Over the weekend, I published a sample repository on Codeberg.1 It proposes treating ISMS documentation like code. The concrete example is an ISO 27001 risk assessment for organizational assets. The focus is less on the document itself and more on the underlying concept. Everything is written in a universal, text-only format that will still be editable in any editor 50 years from now: Markdown. Read more

The third and last part of my little blog series is all about planning and implementation. Inevitably, we come into contact with project management and other underlying factors. I keep my promise from part one and finally show a blueprint for risk assessment. I hope you enjoy the read! Read more

In the previous webinar on IT risk assessment and information security, participants questioned me during the 15-minute live hacking session: Is this not illegal? We took a closer peek at the servers of an ambulant care unit and two other businesses. I found them by chance from a total of 28 million hosts1 across Germany using specific search terms. Read more

My rant showed some effect ;-) Coming Friday, 2nd October 2020 from 7pm on, I will give a presentation covering IT risk assessment and information security. Everything will be hands-on with realistic (live) examples from the web for an audience of developers, project managers, independent consultants and anyone interested in technology. Read more