Ethical Hacker Roundup – Making A Grid Smarter
These Energy IT Security links are part of a weekly series, Ethical Hacker Roundup, featuring the information security and cyber security related articles that we’ve read over and thought worth sharing...
View ArticleWhat Can I Do Now To Prepare For ISO 27001:2013?
As we begin to plan internal Information Security Management System (ISMS) audits in advance of surveillance audits with our ISO 27001 certified clients, here at Pivot Point Security we are...
View ArticleFedRAMP: How the US Government Spells Secure
The US government believes that they can save billions of dollars per year by moving critical applications to the cloud. A recent CIO Magazine article on the current $10 billion US Department of...
View ArticleShould Your Marketing Department Pay For Your ISO-27001, FedRAMP, & SOC2...
I had the opportunity to review a presentation given by one of our client’s CISO to their Senior Management Team. The presentation was focused on reporting on current security initiatives and budgeting...
View ArticleArnold Schwarzenegger, World Hunger, and The Internet of Things
There aren’t many benefits to having been in the game long enough to have proudly owned an iPAQ Pocket PC… except perhaps “perspective.” At least once a year there is a new technological development...
View ArticleNavigating FedRAMP: Agency ATO to GSA Transition
But still they lead me back… To that long, winding road… You left me standing here… A long, long time ago… Don’t leave me waiting here—Lead me to your door! I’m not sure how Paul McCartney presaged...
View ArticleHere’s Why Internal Vulnerability Assessments Are Critical
The other day we had a project kickoff call with a new client who wanted to conduct penetration testing. Some questions quickly came up: Is external vulnerability assessment all we need? Or should we...
View ArticleDon’t Forget to Include Customer Risk in Your Risk Assessment
A week or so ago my wife, who’s a travel agent, parted ways with her employer. She decided to start her own travel planning business—an exciting proposition for both of us. One of the first things we...
View ArticleHITRUST Consulting Challenge: Right Ladder, Wrong Wall
PPS is really starting to feel the impact of the June 2015 HITRUST Alliance pronouncement that a number of key healthcare organizations—including Anthem, Health Care Services Corp., Highmark, Humana,...
View ArticleCarnac the Magnificent and Financial Institution Third-Party Risk Management
With my sincerest apologies to Johnny Carson, you don’t need to be Carnac the Magnificent to predict that what the major financial institutions are doing today with their third-party risk management...
View ArticleWhat Can I Do Now To Prepare For ISO 27001:2013?
As we begin to plan internal Information Security Management System (ISMS) audits in advance of surveillance audits with our ISO 27001 certified clients, here at Pivot Point Security we are...
View ArticleFedRAMP: How the US Government Spells Secure
The US government believes that they can save billions of dollars per year by moving critical applications to the cloud. A recent CIO Magazine article on the current $10 billion US Department of...
View ArticleThe Cyber Executive Order: What is the “Tone from the Top”?
President Biden’s recent “Executive Order on Improving the Nation’s Cybersecurity” covers a lot of ground and advocates “bold changes and significant investments.” But what do the 7,000-plus words in...
View ArticleNew Senate Bill Proposes Multiple Changes to FedRAMP Program
A bipartisan bill introduced in November 2021 seeks to strengthen and streamline the FedRAMP program for securing cloud services to the US federal government. The Federal Secure Cloud...
View Article
