Trenton, NJ (Vocus) June 22, 2010

The Enterprise Security Professionals Community of Practice (COP) was established by Unisys to enhance the depth and breadth of skills within their internal IT security community. Aligning with the Unisys Area of Strength (Protect People and Identities, Protect Assets, Secure Information Systems, Protect Locations) the COP has hosted such well-known speakers as Tom Kellerman (The Commission on Cyber Security), Roger Cressey (Good Harbor Consulting) and Marcus H. Sachs (Executive Director for National Security and Cyber Policy at Verizon). On June 15, 2010, the COP invited John Verry, principal consultant at Pivot Point Security, to address the group on ISO 27001.

The premise of the presentation (“Driven To ISO 27001 – Driven By ISO 27001″ was that the only logical response to the changes relating to the “cloud economy”, a “flatter world”, and the growth of increasingly ambiguous and overlapping information security regulations is is the ISO27001 framework. “Assuming so, the implications to other frameworks (e.g., NIST/COBIT), technologies (e.g., SIEM/IT-GRC), Attestation (e.g., SAS-70/Penetration Testing), Good Practices (e.g., OWASP), and Information Security Consultants & Practitioners are significant,” said Verry. “That’s why I believe ISO-27001 is poised to change the face of information security.”

Pivot Point Security has long been a leading advocate of meeting the challenges of change through ISO 27001, the only international information security standard. “We’ve created a lot of educational resources on our website,” said Verry. (ISO 27001 Resources) “I’m hoping that everyone will come to see that ISO 27001 is a ‘recipe’ that has been vetted by thousands over the last 15 years, an international standard usable and accepted worldwide.”

One of the things Verry likes most about advocating ISO 27001 is its emphasis on Continuous Improvement. “In our world, we can’t afford to stay still – and if we’re not moving forward, we’re moving backward. ISO 27001 keeps organizations and their personnel moving forward well beyond actual certification.”

About Pivot Point Security
Continually evolving technology, business requirements, regulations, and threats make “being secure” and “proving you’re compliant” increasingly complex. The only logical response: Simplify. Pivot Point Security makes it easier to prove that you are secure and compliant by:

• Focusing on the core group of security assessment services you need to do so;
• Taking the time to understand your business and then optimizing our approach for your unique situation;
• Delivering reports and guidance that are easily understood and acted on by both management and technical personnel; and,
• Basing your assessment and recommendations on trusted, “open” (non-proprietary, non-vendor specific) guidance to simplify the process of operating and maintaining your Information Security Management System after we leave.

Pivot Point Security focuses solely on information security audit activities, with a special emphasis on ISO 27001.

Free Whitepaper: Five Best Practices for SIEM

The promise of SIEM is the consolidation of all relevant Security Event Logs from disparate sources into a single unified and normalized data store.

• Simplify compliance monitoring/reporting
• Vastly improve Incident Detection & Incident Response
• Contextualize event information with other business relevant information

Free Download: A Best Practices Guide to Database Security

Because data is only as secure as the systems & processes it relies on – a holistic approach to data security is essential. This roadmap is not meant to be exhaustive but rather to stimulate the necessary thought process to put you on the path to good data security.

Free Whitepaper: Stop Wasting Money on Penetration Testing

Penetration Testing is most frequently performed to:

• Substantiate the net effectiveness of a mature control environment
• Prove to a third party that an environment is secure/trustworthy
• Quickly assess the security of a less mature control environment (in a sense a technical risk assessment)
• To validate that significant changes did not have unanticipated results

Best Practices for Firing A Network Security Administrator

Want to know how to fire a Network Admin? Need to know what precautions to take? Firing any employee can be a stressful event. Firing one who has significant knowledge of and privileged access to your Information Technology/Security infrastructure is even more stressful, as the risks are so notable.

Is ISO 27001 Right for (Y)our Organization?

Thinking about ISO 27001 Certification? View our free On-Demand ISO 27001 Webinar

• How to deal with increasing threats
• How to manage multiple regulatory requirements
• How to handle client requests for attestation
• To validate that significant changes did not have unanticipated results

Free Download: ISO 27001 Implementation Roadmap

Have no fear – our “roadmap” will guide you, step by step, through the entire ISO 27001 process.

Getting to ISO 27001 certification is a process made up of things you already know – and things you may already be doing!

Download: Information Security Attestation Guide

A Best-Practices Guide to Information Security Attestation

Download our proven Information Security Guide to simplify the process of protecting your data, proving you’re secure and growing your business.