Absolutely worthless pieces of paper. We had the ISO 270001 and the physical security "walk tour" or whatever it's called; I could've outsourced that to a bunch of preschoolers walking around the offices and data center rooms and would've gotten the same result. The only _actually_ working way to protect your org is to continuously attack your own systems and see what part of it breaks or leaks data.
alt Hacker News
Absolutely worthless pieces of paper. We had the ISO 270001 and the physical security "walk tour" or whatever it's called; I could've outsourced that to a bunch of preschoolers walking around the offices and data center rooms and would've gotten the same result. The only _actually_ working way to protect your org is to continuously attack your own systems and see what part of it breaks or leaks data.