Welcome to Octave Consulting Group - Securing your peace of mind against online threats!

17 Eastbrook Road

Dedham, MA 02026

10:00 AM - 5:00 PM

Monday to Friday

Legal & Regulatory Compliance

Compliance is an essential element of any cybersecurity program. Compliance is based on the foundational principle ‘TRUST BUT VERIFY’. This means that our fiduciary duty is to obtain strong evidence of compliance with applicable policies, standards, laws, regulations, etc. in order to provide our expert attestation. There are several legal and regulatory frameworks the organizations must adhere to in an increasingly complex business landscape:

  • ISO/IEC 27001
  • Payment Card Industry Data Security Standard (PCI-DSS)
  • Sarbanes-Oxley Act
  • EU General Data Protection Regulations (GDPR)
  • COBIT 5
  • And Others

Compliance, which is only ‘current state’, is directly affected by ever changing and continuously evolving rules and regulations which creates difficulty for organizations to maintain a strong compliance posture. The perpetual updating and extension of  IT environments presents additional challenges with achieving compliance.

compliance-new

How Can Octave Consulting Help You?

The European Union has brought into force the General Data Protection Regulations (GDPR), which replaces the Data Protection Directive 95/46/EC. The GDPR was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens’ data privacy and to reshape the way organizations across the region approach data privacy. The new rules have a broad definition of personal data and a wide reach, affecting any company that collects personal information of individuals in the EU.

Our GDPR readiness assessments are broken into three stages and consist of onsite interviews, remote voice or video interviews, and a detailed review of policy documentation and operational procedures. We are very in-depth and discuss strategy, architecture, risk management, and planned implementations to develop a comprehensive view of your privacy and security environment.

Our final deliverable is a readiness assessment pack that includes a high-level readiness summary, gap analysis, compliance roadmap, and strategic and tactical recommendations. The readiness assessment pack is geared towards addressing the highest risk and impact areas, and provides your staff with detailed implementation guidelines.

SWIFT has published their Customers Security Control Framework: a set of baseline security controls that all users must implement on their local SWIFT-related infrastructure. All controls are articulated around three overarching objectives: ‘Secure your Environment’, ‘Know and Limit Access’, and ‘Detect and Respond’ which, in turn, are linked to eight security principles and twenty-seven controls.The controls have been developed based on analysis of the latest cyber-threat intelligence, and in conjunction with industry experts, are designed to be in line with existing information security industry standards.

By 1 January 2018, all SWIFT customers will need to provide self-attestation against the mandatory controls and on an annual basis thereafter. The self-attestation may be tested and proof of compliance may be required.

Octave Consulting experts work with customers to conduct CSP readiness assessments and provide qualified proof of compliance that can be used to support annual self attestations. Our services also include awareness workshops, gap analyses, and capabilities maturity measurement.

ISO/IEC 27001 is the international standard that sets out the specifications of an information security management system (ISMS), a best-practice approach to addressing information security that encompasses people, processes and technology. The assessment and management of information security risks is at the core of ISO 27001.

Our security experts are intimately familiar with the requirements of ISO/IEC 27001 and deliver a broad range of associated services, including educational and awareness workshops, security controls reviews, ISMS reviews, and development of risk management systems, among others.

The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organizations that handle branded credit cards from the major card schemes. The PCI Standard is mandated by the card brands and administered by the Payment Card Industry Security Standards Council. The standard was created to increase controls around cardholder data to reduce credit card fraud.

We work with clients to test and validate their IT controls within the context of PCI DSS, and this assessment can be used in the completion of their Self Assessment Questionnaire (SAQ). Additionally, we can verify the work of PCI DSS Qualified Security Assessors (QSAs) or provide assurance for vendors who have received PCI DSS certification.

Control Objectives for Information and Related Technologies (COBIT) 5 is a business framework for the governance and management of enterprise IT. It is the product of a global task force and development team from ISACA, a nonprofit, independent association of more than 140,000 governance, security, risk and assurance professionals in 187 countries.

Our qualified experts can provide independent assessment and gap analysis for the COBIT 5 framework. They can also work with customers to develop a COBIT 5 implementation roadmap.

Octave Consulting has experience with most control frameworks, reviewing an organization’s control structure against these requirements, and providing assistance in development strategies to increase capabilities maturity and become certified or compliant.

The Result

We work with companies of all sizes to help them get a grip around their legal and regulatory compliance issues. Our security experts have all adopted a relationship-driven approach where we don’t just perform one-off engagements, but instead we partner with our customers to remain engage and involved in their ongoing efforts to mature their compliance practices, and to capably meet their legal and regulatory requirements.

(617) 652-0934 Contact Us Today – We Are Ready To Serve You!

Contact Us
%d bloggers like this: