Information Security Blog

Raising The Bar For IT Security Priorities

These Technology IT Security links are part of a weekly series, Ethical Hacker Roundup, featuring the information security and cyber security related articles that we’ve read over and thought worth sharing from the past week.

These articles have were emailed to us, shared on Twitter @pivotpointsec, Google Plus and read in RSS subscriptions this week.


Calling All Call Centers – Become ISO 27001 Certified

Currently there is no specific standard for IT Security at call centers.  However, in the article on EzineMark, the author wrote how call centers should become ISO 27001 certified and businesses looking to utilize a call center should look for those that are ISO 27001 certified.

As an Information Security Assurance firm who loves ISO 27001, we have to agree with the author.

“Due to the risks of identity theft, call centers have a stringent policy to follow in protecting pertinent client data.”

This is true, as call centers typically have controls in place to mitigate the risk of a potential PII or data breach.

In fact, we have helped numerous call centers develop their ISMS, using ISO 27001/2 as the standard.

“The task of beefing up the security policy doesn’t end with the awarding of the ISO compliance.”

Also true, as the certification requires the call centers to also perform internal audits and 27001 audits on a regular basis.  It also requires that management’s involvement and knowledge of the ISMS.

CIOs And The Priorities

In a recent survey of IT investments from CIOs, 48% of respondents said that Business Continuity is one of their top five priorities and 33% said that IT Security was one of their priorities.

According to the survey, the top five CIO priorities are:

  • Business continuity
  • Cost reduction
  • Improving IT function effectiveness
  • Implementing BI
  • Information Security

It makes sense for business continuity to be the highest priority for CIOs, however doesn’t IT Security overlap with it?

“Ensure that critical business functions will be available to customers, suppliers, regulators, and other entities that must have access to those functions. These activities include many daily chores such as project management, system backups, change control, and help desk. Business continuity is not something implemented at the time of a disaster; Business Continuity refers to those activities performed daily to maintain service, consistency, and recoverability. – Wikipedia

For example, systems backups are crucial for businesses to have, but if the controls placed around the backups are not efficient, then there are risks for potential data loss.

One way to mitigate the risk is to perform a Credentialed Vulnerability Assessment against the server running the backups.  By doing so, potential points of attack could be identified and plugged.

IT Security

There are a variety of other security assessments that we can perform that will help you know you’re secure and prove you’re compliant. We have the right combination of Information Security/Compliance domain expertise, technology industry knowledge and experience, and organizational character to help you define and execute on the best course of action. See how we can help.


Free Whitepaper: Five Best Practices for SIEM


The promise of SIEM is the consolidation of all relevant Security Event Logs from disparate sources into a single unified and normalized data store.

Free Whitepaper: Stop Wasting Money on Penetration Testing


Penetration Testing is most frequently performed to:

  • Substantiate the net effectiveness of a mature control environment
  • Prove to a third party that an environment is secure/trustworthy
  • Quickly assess the security of a less mature control environment (in a sense a technical risk assessment)
  • To validate that significant changes did not have unanticipated results

Free Download: ISO 27001 Implementation Roadmap

ISO 27001 RoadmapHave no fear – our “roadmap” will guide you, step by step, through the entire ISO 27001 process.

Getting to ISO 27001 certification is a process made up of things you already know – and things you may already be doing!

Free Download: ISO 27001 Vendor Selection Toolkit

“ISOOur ISO 27001 Toolkit will help you to select an ISO 27001 consulting firm.
  • Review the Issues Critical to Your Environment
  • "Vet" Vendor Qualifications
  • Compare the Top 3 Vendors
  • Sample RFP Included

Download: Information Security Attestation Guide

Information Security GuideA Best-Practices Guide to Information Security Attestation

Download our proven Information Security Guide to simplify the process of protecting your data, proving you’re secure and growing your business.

Free Download: A Best Practices Guide to Database Security

database security roadmap

Because data is only as secure as the systems & processes it relies on – a holistic approach to data security is essential. This roadmap is not meant to be exhaustive but rather to stimulate the necessary thought process to put you on the path to good data security.

Best Practices for Firing A Network Security Administrator

Firing A Network Security AdministratorWant to know how to fire a Network Admin? Need to know what precautions to take? Firing any employee can be a stressful event. Firing one who has significant knowledge of and privileged access to your Information Technology/Security infrastructure is even more stressful, as the risks are so notable.

Is ISO 27001 Right for (Y)our Organization?


Thinking about ISO 27001 Certification? View our free On-Demand ISO 27001 Webinar

  • How to deal with increasing threats
  • How to manage multiple regulatory requirements
  • How to handle client requests for attestation
  • To validate that significant changes did not have unanticipated results

About the Author:

Marketing at Pivot Point Security

Add a Comment

Share This