A few years ago I sat in a meeting room in Utrecht where a man in a blue suit was trying to explain to a board why their ISO 27001 certification had finally come through. He had a PowerPoint. The PowerPoint had ticks. The board nodded. There was applause. There was cake — a real cake, with the words "ISO27001 ✓" in icing letters, I am not making this up.
Compliance theatre: fifty documents, zero defence
Premium member benefits
Enjoyed this essay? There are more where it came from.
Members get the complete premium library — templates, runbooks, threat briefings and long-form essays — plus one free premium assessment every month.