22 Mar Government | Category - Pivot Point Security The New NIST Secure Software Development Framework: Why It’s So Important for the USG Supply Chain January 19, 2024 By John Verry Based on hard lessons learned from the SolarWinds attack plus “smell the coffee” guidance like the Biden administration’s May 2021 Exec... Continue reading
10 Mar ISO 27001 Certification | Category - Pivot Point Security Microsoft Just Endorsed ISO 27001 (and ISO 27701) Over SOC 2! Here’s What It Means to You January 14, 2024 By John Verry As a longtime fan of ISO 27001 and its new privacy extension ISO 27701, I found this recent announcement from Microsoft very interestin... Continue reading
03 Mar Government | Category - Pivot Point Security New False Claims Act Initiative Could Increase Federal Contractors’ Cyber Compliance Risk January 17, 2024 By John Verry All federal contractors and grant recipients need to be aware of the new Civil Cyber-Fraud Initiative from the US Department of Justice... Continue reading
03 Mar Ethical Hacking It’s Hard to Spell Security with API (Translation: You Need an AppSec Strategy) January 19, 2024 By John Verry The rapid growth of APIs has led to significant security risks. Unless you have been marooned on an uncharted coral atoll for the last ... Continue reading
24 Jan ISMS Consulting How (Not) to Perfect Your ISO 27001 Information Security Management System in Only 3 Years January 16, 2024 By John Verry When Pivot Point Security decided to pursue ISO 27001 certification in 2015, we assumed it would be a slam dunk. After all, we had been... Continue reading