Security for Humans: How to Be Secure but Stay Sane
Featuring me exercising (perish the thought!), cats, and the ISO-27001 certification. Here’s the => googledoc
I gave this talk at the TestableLA Meetup in 7/2019. The point was to show how big-S Security (aka Risk Management) is actually a concrete logical process, not something to freak out about. Just like Devs and QA have a feedback cycle with code and tests, in Risk Management the business has a feedback cycle. The business has certain assets (people, information, servers), and certain risks to those assets (person leaves, information leaks). Risk Management is a process to estimate the cost to the business, and either fix the problems or remediate them. It makes a lot of sense, actually.
Resources:
- https://www.iso27001security.com/html/toolkit.html
- Tons of documents and diagrams!
- https://www.itgovernanceusa.com/iso27001
- https://www.iso27001security.com/html/risk_mgmt.html
- FAQ with lots of high-level info!
