by John Verry | Feb 4, 2019 | ISMS Consulting
Okay, that was harsh… But anyone who has had the “pleasure” of explaining the “simple complexity” of the NIST Cybersecurity Framework to management or other non-technical folks understands how challenging it can be. As the Virtual CISO for several organizations that... by John Verry | May 11, 2018 | Penetration Testing
Editor’s Note: This post was originally published in June 2013 and has been updated for accuracy and comprehensiveness. NIST/FISMA guidance is generally more prescriptive than most other forms of information security guidance. However, there are limits to any... by John Verry | Sep 15, 2016 | ISO 27001 Certification
Pivot Point Security has recently seen a lot of interest in NIST 800-171, with the biggest question being; “How do we get NIST 800-171 compliant/certified?” NIST 800-171 is a relatively new NIST publication that addresses the requirements for a system to properly... by Lauren Wilder | Oct 13, 2015 | ISMS Consulting
Lately several clients have asked my opinion of how well their information security management system (ISMS) stacks up against industry peers. That’s an important consideration, because the more you know about the state of your security controls the better you can... by John Verry | Mar 4, 2014 | ISO 27001 Certification
Recently I had an interesting call from a client that is getting ready for their ISO 27001 certification audit. Their business is in a vertical that would be considered “critical infrastructure” (CI) and therefore subject to the NIST Cybersecurity Framework (NCsF)....
