Press Release Headlines

HISPI Founder Taiye Lambo to Present the 2013 HISPI Top 20 Mitigating Controls and Framework at the 2014 GRC Summit

In its 10th installment, the 2014 Governance, Risk Management and Compliance Summit will be looking at numerous GRC topics facing corporate professionals and leading companies.

ATLANTA, March 3, 2014 /PRNewswire/ — The Holistic Information Security Practitioner Institute (HISPI) is proud to announce that its founder Taiye Lambo will be presenting some of its most valuable research – the Top 20 Mitigating Controls based on internationally accepted information security management system standard ISO/IEC 27001 at the 2014 GRC Summit.


The 2014 GRC summit in Boston, MA scheduled for March 4-6 provides risk, audit and compliance executives a platform to share ideas, learn from peers and improve upon existing methodologies that have been created to support the people, process and technology of their organizations.

With highly publicized security breaches and data losses reaching an all time high in 2013, organizations worldwide are struggling to keep up with the latest cyber security threats and are discovering that Compliance alone to a particular standard, regulation or framework is no longer enough to mitigate against the threat of a security breach and data loss.

The research data behind the HISPI Top 20 Mitigating Controls is compiled monthly by HISPI members and the output is published on the HISPI website yearly.

Unlike the SANS Top 20 Critical Security Controls which are mostly technical controls derived from NIST Special Publication 800-53, the HISPI Top 20 Mitigating Controls are based on control failures that resulted in actual security breaches and data losses. They are focused on People and Process instead of just Technical controls, allowing organizations to adequately prioritize the implementation and continual improvement of cyber security controls based on the most commonly exploited control failures. Weaknesses in People and Processes accounted for most of the publicly disclosed real world security breaches in 2012 and 2013.

The first HISPI Top 20 Mitigating Controls was published in early 2012 based on data compiled in 2011 and is being utilized by leading GRC platforms and programs such as the CloudeAssurance platform and the HISPI managed Cloud Assurance Assessor Program (CAAP).

While participating in the five framework development workshops hosted by NIST in partnership with DHS, White House and other stakeholders, several HISPI members leveraged the HISPI Top 20 Mitigating Controls from 2012 to shape the development of the recently published NIST Cybersecurity Framework by ensuring that most of these critical controls were included.

"HISPI leadership made the strategic decision to launch our Top 20 Mitigating Controls for 2013 at the 2014 GRC Summit with the goal of promoting our valuable research and sharing our best practices with fellow practitioners and thought leaders at this event," explained Ralph Johnson, President of HISPI.

About The Holistic Information Security Practitioner Institute

The Holistic Information Security Practitioner Institute (HISPI) is an independent certification organization providing training and certification on the integration of best practices for enterprise and cloud information security management, auditing and compliance requirements.

HISP Certified individuals have the skills to help their organizations or clients implement a solid information security management program, conforming to ISO/IEC 27001:2005 / ISO/IEC 27002:2005 and compliant with applicable laws, regulations and contractual obligations.

The Holistic Information Security Practitioner Institute (HISPI) is the oversight body of the Cloud Assurance Assessor Program (CAAP).

To download the latest HISPI Top 20 Mitigating Controls, please visit


Taiye Lambo

HISP Institute (HISPI)

Phone: 678-886-3912