ISO 27001 Path to Certification: The Business Case for ISO 27001 Implementation (Whitepaper Part 1 of 3)

Cybersecurity is a business problem impacting the livelihoods of companies and their owners. As a result, Management and Leadership must take steps to proactively mature their information security posture. A great place to begin (or continue) maturing your security environment is through the implementation of a security framework such as ISO 27001. If you are[…]

How a Better IT Risk Assessment May Change Your Thoughts on the Traditional Gap Analysis

Does your company perform a risk assessment? If you said yes, what did you mean by “risk assessment”? I ask because often when people say “risk assessment” they are thinking “gap analysis”. As an IT auditor sometimes our instinct is to select our favorite security framework (probably ISO 27001 or NIST 800-53) and begin identifying gaps in the control[…]