[Reading time: 12 seconds]

ISO 27001.




What have they got in common?

Did you say “lots of paperwork”?

Good answer, but no cigar.

Did you say “risk management”?

Go to the top of the class!


What’s my point?

If you think you can nail ISO 27001, DORA, or NIS2 without an effective risk management process, you’re only fooling yourself.


So what?

Don’t focus on your paperwork.

Focus on your risk management process.



PS Need help?

If you don’t know where to start, here are a few things I prepared earlier: