The New NIST Secure Software Development Framework: Why It’s So Important for the USG Supply Chain

by John Verry | Mar 22, 2022 | Government

Reading Time: 5 minutes         Based on hard lessons learned from the SolarWinds attack plus “smell the coffee” guidance like the Biden administration’s May 2021 Executive Order 14028 on cybersecurity, these realities are undeniable:...

Microsoft Just Endorsed ISO 27001 (and ISO 27701) Over SOC 2! Here’s What It Means to You

by John Verry | Mar 10, 2022 | ISO 27001 Certification

Reading Time: 3 minutes           As a longtime fan of ISO 27001 and its new privacy extension ISO 27701, I found this recent announcement from Microsoft very interesting—and, frankly, aligned with what I have been telling customers...

New False Claims Act Initiative Could Increase Federal Contractors’ Cyber Compliance Risk

by John Verry | Mar 3, 2022 | Government

Reading Time: 4 minutes         All federal contractors and grant recipients need to be aware of the new Civil Cyber-Fraud Initiative from the US Department of Justice (DoJ). Under this new ruling, if you fail to comply with...

It’s Hard to Spell Security with API (Translation: You Need an AppSec Strategy)

by John Verry | Mar 3, 2022 | Ethical Hacking

Reading Time: 3 minutes         The rapid growth of APIs has led to significant security risks. Unless you have been marooned on an uncharted coral atoll for the last five years, you realize that the term application programming...

How (Not) to Perfect Your ISO 27001 Information Security Management System in Only 3 Years

by John Verry | Jan 24, 2022 | ISMS Consulting

Reading Time: 3 minutes           When Pivot Point Security decided to pursue ISO 27001 certification in 2015, we assumed it would be a slam dunk. After all, we had been one of the country’s top ISO 27001 consulting companies for...