Automate with Obsidian Systems’ Testing Automation Compliance Observability (TACO) security auditing tool that provides your organisation with complete visibility through an integrated dashboard.
Due to the complexity involving with compliance auditing, whether it is for systems in the cloud or on-premise, result in many organisations only managing this critical process once a year. The problem with doing such a mission-critical process annually is that it results in at least two weeks of intensive man-hours trying to get everything according to standard.
But with TACO, getting audited compliance results does not have to be a chore. Instead, its integrated and automated value proposition sees it delivering continuous auditing. This translates to performing a 20 000 point compliance check every 20 minutes.
Think about it. What would ordinarily take two weeks of significant work now happens automatically every 20 minutes. But that is not all.
TACO delivers alerts to inform you of any red flags in the compliance process. It is no stretch of the imagination to say this continuous compliance checking process is a game-changer for South African organisations.
Another significant advantage of the Obsidian TACO tool is that it automatically creates a report of everything that happened on the system to empower your security consultants with the knowledge on how to optimise your compliance and auditing.
GDPR and Security
Regulation on the protection of natural person concerning the processing of personal data and on the free movement of such data has resulted on some heavy penalties on large brands such as Google, H&M, British Airways and Marriott Hotels to name a few.
Regulation on the protection of natural person concerning the processing of personal data and on the free movement of such data has resulted on some heavy penalties on large brands such as Google, H&M, British Airways and Marriott Hotels to name a few.
The GDPR has set out 7 key principles to guide the use of one’s personal information for which business must be held accountable and justify the use of personal information including lawfulness, purpose, data minimisation, accuracy, storage limitation, integrity and confidentiality. In other words, giving us peace of mind that our data is secure.
POPI and Compliance
South Africa has rung the bell for the Protection of Personal Information Act or abbreviated as the POPI Act or POPIA. It was enacted by the South African Parliament, with a commencement date of 1 July 2020.
CIS Benchmarks
The Centre for Internet Security focuses on industry-standards for a wide range of IT platforms, primarily for infrastructure regarding configuration, checklists and mitigation processes for securing vulnerabilities.
Mandated PCI DSS
Mandatory security standards are legislated by the Payment Card Industry Data Security Standards to protect consumers and organisations handling credit card transactions.
The PCI Standard enforces card brands and is administered by the Payment Card Industry Security Standards Council. In the case of making breaking news headlines, a breach of credit card security is not the exposure you are searching for. So, automate before it’s too late.
SOX Automate Risk Management
In July 2002, the U.S. Senate enacted the Public Company Accounting Reform and Investor Protection Act known as the Sarbanes–Oxley Act of 2002 or SOX in short. To avoid future accounting scandals of the early 2000s there are eleven sections, covering everything from corporate board responsibilities to criminal penalties.
In response to preserving investor integrity SOX was also enacted in Canada (2002), Germany (2002), South Africa (2002), France (2003), Australia (2004), India (2005), Japan (2006), Italy (2006), Israel, and Turkey.
NIST Guidelines
The National Institute of Standards and Technology was founded at the turn of the century it’s a non-regulatory federal agency in the U.S. Department of Commerce. Their mission is to promote innovation and to advance standards in technology and security.
The Cybersecurity Framework is a documented set of guidelines in order to prepare businesses to prepare and hopefully automate identifying, detecting, and responding to cyber-attacks.
by Angela Ho