Es importante recordar que la gestión del riesgo contri....
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
Just a few days ago NIST published a complete refresh of the SP800-53, which provides a catalog of security measure to protect an organization against a variety of risks and threats.
How might NIST guidance fit in an information security management system like ISO/IEC 27001 and its privacy extension ISO/IEC 27701?
In this session, we will make a quick walk-through the standards and best practices, compare them, and find out how they map and differ from one another.
The webinar will cover:
- A quick recap of the topics covered in ISO27001/ISO27701
- Discovering the NIST guidelines for Information & cyber Security (SP800-SP1800)
- Main differences and mappings between NIST guidance and ISO27001
- About the latest publication (sep/2020) on NIST SP800-53 (Security and Privacy Controls for Information Systems and Organizations)
- Implementing information & cyber-security best practices
Presenters:
Our first presenter for this webinar is Peter Geelen, director and managing consultant at CyberMinute and Owner of Quest for Security, Belgium. Over more than 20 years, Peter has built strong experience in enterprise security & architecture, Identity & Access management, but also privacy, information & data protection, cyber- and cloud security. Last few years, the focus is on ISO/IEC 27001 and other ISO certification mechanisms. Peter is accredited Lead Auditor for ISO/IEC 27001, ISO 9001, PECB Trainer and Fellow in Privacy. Committed to continuous learning, Peter holds renowned security certificates as certified ISO/IEC 27701 lead implementer and lead auditor, ISO/IEC 27001 Master, Sr. Lead Cybersecurity Manager, ISO/IEC 27002 lead manager, ISO/IEC 27701 Lead Implementer, cDPO, Risk management, Lead Incident Mgr., Disaster Recovery, and many more.
Our second presenter is Erwin AM Geirnaert, Co-founder and Chief Application Security Architect at Shift Left Security, a Belgian cybersecurity start-up specialized in securing start-ups, scale-ups and SMBs against malicious cybercriminals. Erwin is a specialist in mobile security, J2EE security, .NET security, API Security and web services security. Erwin has more than 20 years’ experience in executing security tests aka penetration testing of web applications, mobile apps, APIs and thick client applications. In addition, Erwin also architects secure e-business projects for banks, web agencies and software companies. He is also a recognized application security expert and speaker at international events like Javapolis, LSEC, OWASP, Eurostar, Infosecurity, etc.
Link of the recorded webinar on Youtube:
Slides of the webinar: