In its 10th installment, the 2014 Governance, Risk Management and Compliance Summit will be looking at numerous GRC topics facing corporate professionals and leading companies.



Estimated read time: 3-4 minutes

This archived news story is available only for your personal, non-commercial use. Information in the story may be outdated or superseded by additional information. Reading or replaying the story in its archived form does not constitute a republication of the story.

[STK]

[IN] EDU HTS FIN

[SU] POL ECO

-- WITH PHOTO -- TO BUSINESS, AND EDUCATION EDITORS:

HISPI Founder Taiye Lambo to Present the 2013 HISPI Top 20 Mitigating

Controls and Framework at the 2014 GRC Summit

ATLANTA, March 3, 2014 /PRNewswire/ -- The Holistic Information

Security Practitioner Institute (HISPI) is proud to announce that its

founder Taiye Lambo will be presenting some of its most valuable

research - the Top 20 Mitigating Controls based on internationally

accepted information security management system standard ISO/IEC 27001

at the 2014 GRC Summit.

(Logo: http://photos.prnewswire.com/prnh/20140303/PH74903LOGO)

The 2014 GRC summit in Boston, MA scheduled for March 4-6 provides

risk, audit and compliance executives a platform to share ideas, learn

from peers and improve upon existing methodologies that have been

created to support the people, process and technology of their

organizations.

With highly publicized security breaches and data losses reaching an

all time high in 2013, organizations worldwide are struggling to keep

up with the latest cyber security threats and are discovering that

Compliance alone to a particular standard, regulation or framework is

no longer enough to mitigate against the threat of a security breach

and data loss.

The research data behind the HISPI Top 20 Mitigating Controls is

compiled monthly by HISPI members and the output is published on the

HISPI website yearly.

Unlike the SANS Top 20 Critical Security Controls which are mostly

technical controls derived from NIST Special Publication 800-53, the

HISPI Top 20 Mitigating Controls are based on control failures that

resulted in actual security breaches and data losses. They are focused

on People and Process instead of just Technical controls, allowing

organizations to adequately prioritize the implementation and

continual improvement of cyber security controls based on the most

commonly exploited control failures. Weaknesses in People and

Processes accounted for most of the publicly disclosed real world

security breaches in 2012 and 2013.

The first HISPI Top 20 Mitigating Controls was published in early 2012

based on data compiled in 2011 and is being utilized by leading GRC

platforms and programs such as the CloudeAssurance platform and the

HISPI managed Cloud Assurance Assessor Program (CAAP).

While participating in the five framework development workshops hosted

by NIST in partnership with DHS, White House and other stakeholders,

several HISPI members leveraged the HISPI Top 20 Mitigating Controls

from 2012 to shape the development of the recently published NIST

Cybersecurity Framework by ensuring that most of these critical

controls were included.

"HISPI leadership made the strategic decision to launch our Top 20

Mitigating Controls for 2013 at the 2014 GRC Summit with the goal of

promoting our valuable research and sharing our best practices with

fellow practitioners and thought leaders at this event," explained

Ralph Johnson, President of HISPI.

About The Holistic Information Security Practitioner Institute

The Holistic Information Security Practitioner Institute (HISPI) is an

independent certification organization providing training and

certification on the integration of best practices for enterprise and

cloud information security management, auditing and compliance

requirements.

HISP Certified individuals have the skills to help their organizations

or clients implement a solid information security management program,

conforming to ISO/IEC 27001:2005 / ISO/IEC 27002:2005 and compliant

with applicable laws, regulations and contractual obligations.

The Holistic Information Security Practitioner Institute (HISPI) is

the oversight body of the Cloud Assurance Assessor Program (CAAP).

To download the latest HISPI Top 20 Mitigating Controls, please visit

https://www.hispi.org/memberdownloads.php

Contact:

Taiye Lambo

HISP Institute (HISPI)

Phone: 678-886-3912

Email

Read more news from The Holistic Information Security Practitioner

Institute.

SOURCE The Holistic Information Security Practitioner Institute

-0- 03/03/2014

/Photo: http://photos.prnewswire.com/prnh/20140303/PH74903LOGO

PRN Photo Desk, photodesk@prnewswire.com

/Web Site: https://www.hispi.org

CO: The Holistic Information Security Practitioner Institute

ST: Georgia Massachusetts

IN: EDU HTS FIN

SU: POL ECO

PRN

-- PH74903 --

0000 03/03/2014 13:30:00 EDT http://www.prnewswire.com

Copyright © The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

The Associated Press

    SIGN UP FOR THE KSL.COM NEWSLETTER

    Catch up on the top news and features from KSL.com, sent weekly.
    By subscribing, you acknowledge and agree to KSL.com's Terms of Use and Privacy Policy.

    KSL Weather Forecast