by Ryan Buckley | Oct 9, 2019 | InfoSec Strategies
If customers or other stakeholders are asking you for an information security attestation (my guess is they are), which of the leading frameworks do you pick—SOC 2 or ISO 27001? Both enable your organization to demonstrate your IT operations and information security... by Eddie Taliaferro | Sep 18, 2019 | InfoSec Strategies
In my work I find that many CISOs are in a Catch-22 position with the businesses they protect. Often CISOs are judged on the number of security breaches or other incidents that are reported on their watch. Ironically, senior management can view “no incidents” as “no... by Aurore Watts | Aug 28, 2019 | ISO 27001 Certification
Recently we have been seeing a lot of interest among clients and prospective clients in working towards SOC 2 attestation and ISO 27001 certification at the same time. This isn’t unexpected given how much the new SOC 2 framework parallels ISO 27001. Is this a good... by Aurore Watts | Aug 19, 2019 | InfoSec Strategies
Why should security attestations be different from clothing, shoes, bank accounts and, well, a lot of things… You may not like it but you can’t get around it. The simple fact is that going after big clients means you need big attestations. If you’re selling software... by Leigh Ronczka | Jul 23, 2019 | InfoSec Strategies
How do you really know your highest-risk vendors are doing what they say they’re doing, security-wise—especially if it involves meeting your specific requirements? Do you insist on the right to audit vendors? If so, do you have the skills and technology savvy to do...
