Hackers threaten to leak plastic surgery pictures

[bladegash]

There are companies in certain developing countries who will skirt the rules on providing consulting and auditing/monitoring to the same company.

They do it for just about any ISO cert, not just ISO 27001.

It is a bit of a dirty secret with companies who work in heavily regulated industries. The companies in question will go through the motions, but make no mistake, you pay for the cert.

Sorry for being vague, just not looking to publicly out anyone. If you Google around, I’m sure you can find more about what I am talking about/much of the controversy around many of the ISO governing bodies.

[FreshFries]

> There are companies in certain developing countries who will skirt the rules on providing consulting and auditing/monitoring to the same company.

Welcome to my live :) We 'hired' these experts since they came up with the lowest price offer for our certification. I have been through many certifications in the past, this was one was the most... shameful.

Pathetic grasp of English, IT in general and security controls specifically. We passed that in absolutely zero time, if you exclude the time spend having lunch and 'discussions' about the interpretation of the requirements.

This was PCI BTW.

Next was the local healthcare certification, done by an international auditing firm. Possibly even worst. Total paper tiger exercise. Total lack of understanding of current security standards. Nice ties & suits though and even better lunches to discuss (you guessed it) the interpretation of the requirements.

I get why these guys get the jobs: they know the right people and look the part. But boy, would it not be nice if experts could do these jobs.