Clik here to view.
Don’t let ISO-27001 Fall into the SAS-70 Checkbox Trap !
This post is derived from a response I posted to a great question on a LinkedIn ISO 27001 group I enjoy. The question was: 6. Internal ISMS [Information Security Management System] Audits. To what...
View ArticleInformation Security Surprises Keep Energy Organizations Off Balance
These Energy IT Security links are part of a weekly series, Ethical Hacker Roundup, featuring the information security and cyber security related articles that we’ve read over and thought worth sharing...
View ArticleVendor Risk Management: The End of “SMB Information Security”
A quote in an article I read years ago about a very successful investor (it might have been Warren Buffet) seems incredibly relevant to me today. It went something like: “The average investor reads an...
View ArticleClik here to view.
RX for the Flu? A Business Continuity Plan
How would your organization operate if it lost 5% of its employees due to flu quarantine? 10%? Could you survive it being 20% for two weeks? What if it was centered in your IT organization or your...
View ArticleWhat Horse Meat & Cloud Security Have in Common
Occasionally in the middle of a conversation a strange “association” pops into my head. This is one of those cases. During a business breakfast with a lawyer (litigator) client of Pivot Point Security,...
View ArticleClik here to view.
Shared Assessments – They’re Not Just Vendor Risk Management
It seems that when most people hear “Shared Assessments” they immediately think of Vendor Risk Management. While that thought process is valid and makes a lot of sense, I think that it is limiting. For...
View ArticleClik here to view.
“High Business Impact” Data—A Better Way to Talk about Vendor Risk
I have been around long enough to remember when the phrase “Microsoft security” was an oxymoron. But it’s amazing how things have changed in the last five years or so. Microsoft has really come into...
View ArticleClik here to view.
5 Keys to a Strong Vendor Risk Management Program
Recently I worked with a client that has no enterprise risk management (ERM) program per se. But their overall security posture is pretty solid. How is this possible? They outsource multiple business...
View ArticleTen Steps Towards a Vendor Risk Management Policy
Nearly every company shares proprietary information with vendors, or entrusts sensitive customer data to them to store and process. In so doing, you extend to them the responsibility you have to your...
View Article6 Strategies to Ensure Your Vendor’s Disaster Doesn’t Become Your Disaster
In the context of vendor risk management, many companies evaluate critical vendors’ financial health, management style, level of experience, references, etc. But few organizations look into a vendor’s...
View ArticleMitigating Single Points of Failure
A big part of recovery planning is identifying and mitigating single points of failure (SPOFs). SPOFs are the bane of disaster recovery and high availability for IT and the business as a whole. And...
View ArticleConsiderations for Managing Fourth-Party/Supply Chain Risk
Cyber-criminals’ successful targeting of service providers has made vendor risk management an increasingly hot topic in information security. But what about risk from your vendor’s vendors… and their...
View Article