fwiw, I've done SOC-x stuff, and I talked our auditors out of requiring routine ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		x0x0 on June 11, 2019 \| parent \| context \| favorite \| on: Apple is making corporate ‘BYOD’ programs less inv... fwiw, I've done SOC-x stuff, and I talked our auditors out of requiring routine password changes. That said, we seriously invested in 2fa, with high-pri stuff protected via yubicos. I also talked them out of requiring virus detection on our macs, but this took a lot of work to avoid trusting (most) laptops.

sdoering on June 12, 2019 [–]

I can see this approach as something quite interesting. Suspect it would not work in our current environment. But we will have to see.

But also thanks a lot for the idea to do this and try that. Not sure if it works with being ISO 27001 certified - but at least one can try.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact