The ISO 27000 series is a set of important security documents released by the International Organization for Standardization (ISO) to provide a guideline for best practices in IT security management, ISMS development and organizational security and risk management practices. The earlier documents (27001, 27002, etc.) serve as a baseline for this series, and many of the following documents build from that foundation. 

Later documents in the series develop guidelines describing more specialized applications. One of these, ISO 27017, address security practices for the expanding area of cloud infrastructure that most of our business operations rely on. 

Read More

In our continuing series on penetration testing, we have discussed different approaches to pen testing the benefits of conducting such tests. Here, we will continue by addressing penetration testing as a practice inside one of the most important security frameworks for federal agencies and contractors: NIST 800-53.

While the core documentation of NIST 900-53 contains hundreds of security controls, one dedicated section speaks to the value and best practices of penetration testing. Here, we’ll discuss how penetration testing plays a role in NIST 800-compliance and how you can incorporate it into your compliance strategy. 

Read More

Penetration testing is an increasingly common security practice for many businesses using sophisticated IT or cloud systems. Under CMMC, penetration testing is even more important because achieving higher levels of responsibility and capabilities calls for some form of penetration testing. 

Here we’re discussing how penetration testing plays into CMMC regulations and when you can begin to expect it as a requirement. 

Read More