Cyber security audit challenges in 2020

cyber security audit challenges in 2020 white paper

Archive Blog Archives

Credit Union Case Study

The credit union had to demonstrate compliance with the PCI-DSS standard, as well as the ISO 27001 standard and APRA’s Prudential Practice Guide (CPG234) for managing security risk in information technology. Huntsman was chosen above all the major SIEM vendors because:

  • It matched the best for functionality but was more flexible and cost-effective
  • Huntsman was familiar with APRA CPG 234 which was vital for implementation
  • Huntsman’s rules could be easily configured to PCI-DSS, ISO 27001 and APRA CPG234
  • The company was local for initial support and later suggestions for new features
  • Huntsman set up quickly, and scaled easily and cost-effectively
Key terms and topics addressed
  • PCI-DSS, ISO 27001,APRA CPG234, compliance Monitoring
  • Correlation of all alerts, real-time monitoring, SIEM system
  • Flexibility, value, scalability, easy upgrade, fast alerting
  • Liveview Console, centralised view, Behaviour Anomaly Detection.
Download the Credit Union Case Study

Read More

Managed Investment Services Case Study

'Once we established the solution’s capability and affordability, support was the deciding factor.’

This enterprise provides investment management services to some of Australia’s leading life insurers, superannuation providers and funds managers. As part of a global financial institution, the Australian subsidiary had to meet the same corporate IT security, risk and compliance standards, yet with fewer resources. Its challenge was to find a SIEM system that was easy to deploy and operate, from a vendor who offered comprehensive local support. Huntsman was chosen because:
  • Huntsman’s modular design offered an ‘implement-and-pay-as-you-grow approach’ with a clear upgrade path
  • Tier‐3 included implementation and customised report generation in the package
  • Customer checks confirmed Huntsman’s easy deployment and excellent vendor support.
Key terms and topics addressed:
  • Scalable, modular IT security solution, easy deployment, clear upgrade path
  • Log management, log analysis and customised reporting, security audit
  • Network security threats, security monitoring, event contextualisation and correlation
  • Governance, IT risk management, compliance monitoring
  • Adaptive security, Security Information and Event Management, SIEM.
Download the Managed Investment Services Case Study

Read More

Retail Bank Case Study

‘We needed a system that gave us a single view of our operations and our security environment, and one that alerted us to all potentially serious events.’

This case study features the Australian arm of an international bank, renowned for innovative products for consumers and businesses. Rapid growth saw the bank acquire disparate IT and security systems in response to specific demands, which created information silos. These silos prevented IT staff clearly seeing cyber security threats, tracking them and coordinating effective responses. The bank acquired Huntsman to meet these key objectives:
  • To provide IT security staff with a single view of events across the network
  • Log Management that ensured complete data sets for forensic audits
  • Flexible compliance monitoring and reporting that met regulatory requirements
  • Ease of use, deployment and implementation and responsive technical support.
Key terms and topics addressed:
  • Regulatory compliance, compliance monitoring, compliance audit, forensic audit
  • Event logs, log collection, log management, information silos, risk mitigation
  • Security Incident Management, security information and event management, SIEM
  • Real-time alerting, security response, single view of network
  • Easy deployment, configuration, implementation and maintenance.
Download the Retail Bank Case Study

Read More

ASD ISM Compliance Guide

 ASD ISM Compliance Guide

This Compliance Guide summarises the main principles from Section 3 of the ISM, shows how Huntsman technology maps to them, and how it helps organisations to assess and manage key aspects of their IT risk status, such as:
  • Readiness to respond to targeted cyber security incidents
  • The controls to protect the organisation from serious threats
  • The potential cost of a cyber security incident
  • Effectiveness of fostering a strong security culture.
Key terms and concepts addressed in this compliance guide:
  • IT security risk, IT security monitoring, risk mitigation
  • Security breach, policy breach, cyber security, information security
  • Security Event and Information Management (SIEM), IT risk management
  • Event logging, root cause analysis, forensic audit, incident management
  • Behavior Anomaly Detection, security awareness training.

Read More
1 2 3 10