In passing the Critical Infrastructure) Act 2021 Act, Australia joins other leading nations in implementing a regulatory regime to protect its critical infrastructure assets from cyber-attacks. These threats were made evident by the findings published in September 2021 by the Australian Cyber Security Centre in the ACSC Annual Cyber Threat Report, which found that cyber-attacks are escalating in severity and frequency at a rate of one reported attack every 8 minutes. Troublingly, that report revealed that approximately a quarter of cyber incidents reported to the ACSC in the 2020-21 financial year were associated with Australia’s critical infrastructure or essential services.
This article examines how RightCrowd Access Analytics helps Physical Security professionals meet their compliance obligations under the SOCI Bill.
How does SOCI Impact Physical Security
Physical security now needs to identify and monitor who has access to critical infrastructure assets under SOCI.
This information is required to improve security and resilience but also to build a Critical Asset Register and a Risk Management Program. Organisations now face security obligations by sector and fines for non-compliance.
Physical security leaders have a new role under SOCI which includes:
- Improved management of the systems and data that identify and monitor who has physical access to critical infrastructure assets.
- Proactive identification, management and monitoring of physical access risks, identity anomalies and access compliance failures
- Clean up of the hidden access security and compliance failures
- Improvement of compliance outcomes and security posture of the organisation
Solving SOCI Compliance with RightCrowd Access Analytics
RightCrowd Access Analytics instantly identifies people with inappropriate access to security systems, buildings, facilities, and critical areas, regardless of the base security systems and vendor mix in place.
People, roles and access permissions change constantly, which create literally thousands of identity transactions per year that are not checked for regulatory compliance. RightCrowd customer research shows that 90% of access control systems contain out-of-date data, creating ‘access chaos’. This is a huge hidden issue, and for the first-time security can map, measure, and monitor these risks to get back complete awareness and control of their security environment.
It now allows security management to maintain proactive visibility of previously hidden access risks and manage appropriate controls. Using highly extensible Graph database technology the solution correlates physical access data from any security system, and maps it against HR or Active Directory to visualise who has access to facilities, critical assets, facilities or secure areas.
The solution can also be used to monitor privileged physical access, inappropriate or non-compliant access, expired permissions and duplicate cards.
With a lightweight deployment, the solution has an incredibly fast time to value, and can help security leaders immediately identify who has access to critical assets, and if they should.
If you would like more information on RightCrowd Access Analytics please contact us.