Security matters are now further complicated by all sorts of new phenomena: cloud computing, increased telecommuting, industrial espionage and the rise of social networking.
Trenton, NJ (PRWEB) August 27, 2009
On August 20, John Verry (CISA), Principal Enterprise Security Consultant at Pivot Point Security (Hamilton, NJ), addressed a gathering of regional CSO executives, held at Reed Smith (599 Lexington Ave, New York). Senior information security executives listened attentively while Roland Cloutier, CSO of EMC, began the event with his keynote address centered on "Data Protection".
John Verry then spoke, noting that "CSOs face ever increasing regulation and compliance issues." Verry's approach to the data protection topic was focused through the lens of ISO 27001, the only measurable standard for security information. Verry, a certified ISO 27001 Lead Auditor, stated "Security matters are now further complicated by all sorts of new phenomena: cloud computing, increased telecommuting, industrial espionage and the rise of social networking." Short of divine intervention, Verry said there is no "silver bullet" for data protection. However, he cited the need for some kind of "road map" to determine which point solutions and which standards are best applied to every situation.
That "road map", said Verry, is ISO 27001 and he outlined its benefits from a CSO perspective:
1) ISO 27001 is a certifiable standard (you can prove you are secure to a known set of criteria)
2) It simplifies information security into an overarching process (27001) with a correspondent list of standards (27002)
In addition, Verry stated: "ISO 27001 is applicable to all compliance requirements and can be harmonized with COBIT, ITIL, OWASP, OSTMM, NIST, etc."
Verry concluded that "27001(2) provides a structured approach proven over 10 years across thousands of organizations. Most importantly, getting started with 27001 can be simple as it is largely comprised of activities with which CSOs are already familiar."
To download a copy of the presentation click on the link below:
Introduction to ISO 27001
Pivot Point Security, located in central NJ, is a boutique information assurance firm providing independent and objective information security expertise to our varied client base. Our policy of not selling product and our absolute focus on four core practice areas; Security Assessments, Ethical Hacking, Compliance Assessments, and Security Information Event Management (SIEM) ensures that we have the highest possible levels of competence and independence. PPS provides assessments throughout the Eastern seaboard region and SIEM implementation nationwide. PPS currently consults on ISO 27001 projects and welcomes inquiries. Visit us at http://www.pivotpointsecurity.com
For further information, contact: Lisa Zorovich, 609.581.4600 ext 320 or lzorovich(at)pivotpointsecurity.com