Our cyber security products span from our next gen SIEM used in the most secure government and critical infrastructure environments, to automated cyber risk reporting applications for commercial and government organisations of all sizes.
Regulatory compliance has intensified in areas such as anti-money laundering, critical infrastructure, privacy and audit/reporting. The demand for better solutions that automate and streamline the activities needed to comply with the demands of regulators has spawned a booming sector of innovative software and service companies known as ‘RegTech’.
The term RegTech was first used in connection with the finance industry and referred to specialist technology helping finance organisations comply with their regulatory obligations.
But this capability is not limited to the financial services sector and now refers to the technology used to help any organisation comply with regulatory obligations. Cyber security risks have been growing in prominence for many years and boards are acutely aware of the financial and reputation impacts of breaches – whether affecting consumers and privacy or IP that has value to the business.
The market/share price effects as well as consumer impacts mean that regulators and audit committees have a need for increasing assurance in cyber risk, as well as in financial probity and reporting.
With security teams continually stretched, and technology growing in complexity there is a need for organisations to automatically report on the security control status or cyber posture of the organisation.
Public Company Accounting Oversight Board (PCAOB) Auditing Standards in the United States require auditors to consider the quality and reliability of audit evidence, so reports on security control effectiveness that take a long time to generate or derive, and/or which have to be manually collated and assembled are unlikely to give sufficient assurance.
The PCAOB view on the role of auditors of public companies with respect to cyber security can be found here.
Studies show that when you ask operational staff for a view on security control effectiveness they will give over-optimistic results – look no further than the Australian National Audit Office’s government entity audits, discussed in our cyber security resilience blog post.
Taking people out of the loop of inspection, analysis, reporting not only eases the resource burden, it gives a clearer picture of the true state of control effectiveness and reduces the risk of misstatements around the performance of cyber controls.
Now that mandatory data breach reporting has been established in regulations such as the EU and UK GDPR and Australia’s Notifiable Data Breach scheme, regulators are evolving towards disclosure of an organisation’s cyber security risk information. For example, the Securities and Exchange Commission (SEC) in the United States has issued guidance to public companies with respect to their public filings noting that it is critical that public companies provide investors with timely and ongoing information regarding material cyber security risks. Evaluation of cyber security risks should include, among other factors:
Companies should also assess whether they have sufficient disclosure controls and procedures in place to ensure that relevant information is processed and reported to appropriate personnel, to enable senior management to make disclosure decisions.
Essential 8 Scorecard
Huntsman Security’s RegTech solutions, align to the Essential Eight controls the Australian government identified as the most effective strategies to mitigate cyber security incidents. The Essential 8 Scorecard operates automatically and transparently to continuously measure the effectiveness of the eight critical controls. It regularly generates and distributes reports in a format that key stakeholders can understand with no manual effort to create or translate.
Essential 8 Auditor
The Essential 8 Auditor provides on-demand cyber vulnerability & maturity assessment, to measure security compliance against the ACSC Essential Eight framework. The solution can be used internally or externally by Security Consultants, Auditors and Risk & Compliance Managers.
Download our brochures to find out more about how our Essential 8 Scorecard and Essential 8 Auditor can help measure the effectiveness of your organisation’s security controls:
The Essential Eight controls can be found in almost all national and international security standards – Cobit, ISO 27001, PCI DSS, NCSC Top 10 and NIST CSF. They provide a baseline of cyber hygiene that is vital to building cyber resilience. Huntsman Security’s technology automates the measurement and reporting processes and allows audit, risk and security teams to focus on the more specific challenges their businesses face.
Read by directors, executives, and security professionals globally, operating in the most complex of security environments.