Over the weekend, I published a sample repository on Codeberg.1 It proposes treating ISMS documentation like code. The concrete example is an ISO 27001 risk assessment for organizational assets. The focus is less on the document itself and more on the underlying concept. Everything is written in a universal, text-only format that will still be editable in any editor 50 years from now: Markdown.2 Markdown comes with a few practical advantages: Read more

The third and last part of my little blog series is all about planning and implementation. Inevitably, we come into contact with project management and other underlying factors. I keep my promise from part one and finally show a blueprint for risk assessment. I hope you enjoy the read! As always, the following disclaimer applies: Everything without any claim to completeness and universal validitiy. Your mileage may vary! Don’t ask your IT Departement Where to go when it all comes down to workingplaces at home? To your IT Department? Read more

In the previous webinar on IT risk assessment and information security, participants questioned me during the 15-minute live hacking session: Is this not illegal? We took a closer peek at the servers of an ambulant care unit and two other businesses. I found them by chance from a total of 28 million hosts1 across Germany using specific search terms. The search lasted just a few seconds and after that we browsed through the numerous directories with patient data and medical prescriptions. Read more

My rant showed some effect ;-) Coming Friday, 2nd October 2020 from 7pm on, I will give a presentation covering IT risk assessment and information security. Everything will be hands-on with realistic (live) examples from the web for an audience of developers, project managers, independent consultants and anyone interested in technology. Have a look at the original announcement here. Friday, 02.10.2020, 1900 (CEST, local time) Room: https://meet.jakobs.systems/b/tom-hwb-uzi-mo0 Password: 350533 Everybody is welcome but you should have at least a microphone for discussion after the webinar. Read more