Find a list of your saved stories here

In its 10th installment, the 2014 Governance, Risk Management and Compliance Summit will be looking at numerous GRC topics facing corporate professionals and leading companies.

Save Story

Save stories to read later

Estimated read time: 3-4 minutes

This archived news story is available only for your personal, non-commercial use. Information in the story may be outdated or superseded by additional information. Reading or replaying the story in its archived form does not constitute a republication of the story.





HISPI Founder Taiye Lambo to Present the 2013 HISPI Top 20 Mitigating

Controls and Framework at the 2014 GRC Summit

ATLANTA, March 3, 2014 /PRNewswire/ -- The Holistic Information

Security Practitioner Institute (HISPI) is proud to announce that its

founder Taiye Lambo will be presenting some of its most valuable

research - the Top 20 Mitigating Controls based on internationally

accepted information security management system standard ISO/IEC 27001

at the 2014 GRC Summit.


The 2014 GRC summit in Boston, MA scheduled for March 4-6 provides

risk, audit and compliance executives a platform to share ideas, learn

from peers and improve upon existing methodologies that have been

created to support the people, process and technology of their


With highly publicized security breaches and data losses reaching an

all time high in 2013, organizations worldwide are struggling to keep

up with the latest cyber security threats and are discovering that

Compliance alone to a particular standard, regulation or framework is

no longer enough to mitigate against the threat of a security breach

and data loss.

The research data behind the HISPI Top 20 Mitigating Controls is

compiled monthly by HISPI members and the output is published on the

HISPI website yearly.

Unlike the SANS Top 20 Critical Security Controls which are mostly

technical controls derived from NIST Special Publication 800-53, the

HISPI Top 20 Mitigating Controls are based on control failures that

resulted in actual security breaches and data losses. They are focused

on People and Process instead of just Technical controls, allowing

organizations to adequately prioritize the implementation and

continual improvement of cyber security controls based on the most

commonly exploited control failures. Weaknesses in People and

Processes accounted for most of the publicly disclosed real world

security breaches in 2012 and 2013.

The first HISPI Top 20 Mitigating Controls was published in early 2012

based on data compiled in 2011 and is being utilized by leading GRC

platforms and programs such as the CloudeAssurance platform and the

HISPI managed Cloud Assurance Assessor Program (CAAP).

While participating in the five framework development workshops hosted

by NIST in partnership with DHS, White House and other stakeholders,

several HISPI members leveraged the HISPI Top 20 Mitigating Controls

from 2012 to shape the development of the recently published NIST

Cybersecurity Framework by ensuring that most of these critical

controls were included.

"HISPI leadership made the strategic decision to launch our Top 20

Mitigating Controls for 2013 at the 2014 GRC Summit with the goal of

promoting our valuable research and sharing our best practices with

fellow practitioners and thought leaders at this event," explained

Ralph Johnson, President of HISPI.

About The Holistic Information Security Practitioner Institute

The Holistic Information Security Practitioner Institute (HISPI) is an

independent certification organization providing training and

certification on the integration of best practices for enterprise and

cloud information security management, auditing and compliance


HISP Certified individuals have the skills to help their organizations

or clients implement a solid information security management program,

conforming to ISO/IEC 27001:2005 / ISO/IEC 27002:2005 and compliant

with applicable laws, regulations and contractual obligations.

The Holistic Information Security Practitioner Institute (HISPI) is

the oversight body of the Cloud Assurance Assessor Program (CAAP).

To download the latest HISPI Top 20 Mitigating Controls, please visit


Taiye Lambo

HISP Institute (HISPI)

Phone: 678-886-3912


Read more news from The Holistic Information Security Practitioner


SOURCE The Holistic Information Security Practitioner Institute

-0- 03/03/2014


PRN Photo Desk,

/Web Site:

CO: The Holistic Information Security Practitioner Institute

ST: Georgia Massachusetts




-- PH74903 --

0000 03/03/2014 13:30:00 EDT

Copyright © The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

Most recent Business stories

Related topics

The Associated Press


    Get informative articles and interesting stories delivered to your inbox weekly. Subscribe to the Trending 5.
    By subscribing, you acknowledge and agree to's Terms of Use and Privacy Policy.

    KSL Weather Forecast