Feb 13, 2019 | Audit, Compliance, HIPAA, Information Security, ISO27001, New York Cyber 23 NYCRR 500, NIST 800-53, Risk Management
By: Kristof Holm We’ve written several blogs on risk assessments and controls assessments. However, these two terms are often co-mingled, used interchangeably, or incorrectly. Unfortunately, it’s very easy to do this and often if we aren’t careful even professionals...
Jan 16, 2019 | Audit, HIPAA, IRS1075, ISO27001, MARS-E, New York Cyber 23 NYCRR 500, NIST 800-53
By: Justin Fimlaid The beginning of the year is a great time to review your security posture. You have many options available to you as to how you conduct security review. The most common ways that we see companies approach a review of their security program generally...
Aug 20, 2014 | Information Security, ISO27001
I have people ask me all the time about Security Assessments, benchmarking their Security Program, what the best framework is, etc. I usually point them to ISO27001 as framework to benchmark and measure their Information Security Program. ISO27001 is commonplace in...
Aug 20, 2014 | Compliance, Information Security, ISO27001, Risk Management
By Justin Fimlaid The new version of ISO27001 is coming out soon. This is the first revision of ISO27001:2005. This is exciting to me, and means a couple things: our industry is maturing and we have a new platform for growth and guidance. There’s some much...
