1-888-PIVOT-POINT | 1-888-748-6876 info@pivotpointsecurity.com
Talk with an Expert »
Select Page
Access Here >> The Recipe & Ingredients for ISO 27001 Certification

Sitemap

3 “First To-Dos” after You Complete Your Privacy Data Mapping Exercise

Chances are your business is concerned about compliance with privacy legislation like CCPA and GDPR. Perhaps you’ve undertaken a data mapping exercise and are starting to wrap your hands around the “now what?” part of the process. What are the practical first steps...

5 Tips to Create an Effective Information Security Management Committee (ISMC)

For organizations moving to reduce information security risk, an effective information security management committee (ISMC) is essential to drive security strategy, eliminate redundant security effort and spending, get a grip on complex infrastructure issues and...

Hey SaaS Companies! Have an Amazing Product/Service But No Security Program Yet? No Worries!

A number of our current clients, especially in the technology and SaaS sector, are startups or spinoffs with very exciting products. Prospects—including large enterprises—are lining up to evaluate them. But when the discussion turns to security and compliance...

Yes, You Still Need Penetration Testing in the Cloud

Just because you moved your virtual servers, databases and/or applications to the public cloud doesn’t mean they are somehow now magically secure. You still need penetration testing to verify your cloud environment is secure and to uncover any potential risks. Full...

Risk Management – If a Thing is Worth Doing, Its Worth Doing Right

On many engagements, part of my role is helping clients see their initial information security objective in the context of a bigger security picture. For example, a new client just came to us having inadequately addressed a questionnaire/risk assessment from one of...

“From the Server Room to the Board Room”: The 4 Top Concerns of Security-Aware C-Suites

In recent client engagements I’m seeing more and more consistently the path that information security will take for the foreseeable future. Just as companies have focused on financial and legal risk management for perhaps hundreds of years, it’s clear the C-level view...

Hiring Security Talent? Give Professional Certifications the Weight They Deserve (Not More)

Recently I earned a Certified Third Party Risk Assessor (CTPRA) designation from the Shared Assessments Program. This certification intends to validate my knowledge “…within specific IT risk control domains that an individual will need in order to perform a thorough...

The Importance of Scope in Penetration Testing

  Penetration testing seeks to evaluate your security posture using simulated attacks to identify and exploit vulnerabilities. Most pen testing is done by experts using manual techniques supported by automated tools. In any penetration testing engagement, one of...

14 Million Reasons to Update Your Data Classification Policy

  I recently served as an expert witness in a lawsuit where a flawed Data Classification policy was a central element in the case—and ended up costing the plaintiff nearly $14 million. Needless to say, I can’t get into details, but I walked away from the case...

Discover Why CCPA Will Make All Your Data More Secure (Not Just PII)

As Pivot Point Security’s CISO (and with the management team’s full support) I recently decided that we will be CCPA compliant by Q1 2020, even though we are technically exempt. Why? We work for some very large companies with strong Vendor Risk Management programs,...