Globalization & Cloud Driving ISO-27001 Adoption

"Driven to ISO 27001 ... Driven by ISO 27001" - presented by John Verry, principal consultant at Pivot Point Security (Hamilton, NJ) to the Unisys Community of Practice Group on June 15, 2010, focuses on three "pain" points driving organizations to the ISO-27001 framework as a simple and logical response. Verry cites the "cloud economy", a "flatter world" and the growth of increasingly ambiguous and overlapping information security regulations as the main factors - and then explores how and why ISO 27001 is poised to change information security.

ShareThis Email PDF Print

Overlapping Regulations Drive Businesses to ISO 27001

Driven To ISO 27001 - Driven By ISO 27001

Trenton, NJ (Vocus) June 22, 2010

The Enterprise Security Professionals Community of Practice (COP) was established by Unisys to enhance the depth and breadth of skills within their internal IT security community. Aligning with the Unisys Area of Strength (Protect People and Identities, Protect Assets, Secure Information Systems, Protect Locations) the COP has hosted such well-known speakers as Tom Kellerman (The Commission on Cyber Security), Roger Cressey (Good Harbor Consulting) and Marcus H. Sachs (Executive Director for National Security and Cyber Policy at Verizon). On June 15, 2010, the COP invited John Verry, principal consultant at Pivot Point Security, to address the group on ISO 27001.

The premise of the presentation ("Driven To ISO 27001 - Driven By ISO 27001" was that the only logical response to the changes relating to the “cloud economy”, a “flatter world”, and the growth of increasingly ambiguous and overlapping information security regulations is is the ISO27001 framework. “Assuming so, the implications to other frameworks (e.g., NIST/COBIT), technologies (e.g., SIEM/IT-GRC), Attestation (e.g., SAS-70/Penetration Testing), Good Practices (e.g., OWASP), and Information Security Consultants & Practitioners are significant,” said Verry. “That’s why I believe ISO-27001 is poised to change the face of information security.”

Pivot Point Security has long been a leading advocate of meeting the challenges of change through ISO 27001, the only international information security standard. “We’ve created a lot of educational resources on our website,” said Verry. (ISO 27001 Resources) “I’m hoping that everyone will come to see that ISO 27001 is a ‘recipe’ that has been vetted by thousands over the last 15 years, an international standard usable and accepted worldwide.”

One of the things Verry likes most about advocating ISO 27001 is its emphasis on Continuous Improvement. “In our world, we can’t afford to stay still – and if we’re not moving forward, we’re moving backward. ISO 27001 keeps organizations and their personnel moving forward well beyond actual certification.”

About Pivot Point Security
Continually evolving technology, business requirements, regulations, and threats make “being secure” and “proving you’re compliant” increasingly complex. The only logical response: Simplify. Pivot Point Security makes it easier to prove that you are secure and compliant by:

Focusing on the core group of security assessment services you need to do so;
Taking the time to understand your business and then optimizing our approach for your unique situation;
Delivering reports and guidance that are easily understood and acted on by both management and technical personnel; and,
Basing your assessment and recommendations on trusted, “open” (non-proprietary, non-vendor specific) guidance to simplify the process of operating and maintaining your Information Security Management System after we leave.

Pivot Point Security focuses solely on information security audit activities, with a special emphasis on ISO 27001.

###