When it comes to vendor due diligence, many companies are raising the bar.
In addition to evaluating vendor revenue, growth, and skills, security is becoming an important focus. With almost half of security breaches occurring because of vendors, it’s no wonder that security attestations and certifications […]
Check out our webinar from Christian Hyatt and Sawyer Miller where they discuss everything you need to know to prepare for your first ISO 27001 Certification.
Listen to the podcast episode: HERE
At risk3sixty, we have helped many clients implement ISO 27001. Through this work, we have pinpointed a few common misconceptions surrounding the framework. In this post, we will dig into these misconceptions and shed some light on the ISO 27001 implementation process.
An important part of IT security is maintaining an asset inventory. The inventory should document owners, data classification and other pertinent information. Consider cost and metrics associated with the asset’s lifetime. A physical asset inventory enables an IT department to have security […]
Many organizations are facing the challenge of maintaining their ISO 27001 certification schedule during the Coronavirus (COVID-19) pandemic. This includes scheduling (or rescheduling) on-site audits in a time when most organizations aren’t sure when they will be able to […]
If you’ve been on stage for a speech or performing arts, you know stage fright is real. Businesses can get nervous when they hear the word “audit” in the same way musicians can get nervous before a performance. However, there is one great way to alleviate that fear: preparation. If your business prepares well, you will see the fruits […]
Identifying and maintaining measures of success in privacy programs.
The publication of ISO 27701 is an exciting development for all companies looking to enhance and potentially certify their privacy programs. As companies race to digest and implement the new standard, many questions arise around how to address some of its particular requirements. One such area involves the governance of an ISO 27701 […]
How to keep the keys to the kingdom from escaping the kingdom.
Proper password management is a huge step that an organization can take to strengthen security. It also addresses multiple criteria for all the major security frameworks. For example, see examples from ISO 27001 and SOC 2 as of the date of this writing:
ISO 27001 A9.4.2: Where required by the access […]
Throughout the process of maturing your governance and compliance environment, you have likely encountered the need for conducting an annual or quarterly preparedness exercise, commonly referred to as a “tabletop exercise”.
These exercises are required for compliance with numerous standards, including ISO 27001/22301, GDPR, and SOC 2 just to name a few. While the focus of each tabletop may change, the format […]