richardk/iso27diy-corp
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

flattened posts folder

Browse source
This commit is contained in:
Richard Kranendonk 2026-06-02 17:56:26 +02:00
parent 831590bc72
commit 103e506117
19 changed files with 0 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

51
marketing/publications/posts/s01p03en - Security is a management issue.md Normal file
View file

@ -0,0 +1,51 @@
---
title: "Security isn't an IT problem, it's a management issue"
language: en
proposition: advisory
series-id: s01
series-title: "Security as an organisational challenge"
series-part: 3
audience:
- leadership
channels:
- linkedin
linkedin-account: personal
content-type:
- post
status: published
publish-dates:
linkedin: 2026-05-15T17:30:00Z
published-urls:
linkedin: "https://www.linkedin.com/posts/richardkranendonk_managingsecurity-iso27001-resilience-activity-7461105663067283456-E_-F"
notetype: publication
isotags: []
tags: []
---
`Posted on 15 May 2026 19:30 CEST to LinkedIn personal stream`
# Security isn't an IT problem, it's a management issue.
That was the core of the previous two posts. The question remains: how to embed security in your organization?
Individual measures help, but in an organization that keeps moving, they quickly fall short. People leave, ways of working change, new tools are introduced, laws and regulations evolve.
You need to establish a management process that makes risks visible, assigns ownership, and allows for corrections. ISO 27001 provides a framework for exactly that.
ISO 27001 doesn't have the best reputation: unnecessary bureaucracy, paperwork overload, 14 sign-offs for every change. That's unfair. It's a framework you can tailor to your organization. At its core: managing risks, assigning ownership, and continuous improvement. Robust enough for corporates, flexible enough for smaller organizations. And you can reap the benefits without pursuing certification.
Ask yourself: how has my organization made sure that information security doesn't depend on one person, one moment, or one department?
I'd be curious to hear how that's arranged in your organization. Feel free to send me a message if you'd like to compare notes.
— Security as an organizational challenge — 3/3
\#managingsecurity \#iso27001 \#resilience