What People Get Wrong About ISO 27001 Compliance

Just because ISO 27001 suggests a control, doesn’t mean you have to have it – in fact, you could be hurting yourself if you do by wasting money and have more trouble in an audit than you would otherwise. Your controls depend on your risk — not ISO suggestions. That’s just one of the many misunderstandings people have about the ISO 27001 standard. In this solo episode, host John Verry, CISO & Managing Partner at Pivot Point Security goes in depth on the most common misperceptions around ISO 27001 compliance. Some notable examples: - Why your controls need to be in accordance with your risk - Why you don’t need to go crazy documenting absolutely everything - Why you shouldn’t overcommit on controls To hear this episode, and many more like it, you can subscribe to The Virtual CISO Podcast here. If you don’t use Apple Podcasts, you can find all our episodes here. Listening on a desktop & can’t see the links? Just search for The Virtual CISO Podcast in your favorite podcast player.