What is ISO 27002 and Why Do I Need to Know About It?

ISO 27002 featured

Cybersecurity is integral to any data-driven business, but building an effective cybersecurity apparatus can be challenging, if not outright daunting. Outside of industry-specific regulations, simply grasping the complexity of modern security threats and IT infrastructure has become an intellectual discipline on its own. That’s why compliance frameworks exist to help companies like yours best implement environments that can meet modern cyber threats.

One organization, the ISO, has dedicated significant resources to develop best practices and frameworks for organizations like yours to build effective and scalable cybersecurity systems that meet both the challenges of modern threats and the demands of modern compliance. ISO has released a series of documents, called the ISO 27000 series, to speak directly to these challenges. 

While we have previously discussed ISO 27001 and its importance to data-driven businesses, we will now expand that discussion into the next document, ISO 27002, and why it’s important to your organization. 

 

Read More

How Can Penetration Testing Help with Risk Assessment and Management?

penetration testing rmf featured

Risk management is emerging as a necessary practice for large enterprise businesses and SMBs alike. It isn’t the case that you can simply plug into a cloud provider, operate a few servers on-prem and install firewall and malware protection to call it a day. Risk management is a real process that requires insights into your systems and their operations, and practices like penetration testing and vulnerability scanning can help with that process. 

 

Read More

FedRAMP vs. FISMA Compliance: What is the Difference?

FedRAMP and FISMA

Working with federal agencies can be a big boon for enterprise and SMB service providers. Not only are they working in a lucrative and challenging space, but they can also provide critical infrastructural support to the operation and defense of our country. The regulations, however, can prove a nightmare. For example, should you adhere to FISMA vs. FedRAMP? What is NIST? Who can I work with to help me get started? 

Here, we’ll answer one of the more basic and important questions: What is the difference between FedRAMP and FISMA authorization? Depending on the type of services you offer, you could be working through a set of similar, yet slightly modified, regulatory obligations. 

 

Read More