Skip Navigation
InitialsDiceBearhttps://github.com/dicebear/dicebearhttps://creativecommons.org/publicdomain/zero/1.0/„Initials” (https://github.com/dicebear/dicebear) by „DiceBear”, licensed under „CC0 1.0” (https://creativecommons.org/publicdomain/zero/1.0/)MI
m4iler @infosec.pub
Posts 1
Comments 5
Thinkpads

  • X series is great, IMO. Had an X220, replaced that with an X200 that's now serving as my home server.

    The X250 is not that bad either, but I settled on a Dell I got a few years ago from my former company. It's not that bad, but off-topic, so nothing more about it :-D

    •
    ISO27001/27002 - Am I missing something?

  • Looks good! I'll check it out!

    •
    Set default language to English

  • My issue was that Jerboa for Lemmy doesn't show the "Language" selection. I'll probably have to find another Lemmy client.

    • Blue Team @infosec.pub m4iler @infosec.pub

    ISO27001/27002 - Am I missing something?

    TL;DR: Is ISO27001 easy or am I just too dumb to see the complexity?

    Hi!

    Just wanted to start some conversation on a standard that's sorta kinda infamous where I'm currently at, the ISO27001 standard.

    I got tasked with "polishing up an ISMS" for a company and while I can't go into details, I got basically a control name (from 27002:2022) and a description of "what we need it to do." Now that I got into it, I feel that I may be missing something. Most of their controls are "Limit access to server room" or "Make sure access is logged and not permanent."

    Like, the standard is not difficult reading, but if they can explain to ME how the controls should look in the end, what am I missing? Is there some extremely difficult part? Or can I just say "Just make the creds timeout after a month. Source: dude trust me?"

    If you were tasked with implementing ISO27001, did you encounter any specific hurdles that I may not see from where I'm standing? The only thing I can see after I got through all the controls was a feeling that this will be more expensive on time for the security teams.

    Thank you for coming to my TED(x) talk.

    8
    Apologies for the problems

  • Jerry, Jerry, Jerry.

    Just when I think you can't top the Mastodon instance, you go and make this.

    Lovely. Just amazing. Thank you! <3

    •
    Introduce yourself!

  • Heya!

    I am currently in a consultancy role, mostly doing penetration tests, but as everyone knows, "A pentest report without a way to fix findings is just a show-off document." Been doing this for close to 3 years. Before that, I spent a year as a SOC analyst for a global corporation, and before that I was a teacher. My hobbies include lockpicking, all ways to get where I'm not supposed to, and privacy.

    Hope to learn a lot of valuable stuff here, and if I know an answer, I'll happily share!