Thank you for an excellent perspective! I really like the narrative story approach. Often I find reports too dry to provide the necessary context, the storytelling approach can provide a good antidote against that!
cyberhakon
joined 1 year ago
1
AI-Powered Threat Hunting on Linux Servers: Honeypot Experiment and Privilege Escalation
(safecontrols.blog)
Hi, security consultant and service developer focusing on OT and DFIR. Working for an international consulting firm, based in Europe. Originally a chemical engineer. Big fan of knowledge sharing!
The controls themselves are not hard to understand. Writing policies describing these controls is also not that hard. But: changing the way an organization is working, in terms of habits, documentation, information management, how we collaborate - that can be really, really hard. So even if the requirements in ISO 27001 and the controls guidance in ISO 27002 look straight forward from a technical point of view, it is not easy to change the way of working for a whole organization! It requires leadership, it requires resources, and enough competent people with internal social capital to help support and drive the change. This is why an ISO 27001 journey is usually not just smooth sailing.