Aug 6, 2020 | Compliance, Cybersecurity, ISO27001
An Overview of CMMC The Cybersecurity Maturity Model Certification, also known as CMMC, is a new standard for implementing cyber security controls across the 300,000 companies in the DOD’s supply chain. This framework combines controls and ideas from several NIST,...
Jul 28, 2020 | Compliance, Cybersecurity, ISO27001
Who Needs ISO 27001? Every day we hear from organizations being asked if they are 27001 compliant and what they need to do to become compliant. The ISO 27001 standard provides a very well-rounded assessment to prove you have an effective information security...
Jul 21, 2020 | Compliance, ISO27001, Podcast, Uncategorized
Podcast: Play in new window | DownloadSubscribe: Apple Podcasts | Android | Email | Google Podcasts | Stitcher | TuneIn | Spotify | RSS | MoreOn this week’s episode we’re talking to Kristof about ISO 27001. We cover the who, what, when, why, and how of ISO and...
Jun 17, 2019 | Cybersecurity, Information Security, ISO27001
By: Justin Fimlaid What does it mean when ISO 27001 references an ISMS? An ISMS stand for Information Security Management System. This essentially means that it is a programmatic structure that allows you to build a security framework and controls specific to and...
Jun 3, 2019 | Compliance, Cybersecurity, HIPAA, Information Security, ISO27001, NIST 800-53, Payment Card Industry
By: Justin Fimlaid The Ohio Data Protection Act was passed in August of 2018 and went into effect as of November 2018. What’s unique about this data protection law is that it’s unlike recently passed privacy legislation recently seen in California and...
Feb 13, 2019 | Audit, Compliance, HIPAA, Information Security, ISO27001, New York Cyber 23 NYCRR 500, NIST 800-53, Risk Management
By: Kristof Holm We’ve written several blogs on risk assessments and controls assessments. However, these two terms are often co-mingled, used interchangeably, or incorrectly. Unfortunately, it’s very easy to do this and often if we aren’t careful even professionals...
Jan 16, 2019 | Audit, HIPAA, IRS1075, ISO27001, MARS-E, New York Cyber 23 NYCRR 500, NIST 800-53
By: Justin Fimlaid The beginning of the year is a great time to review your security posture. You have many options available to you as to how you conduct security review. The most common ways that we see companies approach a review of their security program generally...
Aug 20, 2014 | Information Security, ISO27001
I have people ask me all the time about Security Assessments, benchmarking their Security Program, what the best framework is, etc. I usually point them to ISO27001 as framework to benchmark and measure their Information Security Program. ISO27001 is commonplace in...
Aug 20, 2014 | Compliance, Information Security, ISO27001, Risk Management
By Justin Fimlaid The new version of ISO27001 is coming out soon. This is the first revision of ISO27001:2005. This is exciting to me, and means a couple things: our industry is maturing and we have a new platform for growth and guidance. There’s some much...
