by Ryan Buckley | Oct 9, 2019 | InfoSec Strategies
If customers or other stakeholders are asking you for an information security attestation (my guess is they are), which of the leading frameworks do you pick—SOC 2 or ISO 27001? Both enable your organization to demonstrate your IT operations and information security... by John Verry | Sep 25, 2019 | InfoSec Strategies
A healthy level of skepticism seems to be an occupational hazard of working in information security. Hence, my hopes were not all that high when I recently sat down with a Boulevardier and the new ISO 27701 standard (“Security techniques – Extension to ISO 27001... by Eddie Taliaferro | Sep 18, 2019 | InfoSec Strategies
In my work I find that many CISOs are in a Catch-22 position with the businesses they protect. Often CISOs are judged on the number of security breaches or other incidents that are reported on their watch. Ironically, senior management can view “no incidents” as “no... by John Verry | Sep 10, 2019 | InfoSec Strategies
As I mentioned in Part 1 of this post, Pivot Point Security had the privilege of sponsoring and participating in the American Association of Justice Conference in San Diego a few weeks ago. Kudos to the AAJ team who put on the event—it was a great conference in a... by Larry Moore | Aug 27, 2019 | InfoSec Strategies
Recently I blogged about how cyber risk management is moving “from the server room to the board room,” and shared senior executives’ top security concerns based on recent client engagements. In this follow-on post, I’ll discuss the key driver for this maturation... by Aurore Watts | Aug 19, 2019 | InfoSec Strategies
Why should security attestations be different from clothing, shoes, bank accounts and, well, a lot of things… You may not like it but you can’t get around it. The simple fact is that going after big clients means you need big attestations. If you’re selling software...
