Estimated read time: 3-4 minutes
This archived news story is available only for your personal, non-commercial use. Information in the story may be outdated or superseded by additional information. Reading or replaying the story in its archived form does not constitute a republication of the story.
[IN] EDU HTS FIN
[SU] POL ECO
-- WITH PHOTO -- TO BUSINESS, AND EDUCATION EDITORS:
HISPI Founder Taiye Lambo to Present the 2013 HISPI Top 20 Mitigating
Controls and Framework at the 2014 GRC Summit
ATLANTA, March 3, 2014 /PRNewswire/ -- The Holistic Information
Security Practitioner Institute (HISPI) is proud to announce that its
founder Taiye Lambo will be presenting some of its most valuable
research - the Top 20 Mitigating Controls based on internationally
accepted information security management system standard ISO/IEC 27001
at the 2014 GRC Summit.
The 2014 GRC summit in Boston, MA scheduled for March 4-6 provides
risk, audit and compliance executives a platform to share ideas, learn
from peers and improve upon existing methodologies that have been
created to support the people, process and technology of their
With highly publicized security breaches and data losses reaching an
all time high in 2013, organizations worldwide are struggling to keep
up with the latest cyber security threats and are discovering that
Compliance alone to a particular standard, regulation or framework is
no longer enough to mitigate against the threat of a security breach
and data loss.
The research data behind the HISPI Top 20 Mitigating Controls is
compiled monthly by HISPI members and the output is published on the
HISPI website yearly.
Unlike the SANS Top 20 Critical Security Controls which are mostly
technical controls derived from NIST Special Publication 800-53, the
HISPI Top 20 Mitigating Controls are based on control failures that
resulted in actual security breaches and data losses. They are focused
on People and Process instead of just Technical controls, allowing
organizations to adequately prioritize the implementation and
continual improvement of cyber security controls based on the most
commonly exploited control failures. Weaknesses in People and
Processes accounted for most of the publicly disclosed real world
security breaches in 2012 and 2013.
The first HISPI Top 20 Mitigating Controls was published in early 2012
based on data compiled in 2011 and is being utilized by leading GRC
platforms and programs such as the CloudeAssurance platform and the
HISPI managed Cloud Assurance Assessor Program (CAAP).
While participating in the five framework development workshops hosted
by NIST in partnership with DHS, White House and other stakeholders,
several HISPI members leveraged the HISPI Top 20 Mitigating Controls
from 2012 to shape the development of the recently published NIST
Cybersecurity Framework by ensuring that most of these critical
controls were included.
"HISPI leadership made the strategic decision to launch our Top 20
Mitigating Controls for 2013 at the 2014 GRC Summit with the goal of
promoting our valuable research and sharing our best practices with
fellow practitioners and thought leaders at this event," explained
Ralph Johnson, President of HISPI.
About The Holistic Information Security Practitioner Institute
The Holistic Information Security Practitioner Institute (HISPI) is an
independent certification organization providing training and
certification on the integration of best practices for enterprise and
cloud information security management, auditing and compliance
HISP Certified individuals have the skills to help their organizations
or clients implement a solid information security management program,
conforming to ISO/IEC 27001:2005 / ISO/IEC 27002:2005 and compliant
with applicable laws, regulations and contractual obligations.
The Holistic Information Security Practitioner Institute (HISPI) is
the oversight body of the Cloud Assurance Assessor Program (CAAP).
To download the latest HISPI Top 20 Mitigating Controls, please visit
HISP Institute (HISPI)
Read more news from The Holistic Information Security Practitioner
SOURCE The Holistic Information Security Practitioner Institute
PRN Photo Desk, firstname.lastname@example.org
/Web Site: https://www.hispi.org
CO: The Holistic Information Security Practitioner Institute
ST: Georgia Massachusetts
IN: EDU HTS FIN
SU: POL ECO
-- PH74903 --
0000 03/03/2014 13:30:00 EDT http://www.prnewswire.com
Copyright © The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.