What People Get Wrong About ISO 27001 Compliance

Just because ISO 27001 suggests a control, doesn’t mean you have to have it – in fact, you could be hurting yourself if you do by wasting money and have more trouble in an audit than you would otherwise. Your controls depend on your risk — not ISO suggestions. That’s just one of the many misunderstandings people have about the ISO 27001 standard. In this solo episode, host John Verry, CISO & Managing Partner at Pivot Point Security goes in depth on the most common misperceptions around ISO 27001 compliance. Some notable examples: - Why your controls need to be in accordance with your risk - Why you don’t need to go crazy documenting absolutely everything - Why you shouldn’t overcommit on controls To hear this episode, and many more like it, you can subscribe to The Virtual CISO Podcast here. If you don’t use Apple Podcasts, you can find all our episodes here. Listening on a desktop & can’t see the links? Just search for The Virtual CISO Podcast in your favorite podcast player.

Om Podcasten

The Virtual CISO Podcast is a frank discussion that provides the very best information security advice and insights for Security, IT and Business leaders. If you’re looking for the latest strategies, tips, and trends from seasoned information security practitioners, want no-B.S. answers to your biggest security questions, need a perspective on how your peers are addressing the same issues, or just simply want to stay informed and proactive, then welcome to the show. Our moderator, John Verry, chats with industry thought leaders to ensure you have what you need to be confident in your security and compliance. John will keep you informed, and perhaps even mildly entertained, through topics like ISO 27001, breach avoidance, incident response, dealing with pesky security questionnaires, data privacy, and managing vendor risk. Think of it as security… with a smile.