1-888-PIVOT-POINT | 1-888-748-6876 info@pivotpointsecurity.com
Talk with an Expert »
Select Page
Access Here >> The Recipe & Ingredients for ISO 27001 Certification

Sitemap

Higher Education Faces a New Information Security Compliance Check

The other day I had a somewhat harried conversation with the IT director of a small liberal arts college. She was justifiably concerned about a new Gramm-Leach-Bliley Act (GLBA) compliance check that has been added to the student financial aid cluster in the Office of...

You Probably Don’t Know Who Your Vendors Are

A disturbing fact that often comes to light in conversations with clients and prospects is that IT and information security teams don’t know what vendors their company is sharing sensitive data with. Sure, they can name their most mission-critical vendors, like their...

Ransomware: The Game Changer

A game changer is “a newly introduced element or factor that changes an existing situation or activity in a significant way.” The IT field has a rich history of game changers, from the integrated circuit to the first IBM PC to cloud computing. Of course, like...

When It Comes to Patching Vulnerabilities, “Missing Some Spots” Isn’t Good Enough

One of the challenges of my job is about once every five weeks or so our marketing director shakes me down for a blog topic. If I don’t have one in mind he tries to brainstorm with me. “What’s going on in your practice that’s new or interesting?” he always asks. You...

Certified or Not—If You Got Breached, You Didn’t Do Enough

Recently I had a hypothetical conversation with our marketing director about “what if” a spokesperson or responsible party for a government agency, local municipality, regulated organization or business of any size stood up in public and said: “Yes, we got hacked. But...

The Bright Side of InfoSec – I Love Being an Information Security Consultant

This is a little unusual for this blog but on a day I’m feeling exceptionally chipper, I thought I’d put some positive vibes into the world. I’ve been in the IT/information security profession for over 20 years and I’ve never enjoyed it more than now. In fact, I’m...

Information Security Policy Documentation: Simple is Better

Organizations seeking ISO 27001 certification sometimes choose to “err on the side of caution” and document “everything.” Usually this is because they don’t have a solid understanding of what ISO 27001 actually requires them to document. Last week I conducted an...

A Strong Information Security Posture is a Business Enabler

Many of the clients I work with are startups or small to medium sized businesses (SMBs). These smaller, newer companies face challenges in establishing a robust information security posture. But when they get it right, security can be a powerful enabler for acquiring...

Role of the CISO in 2020: It’s Like Playing the Classic Board Game “Risk” (All Day Every Day)

The role of the CISO (Chief Information Security Officer) is to build and maintain his or her company’s security vision, strategy and program to ensure information assets and technologies are adequately protected. Due to the ever-greater scope and intensity of...

Your ISO 27001 Scope – It’s All About that Data, bout that Data, no Treble

Meghan Trainor was on to something… those are the lyrics to that song, right? Last week one of my clients got a little frantic about the scope of his company’s ISO 27001 engagement. They’re a SaaS vendor and he was stuck on the idea that “We need to protect our...