Archive for 'Risky Business'

HomeRisky Business

What is a NIST Penetration Test?

What is a NIST Penetration Test?

NIST/FISMA information security guidance is generally outstanding and more prescriptive than most other forms of guidance. However, there are limits to any standard’s ability to be prescriptive. These limits generally relate to differing technological architectures, the evolution of technology/assessment tools, and differing risk levels (which mandate different levels of testing).

These limits are well illustrated by a recent call that I had with a potential client. Our conversation began with him telling me: “This should be a pretty quick conversation – ...

Continue Reading →
18
JUN
0

Categories: Risky Business

Tags: , ,

FDIC focusing on Quarterly Vulnerability Assessments in Banking

FDIC focusing on Quarterly Vulnerability Assessments in Banking

Quarterly Vulnerability Assessments in BankingOne interesting thing about working in the banking industry is the evolution of the “annual security assessment” mandated by the FDIC. Each year we find that the auditors usually emphasize a different information security issue in addition to the fundamentals (e.g., external penetration test, internal penetration test, Risk Assessment, FFIEC information security handbook, etc.). This approach makes sense and reflects ...

Continue Reading →
13
JUN
0

Categories: Risky Business

Tags: , , ,

The Relationship Between the ISO 27001 and ISO 27002 Standards

The Relationship Between the ISO 27001 and ISO 27002 Standards

A common misconception is that an organization can choose to get certified to the ISO 27002 standard.

I’ve noticed that this misconception is more prevalent with long-time information security practitioners, who understand that ISO 27002 is just a renamed version of ISO 17799 (which was itself a derivative work of British Security Standard BS 7799). “Back in the day” (pre widespread ISO 27001 acceptance) information security thought leaders would use 27002 standard “compliance” as a means of denoting that ...

Continue Reading →
11
JUN
0

Categories: Risky Business

Tags: ,

How Long Does It Take to Get ISO 27001 Certified?

How Long Does It Take to Get ISO 27001 Certified?

Actually, a more frequently asked question is: “How fast can I get ISO 27001 certified?”

The answer depends on what is most important in your specific situation: do you want your certification Fast, Cheap, or Good?

Get-ISO-27001-Certified

As certification becomes a “requirement” to perform work for many companies, one of the biggest concerns many of Pivot Point Security’s potential ISO 27001 consulting clients have is the length of time it takes to get ...

Continue Reading →
6
JUN
0

Categories: Risky Business

Tags: ,

An ISO 27001 Overview: The 6 W’s

An ISO 27001 Overview: The 6 W’s

Enjoy this straight-forward ISO 27001 overview and know where to turn. Please comment with your questions or give us a call anytime.

What?

  • ISO 27001 is a certifiable international standard for Information Security (think of it as a Good Housekeeping Seal of Approval for your information security practices).
  • Most 27001 certificates are for a specific portion of a company (e.g., a cloud service offering or a managed service).

Who?

  • There are usually two or three “organizations” that are potentially involved:1) The organization becoming ISO ...
Continue Reading →
4
JUN
0

Categories: Risky Business

Tags:

Page 1 of 25 12345...»