Standards to protect consumers and organisations handling credit card transactions.

The PCI Standard enforces card brands and is administered by the Payment Card Industry Security Standards Council. In the case of making breaking news headlines, a breach of credit card security is not the exposure you are searching for. So, automate before it’s too late.

SOX Automate Risk Management

In July 2002, the U.S. Senate enacted the Public Company Accounting Reform and Investor Protection Act known as the Sarbanes–Oxley Act of 2002 or SOX in short. To avoid future accounting scandals of the early 2000s there are eleven sections, covering everything from corporate board responsibilities to criminal penalties. 

In response to preserving investor integrity SOX was also enacted in Canada (2002), Germany (2002), South Africa (2002), France (2003), Australia (2004), India (2005), Japan (2006), Italy (2006), Israel, and Turkey.

NIST Guidelines

The National Institute of Standards and Technology was founded at the turn of the century it’s a non-regulatory federal agency in the U.S. Department of Commerce. Their mission is to promote innovation and to advance standards in technology and security. 

The Cybersecurity Framework is a documented set of guidelines in order to prepare businesses to prepare and hopefully automate identifying, detecting, and responding to cyber-attacks.

Contact us.

by Angela Ho