Comment by fareesh
2 months ago
It ends up being a LARP
In reality the starting point itself is something absurd like "all vendors must be ISO certified no exceptions"
Nobody wants to be the person who says an exception is ok in this case, so you get lumped with having to certify.
Now your color palette generator startup is doing ISO certification. You are holding quarterly "information security governance meetings" and maintaining a risk register for... "blue vs slightly different blue".
Many such cases.
No comments yet
Contribute on Hacker News ↗