ZARZA We are Zarza, the prestigious firm behind major projects in information technology.
Listen "What People Get Wrong About ISO 27001 Compliance"
Episode Synopsis
Just because ISO 27001 suggests a control, doesn’t mean you have to have it – in fact, you could be hurting yourself if you do by wasting money and have more trouble in an audit than you would otherwise. Your controls depend on your risk — not ISO suggestions. That’s just one of the many misunderstandings people have about the ISO 27001 standard. In this solo episode, host John Verry, CISO & Managing Partner at Pivot Point Security goes in depth on the most common misperceptions around ISO 27001 compliance. Some notable examples: - Why your controls need to be in accordance with your risk - Why you don’t need to go crazy documenting absolutely everything - Why you shouldn’t overcommit on controls To hear this episode, and many more like it, you can subscribe to The Virtual CISO Podcast here. If you don’t use Apple Podcasts, you can find all our episodes here. Listening on a desktop & can’t see the links? Just search for The Virtual CISO Podcast in your favorite podcast player.
More episodes of the podcast The Virtual CISO Podcast
Ep 149: Unlocking the Future: Passkeys and Passwordless Authentication with Anna Pobletts
06/03/2025
Episode 148: Cloud Detection & Response
11/02/2025
Episode 147: Why vCISO Engagements Fail
29/01/2025
Episode 146: Dark Web Monitoring
07/01/2025
Episode 145: CMMC: The Final Rule
02/12/2024
In God we trust