“Doing ISO 27001 with CIS CSC as the control set”
The CIS CSC controls are designed to prevent breaches, but there is no current means to be audited as compliant with this standard and prove that it was implemented effectively. ISO 27001 audits are generally done with the ISO 27002 control set in mind, but it is far from a requirement. In this talk, I’ll discuss how we’ve approached this frankenstein approach to security standards and auditing, and discuss our success and challenges.
Walt Williams, CISSP®, SSCP®, CPT has served as an infrastructure and security architect at firms as diverse as GTE Internetworking, State Street Corp, Teradyne, The Commerce Group, and EMC. He has since moved to security management, where he now serves as Director of Information Security at Monotype. He is an outspoken proponent of design before build, an advocate of frameworks and standards, and has spoken at Security B-Sides, BASC, 27K, Wall of Sheep, and RiskSec Toronto.
Mr. Williams’ articles on security and service oriented architecture have appeared in the Information Security Management Handbook. He has sat on the board of directors for the New England ISSA chapter and was a member of the program committee for Metricon. He has a master’s degree in anthropology from Hunter College.
Get promotions and special offers directly to your inbox.