ISO Should be a consideration for many organizations
Great post. I think a lot of folks get overwhelmed by the sheer number of technical certifications out there, and often overlook ISO certifications as more of a business process certification, not necessarily a technical one as it relates to security. There's a huge need for better awareness of the data in your environment, and the potential implications it has whether in digital or even non-digital format (I love the analogy about whether a notebook with written notes is considered valuable data). Hoepfully we see better integration of these standards, and that organizations (particularly IT and Operations) understand the impact these standards have on technical and digital assets, and look at integrating them as part of best practices.