---
tags:
  - project/iso27DIY
  - dev
  - design
---


Personae:
- co-owner of a scrappy startup
- lonely professional within an organization with low cybersecurity affinity (Dennis Clarisse bij Multrship)

Business Personae:
- implementator
- auditor (intern)
- auditor (extern)
- business manager (afdeling, proces)
- compliance officer
- CISO
- n.b. de IT afdeling is niet anders dan een business afdeling, alleen zitten er meer risico’s en hebben ze meer maatregelen te implementeren (ook buiten hun eigen afdeling)

System roles:
- admin
- user
- power user 
- whatever

ISMS roles (extract from ISO 27001):
- risk owner
- …