White Papers

Considering FedRAMP?

Why You Should Consider FedRAMP…

With a total of 49 cloud services approved for the FedRAMP authority to operate, it’s hard to think of a reason not to at least consider FedRAMP. In February 2011, United States CIO Vivek Kundra estimated a budget of  $20 billion for moving Federal IT systems to cloud-based solutions.[1] The FY 2016 Congressional Justification of the 2016 budget for the GSA[2] has an entire section devoted to declaring the benefits of FedRAMP, and includes a line item of $2.6 million for expanding the FedRAMP Joint Authorization Board (JAB) to expedite the process for organizations pursuing FedRAMP Authorization.

Request White Paper

Why every business desires an Information Security Management System (ISMS)

A high priority among the challenges facing business leadership today is the business dictum of “doing more with less”, in addition to meeting the more rigorous security and compliance requirements facing your business from both customers and regulators alike. With the amount of available security and compliance products and services on the market today, it’s extremely difficult to know what’s best for your business. This whitepaper sets out the benefits and provides a business case for an Information Security Management System (ISMS) conforming to ISO 27001.

Request White Paper

Understanding ISO 27001

The information security field has traditionally been based on sound "best practices" and "guidelines". While this cumulative wisdom of the ages is valid, it is also subject to various interpretations and implementations, not always consistent or harmonious. Furthermore, without the risk justification required by ISO 27001, "best practice" is in reality "best guess" devoid of the underlying analysis that makes control implementation both justifiable and defensible. ISO 27001 offers multiple benefits to an organization if applied correctly.

Request White Paper

Understanding Information Security Management Systems (ISMS)

Organizations have long been practicing information security but not effectively managing information security. Assuming that security guidance is being given, and security activities performed, organizations have some form of an Information Security Management System already in place, although perhaps immature and incohesive. The ISMS process brings Quality Management concepts to the discipline of information security with numerous benefits.

Request White Paper

Understanding ISO 27002

As a standard that is primarily conceptual, ISO 27002 is NOT:

  • A technical standard
  • Product or technology driven
  • An equipment evaluation methodology

ISO 27002 is a comprehensive minimum baseline of information security controls that all Information Security Programs SHOULD address in some manner. This paper provides detail on the ISO 27002 standard and discusses the benefits of ISO 27002 and a comparison to the ISO 27001 standard.

Request White Paper