This is NOT an introductory talk about ISMS (Information-Security-Management)! It is about my experiences and reflections about real-life issues when deploying an ISMS. There will be a section dedicated to 'hacking' an ISMS, though.

The presumed audiences are:

- individuals working in the realm of IS-/IT-security management

- hackers working in environments that expose them to ISMS-related TODOs (I'll try to put these things into context!)

- anyone trying to understand this ISMS-nonsense

Agenda:

1) Introduction

- Management-Systems

- Information-Security-Management-Sytems (ISO 27001, German BSI IT-Grundschutz)

2) Theory

- Corporate overlords (a.k.a "hacking ISMSes")

- Risk-Management

- Compliance(-Reporting)

- Certifications

3) Reality

- What? Why? How?

- Anecdotes

4) Conclusion

Licensed to the public under https://creativecommons.org/licenses/by/4.0/

about this event: https://program.why2025.org/why2025/talk/RMHF3N/