Kristof Christoph, New Harbor, Zach discussed on Pwned: The Information Security Podcast
All right, what's up, everybody? This is Zach again and today I am joined by Kristof Christoph Hello. And KRISTOF just because not everyone may know who you are what you do. do you WanNa? Give a little bit of background at what you do in new harbour. So I lead our Information Assurance assessments team. And so we do a wide range of. Risk and compliance, and security assessments. So we're you know we're kind of in that vertical with with some of the traditional quote, unquote audit type. Folks but obviously being new harbor. We Really Pride ourselves on. Having more of a security focused on some of those traditional audit type firm so. Yeah, that's that's what we do. And what kind of audits like what? What would be like an example of some of that stuff that you would do? Yeah so you guys may have heard of Eyeso- or nist or Or Hip all of those are really in our wheelhouse so. you know there's a couple of different flavors? Some are things that I would call compliance based, so that would be more of a hippo or API flavor, and so those compliance rigs have a lot of different requirements that our clients have to follow. That's like centers for Medicaid Medicare and then like credit cards stuff right? Yeah, so. Yeah exactly so the Centers for Medicaid and Medicare. CMS has a lot of. Security requirements, and so we do assessments against that and then the Pi Council. Publishes the P. C. Idea essence. Security requirements. It's a lot of fun, cool and today we're talking ice. Oh correct, yes, so ISOS Kinda like the goldilocks of in my opinion of the security framework, so it's kind of in between all the others and It's one that we're really working hard to Expand our service offerings for new Arbor. And what would be like I guess? I've I think we hear a lot from people that they think they need ice. Oh what are sort of like some examples of companies that you know why they would want to investigate that, and maybe even just sort of an overview of what I so actually is are the I obviously has standards for everything. But specifically for the area that you're specialized in. Yeah, so that's a really good point. Zach so when we talk about. eyeso- at New Harbor. We're talking about ice. Oh Twenty, seven, thousand, one, which is the information security management system standard for.