3 Questions to Ask If You’re Wondering How Your ISMS Stacks Up
Lately several clients have asked my opinion of how well their information security management system (ISMS) stacks up against industry peers. That’s an important consideration, because the more you...
View ArticleWhy Go for ISO 27001 Certification—Why Not Just Adopt the Controls?
According to ISO’s annual surveys, the popularity of ISO 27001 certification has been growing steadily in recent years at between 7% and 14% annually. With its non-prescriptive, risk-based focus, ISO...
View ArticleA Closer Look at Insider Threats
Lately I’ve been working on multiple information security risk assessments. The assessments consist of risk identification surrounding processes dealing with critical data. The identified risks and...
View ArticleNavigating FedRAMP: Agency ATO to GSA Transition
But still they lead me back… To that long, winding road… You left me standing here… A long, long time ago… Don’t leave me waiting here—Lead me to your door! I’m not sure how Paul McCartney presaged...
View ArticleISO 27001 Simplified
Pivot Point Security has a tagline that reads, “Security simplified.” In that spirit, here’s how I simplify ISO 27001 for new clients. In a nutshell, ISO 27001 requires organizations to implement seven...
View ArticleWhy Cross-Reference Policies Directly to ISO 27001? Because It Simplifies...
I have long been an advocate of cross-referencing policies, standards and procedures (PSPs) to the information security framework on which they are based (generally NIST/FISMA, ISO 27000, or both). My...
View ArticleISO 27001 Gap Assessment and Risk Assessment: What’s the Difference?
If you’re not familiar with ISO 27001 implementations and audits, it’s easy to confuse the gap assessment and the risk assessment. It doesn’t help that both these activities involve identifying...
View Article2 Basic Approaches to Mobile Device Management: Pick One
If you think of mobile devices as “mini laptops” that will help you appreciate what it takes to keep them secure, and why securing them is so important. Mobile devices store, transfer and access all...
View ArticleStrategies for Containing the Rising Cost of Cyber Liability Insurance
Back in the fall of 2014, I was having lunch with a client and their cyber liability insurance broker. I recall clearly the broker’s recommendation to “…have all of your clients load up on as much...
View ArticleHITRUST Consulting Challenge: Right Ladder, Wrong Wall
PPS is really starting to feel the impact of the June 2015 HITRUST Alliance pronouncement that a number of key healthcare organizations—including Anthem, Health Care Services Corp., Highmark, Humana,...
View ArticleUsing ISO 27001 to Manage Top Cybersecurity Mistakes Health Organizations Make
1,252 publicly disclosed security breaches of healthcare and medical providers exposed over 43 million records since 2005, according to the Privacy Rights Clearinghouse. A blog post on the Managed...
View ArticleThe Cost of IT Security: Expensive does not equal Effective
How much are your information security controls costing you? Are you sure that what you’re paying for is effective? Driven by fear and/or a misinformed perspective, many organizations are looking for...
View ArticleWhy Perfect is the Enemy of Progress in Information Security
I got an email from a good client yesterday that had been quiet for a while. “Just wanted to update you on where we are and why we have been so quiet for the last 6 months,” it began. “When you...
View ArticleA Scary Story about an Attorney Who Didn’t Comply with His Firm’s InfoSec...
The other day I heard from a client in the legal vertical seeking advice. Some attorneys in his firm had proved to be less than enthusiastic about following some of the newly established information...
View ArticleCould ISO 27001 Certification Make Healthcare Organizations Immune to...
The other day I spoke with the frazzled IT security person for a small hospital system. They had just been hammered by ransomware that impacted protected health information (PHI). The conversation...
View ArticleWhy Cross-Reference Policies Directly to ISO 27001? Because It Simplifies...
I have long been an advocate of cross-referencing policies, standards and procedures (PSPs) to the information security framework on which they are based (generally NIST/FISMA, ISO 27000, or both). My...
View ArticleISO 27001 Gap Assessment and Risk Assessment: What’s the Difference?
If you’re not familiar with ISO 27001 implementations and audits, it’s easy to confuse the gap assessment and the risk assessment. It doesn’t help that both these activities involve identifying...
View Article2 Basic Approaches to Mobile Device Management: Pick One
If you think of mobile devices as “mini laptops” that will help you appreciate what it takes to keep them secure, and why securing them is so important. Mobile devices store, transfer and access all...
View ArticleStrategies for Containing the Rising Cost of Cyber Liability Insurance
Back in the fall of 2014, I was having lunch with a client and their cyber liability insurance broker. I recall clearly the broker’s recommendation to “…have all of your clients load up on as much...
View ArticleHITRUST Consulting Challenge: Right Ladder, Wrong Wall
PPS is really starting to feel the impact of the June 2015 HITRUST Alliance pronouncement that a number of key healthcare organizations—including Anthem, Health Care Services Corp., Highmark, Humana,...
View Article
