What is ISO 27002 and Why Do I Need to Know About It?

Sep 22, 2021 Continuum GRC 0 Comment

Featured ISO 27002. Continuum's 2025 controls for information security and GRC.

Cybersecurity is integral to any data-driven business, but building an effective cybersecurity apparatus can be challenging, if not outright daunting. Outside of industry-specific regulations, simply grasping the complexity of modern security threats and IT infrastructure has become an intellectual discipline on its own. That’s why compliance frameworks exist to help companies like yours best implement environments that can meet modern cyber threats.

One organization, the ISO, has dedicated significant resources to develop best practices and frameworks for organizations like yours to build effective and scalable cybersecurity systems that meet both the challenges of modern threats and the demands of modern compliance. ISO has released a series of documents, called the ISO 27000 series, to speak directly to these challenges.

While we have previously discussed ISO 27001 and its importance to data-driven businesses, we will now expand that discussion into the next document, ISO 27002, and why it’s important to your organization.

Penetration Testing and NIST 800-53

Sep 9, 2021 Continuum GRC 0 Comment

Featured NIST 800-53 compliance. Continuum's 2025 GRC for federal security controls.

In our continuing series on penetration testing, we have discussed different approaches to pen testing the benefits of conducting such tests. Here, we will continue by addressing penetration testing as a practice inside one of the most important security frameworks for federal agencies and contractors: NIST 800-53.

While the core documentation of NIST 900-53 contains hundreds of security controls, one dedicated section speaks to the value and best practices of penetration testing. Here, we’ll discuss how penetration testing plays a role in NIST 800-compliance and how you can incorporate it into your compliance strategy.

What is Ransomware and Why Is it a Major Cybersecurity Threat in 2021?

Jun 23, 2021 Continuum GRC 0 Comment

Dreamstime image for policies. Visualize 2025 GRC policy creation.

Major infrastructure in the United States is under attack. As more heavy industrial companies, defense contractors and government agencies increasingly rely on cloud platforms and IT solutions to serve their users and constituents, hackers are finding ways to leverage vulnerabilities and steal information.

The problem with these attacks is that they are taking advantage of the fact that a flaw in a cloud platform can undermine security with a completely unrelated company or industry. As we’ve learned from the SolarWinds hack, the Colonial Pipeline ransomware attack and now the LineStar attack, a single flaw in a cloud platform can open up critical energy production and manufacturing operations to being held hostage for millions of dollars in ransom.

Ransomware isn’t just a consumer issue. Here, we cover the state of ransomware in 2021 and how different organizations are responding to the problem.