{"guid":"80939019-18bd-55b7-ad62-6e4e29392553","title":"ISMS-oxide and you (Information-Security-Management-System for hackers)","subtitle":null,"slug":"why2025-26-isms-oxide-and-you-information-security-management-system-for-hackers","link":"https://program.why2025.org/why2025/talk/RMHF3N/","description":"This is NOT an introductory talk about ISMS (Information-Security-Management)! It is about my experiences and reflections about real-life issues when deploying an ISMS. There will be a section dedicated to 'hacking' an ISMS, though.\n\nThe presumed audiences are:\n- individuals working in the realm of IS-/IT-security management\n- hackers working in environments that expose them to ISMS-related TODOs (I'll try to put these things into context!)\n-  anyone trying to understand this ISMS-nonsense\n\nAgenda:\n1) Introduction\n  - Management-Systems\n  - Information-Security-Management-Sytems (ISO 27001, German BSI IT-Grundschutz)\n2) Theory\n  - Corporate overlords (a.k.a \"hacking ISMSes\")\n  - Risk-Management\n  - Compliance(-Reporting)\n  - Certifications\n3) Reality\n  - What? Why? How? \n  - Anecdotes\n4) Conclusion\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Juergen Pabel"],"view_count":292,"promoted":false,"date":"2025-08-12T14:00:00.000+02:00","release_date":"2025-08-12T00:00:00.000+02:00","updated_at":"2026-04-11T13:45:03.620+02:00","tags":["26","2025","why2025","The square hole","Delphinus","why2025-eng","Day 6"],"length":2538,"duration":2538,"thumb_url":"https://static.media.ccc.de/media/events/why2025/26-80939019-18bd-55b7-ad62-6e4e29392553.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/26-80939019-18bd-55b7-ad62-6e4e29392553_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/26-80939019-18bd-55b7-ad62-6e4e29392553.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/26-80939019-18bd-55b7-ad62-6e4e29392553.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-26-isms-oxide-and-you-information-security-management-system-for-hackers","url":"https://api.media.ccc.de/public/events/80939019-18bd-55b7-ad62-6e4e29392553","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[],"recordings":[{"size":463,"length":2538,"mime_type":"video/webm;codecs=av01","language":"eng","filename":"why2025-26-eng-ISMS-oxide_and_you_Information-Security-Management-System_for_hackers_av1-hd.webm","state":"new","folder":"av1-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2025-08-12T19:28:06.117+02:00","recording_url":"https://cdn.media.ccc.de/events/why2025/av1-hd/why2025-26-eng-ISMS-oxide_and_you_Information-Security-Management-System_for_hackers_av1-hd.webm","url":"https://api.media.ccc.de/public/recordings/90052","event_url":"https://api.media.ccc.de/public/events/80939019-18bd-55b7-ad62-6e4e29392553","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025"},{"size":28,"length":2538,"mime_type":"audio/opus","language":"eng","filename":"why2025-26-eng-ISMS-oxide_and_you_Information-Security-Management-System_for_hackers_opus.opus","state":"new","folder":"opus","high_quality":false,"width":0,"height":0,"updated_at":"2025-08-12T18:55:23.515+02:00","recording_url":"https://cdn.media.ccc.de/events/why2025/opus/why2025-26-eng-ISMS-oxide_and_you_Information-Security-Management-System_for_hackers_opus.opus","url":"https://api.media.ccc.de/public/recordings/90031","event_url":"https://api.media.ccc.de/public/events/80939019-18bd-55b7-ad62-6e4e29392553","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025"},{"size":38,"length":2538,"mime_type":"audio/mpeg","language":"eng","filename":"why2025-26-eng-ISMS-oxide_and_you_Information-Security-Management-System_for_hackers_mp3.mp3","state":"new","folder":"mp3","high_quality":false,"width":0,"height":0,"updated_at":"2025-08-12T18:55:19.474+02:00","recording_url":"https://cdn.media.ccc.de/events/why2025/mp3/why2025-26-eng-ISMS-oxide_and_you_Information-Security-Management-System_for_hackers_mp3.mp3","url":"https://api.media.ccc.de/public/recordings/90030","event_url":"https://api.media.ccc.de/public/events/80939019-18bd-55b7-ad62-6e4e29392553","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025"},{"size":427,"length":2538,"mime_type":"video/webm","language":"eng","filename":"why2025-26-eng-ISMS-oxide_and_you_Information-Security-Management-System_for_hackers_webm-hd.webm","state":"new","folder":"webm-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2025-08-12T20:04:05.864+02:00","recording_url":"https://cdn.media.ccc.de/events/why2025/webm-hd/why2025-26-eng-ISMS-oxide_and_you_Information-Security-Management-System_for_hackers_webm-hd.webm","url":"https://api.media.ccc.de/public/recordings/90064","event_url":"https://api.media.ccc.de/public/events/80939019-18bd-55b7-ad62-6e4e29392553","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025"},{"size":131,"length":2538,"mime_type":"video/webm","language":"eng","filename":"why2025-26-eng-ISMS-oxide_and_you_Information-Security-Management-System_for_hackers_webm-sd.webm","state":"new","folder":"webm-sd","high_quality":false,"width":720,"height":576,"updated_at":"2025-08-12T19:40:26.105+02:00","recording_url":"https://cdn.media.ccc.de/events/why2025/webm-sd/why2025-26-eng-ISMS-oxide_and_you_Information-Security-Management-System_for_hackers_webm-sd.webm","url":"https://api.media.ccc.de/public/recordings/90055","event_url":"https://api.media.ccc.de/public/events/80939019-18bd-55b7-ad62-6e4e29392553","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025"},{"size":132,"length":2538,"mime_type":"video/mp4","language":"eng","filename":"why2025-26-eng-ISMS-oxide_and_you_Information-Security-Management-System_for_hackers_sd.mp4","state":"new","folder":"h264-sd","high_quality":false,"width":720,"height":576,"updated_at":"2025-08-12T19:02:40.207+02:00","recording_url":"https://cdn.media.ccc.de/events/why2025/h264-sd/why2025-26-eng-ISMS-oxide_and_you_Information-Security-Management-System_for_hackers_sd.mp4","url":"https://api.media.ccc.de/public/recordings/90041","event_url":"https://api.media.ccc.de/public/events/80939019-18bd-55b7-ad62-6e4e29392553","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025"},{"size":553,"length":2538,"mime_type":"video/mp4","language":"eng","filename":"why2025-26-eng-ISMS-oxide_and_you_Information-Security-Management-System_for_hackers_hd.mp4","state":"new","folder":"h264-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2025-08-12T18:54:40.450+02:00","recording_url":"https://cdn.media.ccc.de/events/why2025/h264-hd/why2025-26-eng-ISMS-oxide_and_you_Information-Security-Management-System_for_hackers_hd.mp4","url":"https://api.media.ccc.de/public/recordings/90028","event_url":"https://api.media.ccc.de/public/events/80939019-18bd-55b7-ad62-6e4e29392553","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025"}]}