December 4, 2020

ISO 27001 is manageable and not out of reach for anyone!

It’s a process made up of things you already know – and things you may already be doing.
Get your ISO 27001 Roadmap – Downloaded over 4,000 times

Last Updated on January 15, 2024

When you just got hit with a lawsuit or a data breach, the last thing you want to be doing is interviewing data forensics providers. Yet that’s exactly where most SMBs end up.
“Ideally nowadays you want to know me in advance,” quips Brian Dykstra CISSP, CCFP and CEO of Atlantic Data Forensics. Brian was our special guest on a recent episode of The Virtual CISO Podcast, hosted as always by Pivot Point Security’s CISO and Managing Partner, John Verry. 
Usually when you need data forensics or related services, it’s best to get those processes underway before you have an issue (before key data is lost or obscured).

But an equally important reason for planning ahead for data forensics, according to Brian, is the requirements of your cyber liability insurance (CLI) carrier.

“It’s a matter of just going, okay, well, we know Atlantic Data Forensics and they’re going to be our chosen provider and while nobody’s hair is on fire and there’s no incidents going on or anything else, letting [the CLI provider] know… Here’s their rates, all that sort of stuff,” underlines Brian. “So you’re just sort of prepared and you know … what you should do.”

That preparedness is also key for incident response planningJohn shares: “When we write an incident response plan, we’re trying to get all that information in there. … You need to know who your attorney … is going to be. .. Who your forensics partner is going to be.” 
“And I like what you said about the cyber liability insurance company because some of them play hard and fast with this concept of authorized response agents,” notes John. “If they’re either not an authorized response agent or they haven’t been approved and they start the investigation, [the CLI provider] can technically obviate the coverage. And I’ve actually had a client have that happen when they did their own investigation and cyber liability insurance didn’t cover the cost.”
Data breaches and lawsuits are part of doing business in the modern era. The time to enjoy this informative podcast and get familiar with data forensics scenarios is not when Red Alert lights are flashing and all power is going to the shields.  
Tlisten to this podcast episode with Brian Dykstra in its entiretyand check out growing choice of other informative cybersecurity podcasts, you can subscribe to The Virtual CISO Podcast here. 
If you prefer not to use Apple Podcasts, you can access all our episodes here. 

ISO 27001 Recipe & Ingredients for Certification eBrief

ISO 27001 Recipe & Ingredients for Certification eBrief Discover what you need to achieve ISO 27001 certification! This eBrief will give you a quick and easily digestible introduction to the ISO 27001 standard and the process of becoming ISO 27001 certified.