by John Verry | May 11, 2018 | Penetration Testing
Editor’s Note: This post was originally published in June 2013 and has been updated for accuracy and comprehensiveness. NIST/FISMA guidance is generally more prescriptive than most other forms of information security guidance. However, there are limits to any...
by John Verry | Sep 15, 2016 | ISO 27001 Certification
Pivot Point Security has recently seen a lot of interest in NIST 800-171, with the biggest question being; “How do we get NIST 800-171 compliant/certified?” NIST 800-171 is a relatively new NIST publication that addresses the requirements for a system to properly...
by Lauren Wilder | Oct 13, 2015 | ISMS Consulting
Lately several clients have asked my opinion of how well their information security management system (ISMS) stacks up against industry peers. That’s an important consideration, because the more you know about the state of your security controls the better you can...
by John Verry | Mar 4, 2014 | ISO 27001 Certification
Recently I had an interesting call from a client that is getting ready for their ISO 27001 certification audit. Their business is in a vertical that would be considered “critical infrastructure” (CI) and therefore subject to the NIST Cybersecurity Framework (NCsF)....
by John Verry | Feb 25, 2014 | InfoSec Strategies
Like most people, I took the fact that the NIST Cybersecurity Framework (NCsF) is characterized as a “voluntary” program to be a true statement. Of course, my suspicious side expected that over the next few years it would evolve to be a mandatory program—perhaps...
