Sitemap

What Does the Future of Compliance in a CI/CD Pipeline Look Like?

We need a new compliance model for today’s cloud-first, full cycle software development methods. When “software is eating the world,” checking boxes in an annual audit is no help at all. But what tools and skills will be needed to address this profoundly important...

We Need a New Compliance Model for the DevOps Era

In a world where full cycle software development teams release multiple builds to production per day, traditional methods of verifying compliance with cybersecurity and privacy guidelines have fallen by the wayside. A new compliance model is needed—but what should it...

What the New ISO 27001:2021 Release Will Mean to You

If your organization is ISO 27001 certified, you are likely aware that the International Organization for Standardization (ISO) is changing the structure of the ISO 27001/27002 control framework.  This is notable because the current structure has persisted for the...

Don’t “Over-Commit and Under-Deliver” on Your ISO 27001 Controls

With most cybersecurity frameworks, such as SOC 2 or NIST 800-171, the emphasis is on the controls, with all organizations being obliged to implement the same “one size fits all” control set. Many companies seeking ISO 27001 certification treat it similarly—their goal...

ISO 27001 Top Tip: Focus on Process, Not Controls

Organizations that are pursuing ISO 27001 certification often think that the standard is all about the controls. When you’ve implemented and documented all 114 controls in ISO 27001’s Annex A, you’re good-to-go for your certification audit, right? But wait a tick......

Think Beyond ISO 27001 Certification While You’re Prepping for It

If your company is working towards ISO 27001 certification, you may be laser-focused on achieving that goal, and perhaps not worrying about what other cybersecurity and privacy efforts might need to come later. But with a little extra thought and planning, you could...

Why the DOD’s Review of CMMC Will Mean More to C3PAOs Than It Will to DIB Contractors

A lot of DIB members are anxiously awaiting the results of the DoD's review of CMMC.  The guidance that I have been giving our clients is that the review is less likely to impact you than the C3PAOs.  My argument is simple: the most likely impact, if any, is some...

Don’t Rush Your ISO 27001 Certification

Most organizations pursue ISO 27001 certification because they are under pressure from clients, regulators and/or investors to prove they can protect sensitive data. Often, there’s time pressure as well. Deals may be on the line. So let’s get that ISO 27001...

ISO 27001 Doesn’t Require as Much Documentation as You Think

If your organization is preparing for an ISO 27001 certification audit, you’re probably documenting everything but the steps for cleaning the coffee maker in your break room. Who cares if nobody ever looks at it again or uses it to maintain your ISO 27001 information...

Senior Management Can’t Just “Rubber Stamp” ISO 27001 Certification

ISO 27001 certification is a big change for most businesses; one that impacts not just IT but many departments from legal to HR to the C-suite. Because what you’re actually certifying under ISO 27001 is your information security management system (ISMS) and not your...