by John Verry | Mar 8, 2018 | InfoSec Risk Assessment
One thing many of our customers struggle with is integrating ongoing risk assessments into their cybersecurity programs. That’s a real problem, as an optimized cybersecurity program is fully reliant on understanding risk and putting the right information security...
by John Verry | Mar 6, 2018 | Security Awareness Training
For an organization to comply with Payment Card Industry Data Security Standard (PCI DSS) Requirement 12.6, they must have a formal security awareness program in place. On reviewing a number of these programs over the last few years, I have been surprised to note how...
by John Verry | Dec 5, 2017 | ISMS Consulting
Recently I had the interesting experience… chatting with a handful of potential Virtual Chief Information Security Officer (vCISO) clients over the last few weeks, each expressed they wanted to replace their current vCISO providers. Whenever we are asked to replace...
by John Verry | Oct 25, 2017 | ISMS Consulting
In a previous blog post, I tried to raise awareness of the fact that, although small businesses were not usually cyber attack “targets” per se, information security is still critical for them because such a high percentage of cybercrime attacks are...
by John Verry | Sep 19, 2017 | InfoSec Strategies
I have written a couple of blog posts in recent months that touched on keys to avoiding ransomware and I stand by the recommendations that I’ve made regarding ISO 27001 scoping, security awareness training, and more. That being said, the...
