by John Verry | Jun 11, 2013 | ISO 27001 Certification
A common misconception is that an organization can choose to get certified to the ISO 27002 standard. I’ve noticed that this misconception is more prevalent with long-time information security practitioners, who understand that ISO 27002 is just a renamed version of...
by John Verry | Jun 27, 2012 | ISO 27001 Certification
Our Ethical Hacker Roundup last week included a blurb on stricter laws to protect patient health information (PHI) in Health Information Exchanges (HIEs). That led me to download and read the new ISO-27010 Standard (Information technology — Security techniques —...
by Scott | Nov 2, 2011 | ISMS Consulting
During a recent discussion, a customer asked John Verry what the differences are between an ISO 27002 Gap Assessment and a BITS Shared Assessment. As usual, we decided to educate our blog readers with the answer to that question. ISO 27002 Gap Assessment An ISO 27002...
by John Verry | Sep 5, 2011 | ISO 27001 Certification
A colleague asked me about my opinion on the differences between HITRUST Certification and ISO 27001 Certification. More specifically, he asked three very important questions. I decided to share my thoughts and reply on the blog because I believe it will provide a lot...
by John Verry | Mar 17, 2011 | ISO 27001 Certification
The phrase “Small Is Beautiful” is widely credited to by British economist E. F. Schumacher. It has evolved to champion small, enabling and empowering approaches, , in contrast with phrases such as “bigger is better”. A lunchtime conversation...
