diff --git a/marketing/.DS_Store b/marketing/.DS_Store index f87e027..0003415 100644 Binary files a/marketing/.DS_Store and b/marketing/.DS_Store differ diff --git a/marketing/posts/ZZP/AuditLens CISO agents.md b/marketing/posts/ZZP/AuditLens CISO agents.md new file mode 100644 index 0000000..4fd4a16 --- /dev/null +++ b/marketing/posts/ZZP/AuditLens CISO agents.md @@ -0,0 +1,24 @@ +Original post by Khansa Rahim: https://www.linkedin.com/posts/khansarahim_18000-thats-what-an-iso-27001-consultant-share-7466710362285993984-5Pnj + +πŸ’Έ Β£18,000. That's what an ISO 27001 consultant quoted me to copy-paste templates and disappear once the certificate was on the wall. So I rebuilt the role as 6 AI agents. It cost me almost nothing. Here's the team I built on Claude: ISMS Manager to locks down scope, context and leadership. Risk Manager to turn a blank spreadsheet into a scored risk register. Compliance Analyst to map your controls across all 93 and keeps SoA live. Internal Auditor to run the 100 questions a Stage 2 auditor asks. DPO to draft 72-hour breach notification before the clock beats you. CISO to orchestrates the entire ISMS. Keeps all 5 in sync. What it replaces: β†’ The invoice that lands before any real work does β†’ The deal you lost because a questionnaire wanted a cert you didn't have β†’ The 9am "where's our SoA?" now a live doc 11 SMBs certified this way. Fintech, healthtech and B2B SaaS, most under 60 people. Quick gut check before you scroll: which ISO 27001 control gives your team the most grief - access control, risk treatment, or evidence? πŸ’¬ Comment COMPLIANCE and I'll send the full system: agent prompts, the Annex A control map, and the Stage 2 simulator. Every month you wait is another month of deals gated behind a cert you don't have. Know a founder or CISO bleeding cash on a slow engagement? πŸ”„ Repost this it'll save them more than anything in their feed today. (Connect first so I can DM you.) + +![](AuditLens-agents-diagram.jpeg) + + +--- + +My comment: + +As an auditor, I would ask the leadership of the client organization the following questions: + +1) How did you decide on the scope? What are your business reasons for that choice? How does that choice affect the interests of your stakeholders? +2) How did you come to the risk scores on the spreadsheet? May I see the evidence of the risk analyses process you conducted? Who were involved and who signed off? +3) I see you have made choices in the application of your 93 controls, in terms of business processes and information assets. How did you come to the decisions? How did you tie it to the risk analyses? +4) That’s a very nice breach notification you got there! Would be a shame if a breach happened and you had no actual process implemented and resources assigned once it happens ... +5) Can I speak to the CISO? … oh, he’s busy orchestrating and syncing agents? But in your role description it says she’s a person and is managing real people? + +You can't know the reasoning behing the algorithm. +You are creating a paper reality that has no relationship to what is actually going on in your organization. + +Don't get me wrong: you can automate part of the ISMS. Like evidence collection for the implementation of technical controls, process completeness, drafting policies based on real, specific to the organization, variables. +But the essence is of risk management, controlling actual organizational processes, aantoonbaarheid, and accountability. diff --git a/marketing/posts/ZZP/AuditLens-agents-diagram.jpeg b/marketing/posts/ZZP/AuditLens-agents-diagram.jpeg new file mode 100644 index 0000000..298f46b Binary files /dev/null and b/marketing/posts/ZZP/AuditLens-agents-diagram.jpeg differ diff --git a/marketing/Marketing voor ZZP werk/Posts/For Leadership/s01p01en - IT is not going to fix your security problem.md b/marketing/posts/ZZP/For Leadership/s01p01en - IT is not going to fix your security problem.md similarity index 100% rename from marketing/Marketing voor ZZP werk/Posts/For Leadership/s01p01en - IT is not going to fix your security problem.md rename to marketing/posts/ZZP/For Leadership/s01p01en - IT is not going to fix your security problem.md diff --git a/marketing/Marketing voor ZZP werk/Posts/For Leadership/s01p01nl - De IT afdeling gaat jouw beveiliging niet op orde krijgen.md b/marketing/posts/ZZP/For Leadership/s01p01nl - De IT afdeling gaat jouw beveiliging niet op orde krijgen.md similarity index 100% rename from marketing/Marketing voor ZZP werk/Posts/For Leadership/s01p01nl - De IT afdeling gaat jouw beveiliging niet op orde krijgen.md rename to marketing/posts/ZZP/For Leadership/s01p01nl - De IT afdeling gaat jouw beveiliging niet op orde krijgen.md diff --git a/marketing/Marketing voor ZZP werk/Posts/For Leadership/s01p02en - All security risks start with a decision.md b/marketing/posts/ZZP/For Leadership/s01p02en - All security risks start with a decision.md similarity index 100% rename from marketing/Marketing voor ZZP werk/Posts/For Leadership/s01p02en - All security risks start with a decision.md rename to marketing/posts/ZZP/For Leadership/s01p02en - All security risks start with a decision.md diff --git a/marketing/Marketing voor ZZP werk/Posts/For Leadership/s01p02nl - Een beveiligingsrisico begint met een beslissing.md b/marketing/posts/ZZP/For Leadership/s01p02nl - Een beveiligingsrisico begint met een beslissing.md similarity index 100% rename from marketing/Marketing voor ZZP werk/Posts/For Leadership/s01p02nl - Een beveiligingsrisico begint met een beslissing.md rename to marketing/posts/ZZP/For Leadership/s01p02nl - Een beveiligingsrisico begint met een beslissing.md diff --git a/marketing/Marketing voor ZZP werk/Posts/For Leadership/s01p03en - Security is a management issue.md b/marketing/posts/ZZP/For Leadership/s01p03en - Security is a management issue.md similarity index 100% rename from marketing/Marketing voor ZZP werk/Posts/For Leadership/s01p03en - Security is a management issue.md rename to marketing/posts/ZZP/For Leadership/s01p03en - Security is a management issue.md diff --git a/marketing/Marketing voor ZZP werk/Posts/For Leadership/s01p03nl - Security is geen IT-probleem, maar een managementvraagstuk.md b/marketing/posts/ZZP/For Leadership/s01p03nl - Security is geen IT-probleem, maar een managementvraagstuk.md similarity index 100% rename from marketing/Marketing voor ZZP werk/Posts/For Leadership/s01p03nl - Security is geen IT-probleem, maar een managementvraagstuk.md rename to marketing/posts/ZZP/For Leadership/s01p03nl - Security is geen IT-probleem, maar een managementvraagstuk.md diff --git a/marketing/Marketing voor ZZP werk/Posts/For Leadership/s01p04en - Good intentions dont scale.md b/marketing/posts/ZZP/For Leadership/s01p04en - Good intentions dont scale.md similarity index 100% rename from marketing/Marketing voor ZZP werk/Posts/For Leadership/s01p04en - Good intentions dont scale.md rename to marketing/posts/ZZP/For Leadership/s01p04en - Good intentions dont scale.md diff --git a/marketing/Marketing voor ZZP werk/Posts/For Leadership/s02p01nl - Op 1 juli treedt de Cbw in werking.md b/marketing/posts/ZZP/For Leadership/s02p01nl - Op 1 juli treedt de Cbw in werking.md similarity index 100% rename from marketing/Marketing voor ZZP werk/Posts/For Leadership/s02p01nl - Op 1 juli treedt de Cbw in werking.md rename to marketing/posts/ZZP/For Leadership/s02p01nl - Op 1 juli treedt de Cbw in werking.md diff --git a/marketing/Marketing voor ZZP werk/Posts/For Leadership/s02p02nl - De Cbw vraagt om risicomanagement.md b/marketing/posts/ZZP/For Leadership/s02p02nl - De Cbw vraagt om risicomanagement.md similarity index 100% rename from marketing/Marketing voor ZZP werk/Posts/For Leadership/s02p02nl - De Cbw vraagt om risicomanagement.md rename to marketing/posts/ZZP/For Leadership/s02p02nl - De Cbw vraagt om risicomanagement.md diff --git a/marketing/Marketing voor ZZP werk/Posts/For Leadership/s02p03nl - Waar begin je?.md b/marketing/posts/ZZP/For Leadership/s02p03nl - Waar begin je?.md similarity index 100% rename from marketing/Marketing voor ZZP werk/Posts/For Leadership/s02p03nl - Waar begin je?.md rename to marketing/posts/ZZP/For Leadership/s02p03nl - Waar begin je?.md diff --git a/marketing/Marketing voor ZZP werk/Posts/For Leadership/s02p04nl - Compliant en aantoonbaar.md b/marketing/posts/ZZP/For Leadership/s02p04nl - Compliant en aantoonbaar.md similarity index 100% rename from marketing/Marketing voor ZZP werk/Posts/For Leadership/s02p04nl - Compliant en aantoonbaar.md rename to marketing/posts/ZZP/For Leadership/s02p04nl - Compliant en aantoonbaar.md diff --git a/marketing/Marketing voor ZZP werk/Posts/For Leadership/s02p05nl - Cbw compliance heeft geen finishlijn.md b/marketing/posts/ZZP/For Leadership/s02p05nl - Cbw compliance heeft geen finishlijn.md similarity index 100% rename from marketing/Marketing voor ZZP werk/Posts/For Leadership/s02p05nl - Cbw compliance heeft geen finishlijn.md rename to marketing/posts/ZZP/For Leadership/s02p05nl - Cbw compliance heeft geen finishlijn.md diff --git a/marketing/Marketing voor ZZP werk/Posts/For Leadership/s02p06nl - Bonus post Cbw en 27001.md b/marketing/posts/ZZP/For Leadership/s02p06nl - Bonus post Cbw en 27001.md similarity index 100% rename from marketing/Marketing voor ZZP werk/Posts/For Leadership/s02p06nl - Bonus post Cbw en 27001.md rename to marketing/posts/ZZP/For Leadership/s02p06nl - Bonus post Cbw en 27001.md diff --git a/marketing/Marketing voor ZZP werk/Posts/For MSPs/Do you supply EU customers.md b/marketing/posts/ZZP/For MSPs/Do you supply EU customers.md similarity index 100% rename from marketing/Marketing voor ZZP werk/Posts/For MSPs/Do you supply EU customers.md rename to marketing/posts/ZZP/For MSPs/Do you supply EU customers.md diff --git a/marketing/posts/ZZP/You can't automate ISO 27001 compliance.md b/marketing/posts/ZZP/You can't automate ISO 27001 compliance.md new file mode 100644 index 0000000..966c019 --- /dev/null +++ b/marketing/posts/ZZP/You can't automate ISO 27001 compliance.md @@ -0,0 +1,23 @@ +**You can't automate ISO 27001 compliance** + +Some vendors promise ISO 27001 certification at next to nothing, through the use of AI. Cheap, fast, and effortless. If it sounds too good to be true, it probably is. + +It's true that AI tools can genuinely help with parts of an ISO 27001 implementation, reducing the repetitive work in documenting the ISMS, like drafting policies, issue tracking, document classification, and mapping controls. AI is great at producing documents. But a certification audit is more than a document review. It is designed to probe whether your ISMS reflects what actually happens in your organization. + +These are some examples of questions to expect when you present essential documents to the certification auditor: + +On the Scope Statement β€” How did you decide on this scope? What are your business reasons for that choice, and how does it affect your stakeholders? + +On the Risk Register β€” How did you arrive at these risk scores? What method did you use for conducting the risk analysis? Who were involved, and who signed off? + +On the Statement of Applicability β€” You have made choices in applying the 93 controls. How did you tie those choices to your risk analysis? To which information assets did you apply them specifically? + +On your Incident Response Plan β€” Are the resources it mentions actually available if a breach happens? How and when did you last test these procedures? What were the findings and how did these contribute to the improvement of the plan? + +On Policies and Procedures β€” Do the persons mentioned in these documents understand their responsibilities, and are they mandated to act on them? Can I speak with them? + +The thing is, ISO 27001 isn't really about documents. It's about the reality they reflect. Your ISMS should be about responsibilities, creating awareness, making decisions and accounting for it – the things that actually produce better information security. + +Curious whether others are seeing this pattern: AI-assisted compliance that falls apart in an audit. + +\#ISO27001 \#informationsecurity \#compliance \#ISMS diff --git a/marketing/Marketing voor ZZP werk/agent-instructie.md b/marketing/posts/agent-instructie.md similarity index 100% rename from marketing/Marketing voor ZZP werk/agent-instructie.md rename to marketing/posts/agent-instructie.md diff --git a/marketing/Marketing voor ZZP werk/richard-context.md b/marketing/posts/richard-context.md similarity index 100% rename from marketing/Marketing voor ZZP werk/richard-context.md rename to marketing/posts/richard-context.md