1-888-PIVOT-POINT | 1-888-748-6876 info@pivotpointsecurity.com
Talk with an Expert »
Select Page
Access Here >> The Recipe & Ingredients for ISO 27001 Certification

Sitemap

A Troubling Observation from the American Association of Justice Annual Convention, Part 2

As I mentioned in Part 1 of this post, Pivot Point Security had the privilege of sponsoring and participating in the American Association of Justice Conference in San Diego a few weeks ago. Kudos to the AAJ team who put on the event—it was a great conference in a...

OWASP ASVS Version 4.0 Controls Checklist Spreadsheet + 5 Benefits

If you’re involved in web application security, you’ve probably heard of the Open Web Application Security Project (OWASP) and its popular Top 10 list of vulnerabilities. But you may not be as familiar with a parallel effort that in many ways is even more useful...

Data Privacy Terms – The Language of Privacy

Let’s take a walk down memory lane… as an adolescent attending Rutgers University (attempting to determine what I wanted to do with the rest of my life) I changed my major to Finance midway through college. I figured Finance is all about money and I certainly...

SOC 2 and ISO 27001 Dual Implementation: Does It Make Sense for Your Business?

Recently we have been seeing a lot of interest among clients and prospective clients in working towards SOC 2 attestation and ISO 27001 certification at the same time. This isn’t unexpected given how much the new SOC 2 framework parallels ISO 27001. Is this a good...

The Future of Cyber Risk Management Revolves around C-Level Communication

Recently I blogged about how cyber risk management is moving "from the server room to the board room,” and shared senior executives’ top security concerns based on recent client engagements. In this follow-on post, I’ll discuss the key driver for this...

80/20 Cyber Security, Part 4—The 3 “Damage Control” Controls

If you’ve been following along with this multi-part post, you’ve seen how to mitigate about 80% of your InfoSec risk with 20% of the effort by systematically tackling your biggest risk—social engineering/phishing attacks. In this part 4, I’ll cover the final...

80/20 Cyber Security, Part 3—The 3 Essential Technical Controls

In part 1 of this post I applied “the 80/20 rule” to cyber security. The goal is to mitigate about 80% of your InfoSec risk with 20% of the effort, by addressing the biggest risk—social engineering and especially phishing attacks. Starting in part 2, I’m...

With Security Attestations, Size Matters (Not Yours… Your Clients’)

Why should security attestations be different from clothing, shoes, bank accounts and, well, a lot of things… You may not like it but you can’t get around it. The simple fact is that going after big clients means you need big attestations. If you’re selling...

5 Reasons to Kickstart Your Vendor Risk Management Program with a Vendor Risk Assessment Template

With the average cost of a vendor data breach reaching $3.92 million, organizations are looking for stronger vendor risk management (VRM). If your organization is looking to address VRM but you’re new to the process, a vendor security questionnaire (also referred...

Analysis of the Capital One Breach

“Not to worry, our data is safe; it’s in the cloud!” Famous last words that should be filed alongside with, “This ship is unsinkable” prior to this impending collision with an iceberg. Brian Krebs reported recently that Capital One experienced a data breach and...