Quantcast
Channel: Thoughts | PivotPoint Security
Browsing latest articles
Browse All 35 View Live

SAS-70 is Dead, Long Live the King (ISO27001?)

This posting is intended for my fellow auditors working in the Fortune 1000 world. The Yankees are no longer winning the World Series every year, Bill Clinton lives in NY not Washington DC, and Y2K is...

View Article



What McDonald’s Can Teach Us About Information Security

I spoke this week at an event where I was discussing how globalization is impacting information security and used the McDonald’s at the Louvre in Paris as a very sad example of how we are unfortunately...

View Article

HITRUST vs. ISO-27001 (or is it?)

The process of “realization” is an interesting one. My first thoughts on HITRUST tended towards the negative; “Why do we need another ISO-27001 derivative information security framework?” “Why not just...

View Article

Rationalizing Risk Assessments – Objectivity be Damned?

Just finished my nth (non-fulfilling) conversation on our approach to Information Security Risk Assessments with our Audit Lead.  It still amazes me that something so fundamentally logical/right is so...

View Article

ISO 27001 Scope –“Bigger Isn’t Always Better”

The phrase “Small Is Beautiful” is widely credited to by British economist E. F. Schumacher.  It has evolved to champion small, enabling and empowering approaches, , in contrast with phrases such as...

View Article


Is The Motion Picture Industry A Model For Information Security?

I recently had reason to spend some time looking at the “Content Security Best Practices Common Guidelines” published by the Motion Picture Association of America (MPAA). The guidelines are intended to...

View Article

ISO 27001 to ISO 27003 Standards

Comparing the ISO 27001 Roadmap to the ISO 27003 Guidance for Implementation One of the most frequently asked questions Pivot Point Security gets when speaking with clients about implementing ISO 27001...

View Article

“Certified” Penetration Testing Company

It’s not uncommon for potential client to ask “Is your company certified to provide Penetration Testing?”.  It’s a great question and one that unfortunately does not have a good answer – YET. Via a...

View Article


ISO-27010 – Information Security Guidance for Information Exchange

Our Ethical Hacker Roundup last week included a blurb on stricter laws to protect patient health information (PHI) in Health Information Exchanges (HIEs).  That led me to download and read the new...

View Article

Browsing latest articles
Browse All 35 View Live




Latest Images