6

Meaningful Infosec Company Certifications?

posted
by
Avatar
secusaurus@infosec.pub
in
Avatar
cybersecurity@infosec.pub
5 comments
hidereport

Hi all,

I did a lot of research, but got the point where I wonder: Is there any real meaningful infosec certification a company could gain?

I can follow a lot of frameworks and do certifications on them (like ISO 27001, NIST CSF, ISACA COBIT, TISAX, etc.), but they all are looking at documents and processes which kind of prove the mindset, but not actual security.

I think about something like “company survived a 5-day pentest or regulary does blue team exercises”, etc., which show that the company can detect and respond and not only write documents.

Does anyone know about something like that? Or does this simply don’t exists yet?

Thanks for the input!

Sort:
HotTopControversialNewOld
You are viewing a single thread.
View all comments
Avatar
notmyotherusername@lemmynsfw.com
1 point

Not likely, remember security is a process not a product. That is why things like SOC and iso 27000/27001 exist to show as a company you have processes in place to protect their own data and customer date

company survived a 5-day pentest

While I like the thought, I would think threat actors would take that as a challenge.

permalink
report
reply
Avatar
ashar@infosec.pub
2 points

I don’t think any major company I know of could get through a pen test without the hackers getting through.

permalink
report
parent
reply

cybersecurity

!cybersecurity@infosec.pub

Create post

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Community Rules

  • Be kind
  • Limit promotional activities
  • Non-cybersecurity posts should be redirected to other communities within infosec.pub.

Enjoy!

Community stats

  • 423

    Monthly active users

  • 462

    Posts

  • 1.2K

    Comments

Community moderators