I've seen the exact opposite thing happen: organizations that went into security... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		tptacek on Nov 4, 2021 \| parent \| context \| favorite \| on: Ask HN: Is the ISO 27001 certification worth it? I've seen the exact opposite thing happen: organizations that went into security engineering deficit because of stupid things they were led by an unguided audit process to believe they needed to do. Compliance is a byproduct of security, not the other way around. Never go into a compliance process without an already-clear idea of what your security practice goals are.

irundebian on Nov 6, 2021 [–]

Looks that you don't have any idea of ISO/IEC 27001. ISO/IEC 27001 is actually a standard which forces you to think about your security practices and goals.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact