|
|
|
|
|
|
by Grikbdl
253 days ago
|
|
|
> In theory, being ISO27001 means that you're environment follows best practices and has a somewhat sane security posture. Nah, it just means you have defined, documented processes and document that you stick to them. They actual processes can be shit and maybe you also have something on the side the auditors don't get shown, but ultimately the certification is a total joke. Source: Worked at a place that got certified despite being a security joke. |
|
|
Yes and no. Even if it is a joke there is one thing it qualifies: You at least spent time looking at the process. This already is a gain over complete wild west.