How can a modern software development organization deal with setting up and maintaining an ISO27001 Information Security Management System and its certification in an Agile way? Without disrupting the existing (Agile) processes and its core values (such as self-organization). A field of tension with which many a person struggle. After all, Agile development methods are frequently used and are based on a number of empirical processes, while Information Security in general tends to describe and implement measures for risks up front that are estimated using a predetermined model. Typical of this is that one of the best practices of Agile [...] Read more »
