Information Security Blog

Raising The Bar For IT Security Priorities

These Technology IT Security links are part of a weekly series, Ethical Hacker Roundup, featuring the information security and cyber security related articles that we’ve read over and thought worth sharing from the past week.

These articles have were emailed to us, shared on Twitter @pivotpointsec, Google Plus and read in RSS subscriptions this week.


Calling All Call Centers – Become ISO 27001 Certified

Currently there is no specific standard for IT Security at call centers.  However, in the article on EzineMark, the author wrote how call centers should become ISO 27001 certified and businesses looking to utilize a call center should look for those that are ISO 27001 certified.

As an Information Security Assurance firm who loves ISO 27001, we have to agree with the author.

“Due to the risks of identity theft, call centers have a stringent policy to follow in protecting pertinent client data.”

This is true, as call centers typically have controls in place to mitigate the risk of a potential PII or data breach.

In fact, we have helped numerous call centers develop their ISMS, using ISO 27001/2 as the standard.

“The task of beefing up the security policy doesn’t end with the awarding of the ISO compliance.”

Also true, as the certification requires the call centers to also perform internal audits and 27001 audits on a regular basis.  It also requires that management’s involvement and knowledge of the ISMS.

CIOs And The Priorities

In a recent survey of IT investments from CIOs, 48% of respondents said that Business Continuity is one of their top five priorities and 33% said that IT Security was one of their priorities.

According to the survey, the top five CIO priorities are:

  • Business continuity
  • Cost reduction
  • Improving IT function effectiveness
  • Implementing BI
  • Information Security

It makes sense for business continuity to be the highest priority for CIOs, however doesn’t IT Security overlap with it?

“Ensure that critical business functions will be available to customers, suppliers, regulators, and other entities that must have access to those functions. These activities include many daily chores such as project management, system backups, change control, and help desk. Business continuity is not something implemented at the time of a disaster; Business Continuity refers to those activities performed daily to maintain service, consistency, and recoverability. – Wikipedia

For example, systems backups are crucial for businesses to have, but if the controls placed around the backups are not efficient, then there are risks for potential data loss.

One way to mitigate the risk is to perform a Credentialed Vulnerability Assessment against the server running the backups.  By doing so, potential points of attack could be identified and plugged.

IT Security

There are a variety of other security assessments that we can perform that will help you know you’re secure and prove you’re compliant. We have the right combination of Information Security/Compliance domain expertise, technology industry knowledge and experience, and organizational character to help you define and execute on the best course of action. See how we can help.


Free Download: ISO 27001 Implementation Roadmap

ISO 27001 RoadmapHave no fear – our “roadmap” will guide you, step by step, through the entire ISO 27001 process.

Getting to ISO 27001 certification is a process made up of things you already know – and things you may already be doing!

Is ISO 27001 Right for (Y)our Organization?


Thinking about ISO 27001 Certification? View our free On-Demand ISO 27001 Webinar

  • How to deal with increasing threats
  • How to manage multiple regulatory requirements
  • How to handle client requests for attestation
  • To validate that significant changes did not have unanticipated results

Free Download: ISO 27001 Vendor Selection Toolkit

“ISOOur ISO 27001 Toolkit will help you to select an ISO 27001 consulting firm.
  • Review the Issues Critical to Your Environment
  • "Vet" Vendor Qualifications
  • Compare the Top 3 Vendors
  • Sample RFP Included

Download: Information Security Attestation Guide

Information Security GuideA Best-Practices Guide to Information Security Attestation

Download our proven Information Security Guide to simplify the process of protecting your data, proving you’re secure and growing your business.

About the Author:

Marketing at Pivot Point Security

Add a Comment

Share This