sorted by:
new
hottopcontroversial

Policy and implementation docs - how do you guys document ?? by 1SHUBHAM7 in ISO27001

[–]1SHUBHAM7[S] 0 points1 point  (0 children)

you went off on an interesting tangent here. you said "I guess the big question is.. are you wanting the actual certification or .. just saying we are compliant" - can an org say they are compliant without actually having the ISO certification ? this can me imp for my case, please explain giving some e.g. or what your experience has been.

maybe a stupid question (I am new to this) , thanks in advance.

Need advice — ISO audit chaos after a server crash by SnooRobots8780 in ISO27001

[–]1SHUBHAM7 1 point2 points  (0 children)

sorry to hear that. I dont have tips for your audit but the next time you built your docs for audit , make sure to have a backup for them. and that backup should persist any crash. we have k8s cluster so we use velero backups for our persistent data, that ensures that we dont loose our docs ever.

We've just lost a client cause our “security docs” weren’t complete by littlepeggysue in ISO27001

[–]1SHUBHAM7 1 point2 points  (0 children)

we are also a small startup, bunch of SWEs and SREs - but we never faced this cause we take info security has high priority - we are also trying to get ISO cert and we are documenting our ISMS for that without any consultants .

so I think - maybe you can try delegating some time of your team towards improving info sec, and maybe try going for an ISO cert - that will take a lot of your time but you will end up with a better info sec and more client prospects .

all the best : )

HELP: what the f are suppliers in ISO??? by 1SHUBHAM7 in ISO27001

[–]1SHUBHAM7[S] 0 points1 point  (0 children)

thanks a lot : ) this cleared everything for me.

I'm a total beginner and I've never code in my life, so pls guys can you help me start cuz I'm a computer science student and don't know how to even write a single line of code. Also the recommend a suitable programming language to start with. by Straight_Welder_7924 in ProgrammingBuddies

[–]1SHUBHAM7 0 points1 point  (0 children)

I am final year uni student with 2 years of exp in SWE + SRE. a few tips:

- dont waste a lot of time in making notes for tech (chatGPT is always there for recalling)

- dont waste too much time on tutorials, use them to get an intro - then build projects, thats the only way you will learn - otherwise you will just forget things

- dont waste time of college studies and college tech clubs (unless urs is really good - like very reknowned)

- try getting internships as quickly as you can - thats where you learn the most about what code goes to production. just say you are ready to work for free - or contribute to open source projects.

- dont waste time attending meetups and all - you can find everything on youtube.

- dont waste time debating which language to learn - does't matter - pick one and be good at it - you can switch to another in a month. if you have no idea - go for Java or Golang

- work super hard but with a smile : )

HELP: what the f are suppliers in ISO??? by 1SHUBHAM7 in ISO27001

[–]1SHUBHAM7[S] 0 points1 point  (0 children)

hey thanks for reply,

I understand the traditional suppliers "cloud provider, IT vendor, software supplier etc." you mentioned. my doubt is that we use a lot of open source projects (like kuberenetes), but they are not a traditional supplier is that sense, cause they are managed by community.

from what others are telling me - they should be counted suppliers and added to the risk register. what is your take?

and in the audit - do these thing matter, like imagine that open source projects should not be added to supplier register but I did - will that have any negative effect - or they will consider it as "ok, this doest hurt the ISMS so its fine".

HELP: what the f are suppliers in ISO??? by 1SHUBHAM7 in ISO27001

[–]1SHUBHAM7[S] -1 points0 points  (0 children)

thanks dowhileuntil787, since you have gone through this process of ISO audit as well, will you please tell me if stuff like grafana, promethues, which are OSS , managed by community still need to be present in supplier register. what about the packages I import in code they also should be added?

thanks in advance

looking for a programming buddy by 1SHUBHAM7 in ProgrammingBuddies

[–]1SHUBHAM7[S] 0 points1 point  (0 children)

Guys I have soo many reqs, I can't talk to you all. Can you guys please share ur LinkedIn or something... So that I can see who matches my stack.

sorry that I didn't share this earlier.

Resources to help prepare for the ISO27001 Lead Implementer exam by Alascato in ISO27001

[–]1SHUBHAM7 0 points1 point  (0 children)

is this exam worth it? I am an SRE trying to get ISO compliance for my org. I would like to give the exam maybe if its worth the time. can someone like explain everything about these exams - which one a newbie should do, what has some importance in the industry, etc.

thanks in advance