richardk/iso27diy-corp
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Reorganized some notes

Browse source
This commit is contained in:
Richard Kranendonk 2026-06-03 14:25:30 +02:00
parent 0b4734927a
commit 0f1efefc1d
25 changed files with 35 additions and 66 deletions
Download patch file Download diff file Expand all files Collapse all files

38
marketing/publications/website/tsw-manifesto.md Normal file
View file

@ -0,0 +1,38 @@
---
title: "The Manifesto for Information Security Management"
description: "Every organization can build a mature security management system, creating compliance without complexity. Security management that adds actual business value by facilitating agility instead of introducing rigidity. Without hefty consulting bills."
date: 2026-03-23
categories: ["Company"]
tags: ["manifesto", "philosophy"]
draft: false
---
Through working with our clients we have come to value:
* Business over security
* Purpose over policy
* Iteration over perfection
* Risk-based decisions over checkbox compliance
While there is value in the items on the right, the items on the left are what makes security last.
---
## Our 10 Principles for implementing an effective ISMS
*We follow these principles:*
1. Our highest priority is to enable the business to achieve its goals with effective information security.
2. Adaptability is the foundation of good security.
3. Accountability for security rests with business management.
4. Every employee, at every level, carries an active responsibility for security within their own work scope. Leadership creates the conditions for this to happen.
5. Security professionals and business stakeholders meet regularly, face to face, to discuss risks and measures in the context of real work.
6. An exception properly handled is better than a rule blindly followed. Deviations are mostly a sign of bad policies, not of bad people.
7. Abstract risks breed diffuse responsibilities. A risk that belongs to everyone is a risk that belongs to no one.
8. Risk arises where work is done. Those doing the work are best placed to identify it.
9. Maturity requires reflection. Regularly examine what is working, what is not, and why. Adjust accordingly.
10. Do the right thing!
By following these principles, any organisation can build information security management that enables the business, adapts to change, and is carried by everyone in it.
© 2026 Thinking Security Works