Bredemarket

About ISO 27001

I’ve previously discussed SOC 2 and its governance in the Bredemarket blog, and I encountered SOC 2 again in a Wednesday webinar from Drata and Armanino, “Ask an Auditor: SOC 2 & ISO 27001 Tips, Tricks, and Pitfalls to Avoid.”

Armanino is the auditor, while Drata is an automation platform that assists companies in measuring conformance to SOC 2, ISO/IEC 27001, and other standards.

The webinar was in the form of an Ask Me Anything session, so naturally a comparison of SOC 2 and ISO/IEC 27001 came up.

As I previously mentioned, the SOC suite was developed by the Association of International Certified Professional Accountants. ISO standards are published by the International Organization for Standardization.

And ISO/IEC 27001 provides an actual certification, unlike SOC 2 which is an atteatation (or iBeta PAD testing, which indicates conformance).

So what is ISO/IEC 27001?

Let’s ask ISO:

“ISO/IEC 27001 is the world’s best-known standard for information security management systems (ISMS). It defines requirements an ISMS must meet.

“The ISO/IEC 27001 standard provides companies of any size and from all sectors of activity with guidance for establishing, implementing, maintaining and continually improving an information security management system….

“ISO/IEC 27001 promotes a holistic approach to information security: vetting people, policies and technology. An information security management system implemented according to this standard is a tool for risk management, cyber-resilience andoperational excellence.”

For additional information, see Drata’s page.

On Data Scraping

Putting “data scraping” at the top of your LinkedIn profile may not be the plus that you think it is.

Especially since so many jurisdictions enforce consent requirements.

Even if the data is public (say, on a Facebook profile), that doesn’t mean that YOU can have it.

AML Fun: Be a Home-based Money Mule!

The term “money mule,” which first appeared around 2005, refers to a person who transfers illicit money for someone else—sometimes knowing that the activity is criminal, sometimes unknowingly.

That new job

Scamicide warns us of money mule scams, although this work at home job may sound innocent enough:

“[Y]our job is to receive goods, often electronics that have been shipped to you, inspect them and then reship them to an address provided to you by your new employer.”

So the employee is being paid to inspect goods. What’s wrong with that?

“The problem is that these goods have been purchased with stolen credit cards and you have just become an accomplice to the crime when you ship them to someone else who will then sell them to turn the merchandise into cash.”

Trouble

And if the employee plays their cards wrong, they can end up on an Anti-Money Laundering blocklist.

Why? Perhaps the money launderers aren’t just after a profit. Perhaps, as the U.S. State Department’s Bureau of International Narcotics and Law Enforcement Affairs notes, that home-based employee may be supporting terrorism:

“Among those who seek to disguise the illegal proceeds of their crimes are drug traffickers, terrorists, corrupt public officials, and organized criminal groups.”

A student job

And there are consequences for the money mules, knowing or not. A foreign student in the UK applied to a job ad with this job description:

“your job content is: use your mobile banking during daily part-time working hours, according to my requirements: help the company collect and transfer money, transfer to the account designated by the company, the company has every day Many orders.”

The company assured the student that everything was legal, so the student took the job. Things went well, until:

“And today my bank sent me a message saying they’ve frozen my account and will still do so unless i explain what certain transactions are for.”

Because the banks can also get in trouble if they violate AML laws.

Money muling doesn’t pay in the long run.

Are All Your Eggs in One Social Basket?

(Imagen 4)

If your strategy is solely based upon a single platform such as TikTok, CapCut, Substack, Canva, or any other, you’ve already lost by putting all your eggs in one social basket.

Social dependence

My Saturday TikTok post got me thinking about companies whose entire STRATEGY is based on TikTok.

Not tactics.

Strategy.

Even though the chance remains that TikTok may be banned in the United States, as it is already banned in India…and is not available in China.
Or the companies that depend on CapCut who may have just surrendered their intellectual rights. Oh, and CapCut may be banned in the United States also.
Or the people that are so thrilled with Substack that they are stopping all other social media activity and concentrating solely on Substack.
Or the companies (I know of one) who base their strategy solely on Canva.

Or you can cite any other platform, dependence upon which could devastate your business overnight.

So own your own website and mailing list…right?

Well, at least Bredemarket doesn’t have to worry about losing access to my prospects and customers.

Even if I lose access to every single social media service, I still have my WordPress website and my MailChimp mailing list.

So I am 100% insulated, right?

Um, right?

OK, guess I’m threatened also.

Omnichannel distribution

In the biometric world, we talk about five factors of authentication and identity verification. If you depend upon a single factor, you’re in trouble. But using multiple factors lessens the risk.

Similarly, if you distribute your content via multiple channels, then a threat to any single channel doesn’t put you out of business.

(Sales pitch incoming)

And your distributed content can take multiple forms. Blogs. Case studies. White papers. Social content on multiple channels.

Assuming you actually create the content.

Or get someone to help you create it.

(Told you there would be a sales pitch.)

So rather than reading Bredemarket’s sales pitch (call to action), why don’t we work on creating yours? Click the image below and reserve a free meeting time.

CPA

Bredemarket’s “CPA.”

I Guess I’m Also the Non-Person Entity Product Marketing Expert

I was recently updating my “biometric product marketing expert” page. Because if you haven’t heard, I am the biometric product marketing expert. There’s even a video and stuff.

Make an impact.

In addition to becoming the biometric product marketing expert by studying the biometric modalities and non-biometric factors associated with a person…I’ve also studied the identification of non-person entities.

Bredemarket and Non-Person Entities

I started this study back on August 20, 2024, when I originally wrote about attribute-based access control.

Since then I’ve continued to write about NPEs.

A lot.

9 times during the second quarter of 2025 alone. I don’t know what got into me on April 9.

(6/19/2025) HP Instant Ink Users and Identity: 1:1 Person-to-NPE Binding Isn’t Always Enough.
(5/30/2025) Identity-Bound Non-Person Entities.
(5/14/2025) Evading State Taxes: Non-Person Automotive Entities and Geolocation.
(5/3/2025) N. P. E. Bredemarket is Live on Instagram.
(4/9/2025) Unified.
(4/9/2025) If Your Identity System Only Manages People, It Is Flawed.
(4/9/2025) NPEs and Emotions.
(4/3/2025) Another Take on NPEs and Security.
(4/1/2025) You Can’t Prove that an International Mobile Equipment Identity (IMEI) Number is Unique.

And I’ve planned at least one more NPE post before the end of the month, possibly on Thursday.

Because as I previously said (on April 9, of course), if your identity system only manages people, it is flawed.

Now I’ll grant that I’m in the minority when I use the phrase “non-person entity.” The phrase “non-human identity” is much more popular.

But all your people and refrigerators know what I’m talking about.

So do I have to remake the 32 second video…again? This was the third go at it, after my second and first versions.

But you don’t want an NPE writing your content

Trust me. You don’t.

You want me.

Because I’m the…you know.

Schedule a free meeting with me to discuss your content needs.

CPA

Bredemarket’s “CPA.”

For Identity/Biometric Marketing Leaders Only

(This is the old version of this post. See the new version from July 8 with improved algorithmic landing page-ability.)

For identity/biometric marketing leaders only!

Make an impact with the biometric product marketing expert.

Bredemarket’s biometric product marketing expertise: https://bredemarket.com/bpme/

Biometric product marketing expert

Biometric product marketing expert.

Discuss your content-proposal-analysis needs with me before your competitors steal your prospects: https://bredemarket.com/cpa/

CPA

Bredemarket’s “CPA.”

Possible FinCEN Changes

H/T ComplyAdvantage. From FinCEN.

“[On June 18] the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) held the 62nd semi-annual plenary meeting of the Bank Secrecy Act Advisory Group (BSAAG). Deputy Secretary of the Treasury Michael Faulkender delivered remarks at the event laying out guiding principles for BSA modernization.”

https://www.fincen.gov/news/news-releases/fincen-holds-62nd-bank-secrecy-act-advisory-group-bsaag-plenary

ComplyAdvantage itself states:

“The most eye-catching update is that the Treasury will attempt to “change the AML/CFT [Anti Money Laundering/Combating the Financing of Terrorism] status quo” so the BSA “explicitly permits financial institutions to de-prioritize risks” and direct resources towards higher-risk areas. The Treasury also intends to streamline reporting processes to minimize the SAR [Suspicious Activity Report] and CTR [Currency Transaction Report] burden on organizations.”

https://www.linkedin.com/pulse/us-plans-bsa-modernization-singapore-implements-corporate-iuzxe

How to Find LinkedIn’s “Most Recent” Feed

It was Sunday afternoon, and I was reading my LinkedIn feed. (Yes, I know; the first step is admitting you have a problem.)

Except that I was seeing stuff that was weeks old. Posts about “upcoming” trade shows that already took place. News about the “upcoming” Prism Project deepfake report that was released long ago.

I don’t know why LinkedIn’s algorithm thinks I need to read ancient history. What’s next…reports that Enron may be a fraud?

The chronological feed

So I decided to bypass the algorithm and access the tried and true chronological feed. You know, the way things used to work before we supposedly got “smart.”

(As an aside, I remember when FriendFeed would AUTOMATICALLY update the chronological feed when new content was posted. The way that the pitchforks were raised, you would have thought the world ended. As it turned out, the world wouldn’t end until August 10, 2009…or April 10, 2015. But I digress.)

Anyway, I went to the feed to look for the switch to swap to chronological…but could find no such switch.

So I checked Google Gemini, and discovered that the “Most Recent” feed switch was buried in the Settings. For mobile LinkedIn users, it was in the “Account preferences” section, in the “Feed preferences.”

Except that it wasn’t.

Whack a Mole

“Feed preferences” only governed display or non-display of political content. The option below “Feed preferences,” “Preferred feed view,” was the one I wanted.

Color me conspiratorial, but I think everyone in the Really Big Bunch—Microsoft (LinkedIn), Meta (Facebook), and the others—likes to play “Whack a Mole” with the location of the chronological feed setting so that we give up and stick with the algorithmic feed of The Things We Are Supposed To See.

So the instructions here, written on June 22, 2025, may be invalid on June 22, 2026. Or July 22, 2025. Or June 23, 2025.

But for this moment I have the chronological feed set on LinkedIn, and since it takes effort to change it back, I don’t know when I will.

Update

When I returned to LinkedIn to share a LinkedIn version of this post, my preferred feed view had been reset to “most relevant.”

Yet Another Video Reel-ease on Monday

[UPDATE: The video is reel-eased.]

I created a new reel for my identity/biometric prospects, but haven’t released it yet.

I’ll release it on Monday, June 23, at 8 am (Pacific Daylight Time).

Where?

Here on the Bredemarket blog.
The Bredemarket Instagram account.
The Bredemarket Facebook page.
Other places (after 8 am).

I even scheduled a Facebook event. Because Meta wants me to turn every Facebook post into an event, I set one up for Monday at 8 am (Pacific Daylight Time).

Nothing special at the event; I’m not even planning to go live. Just a time to check to see if the video is posted, and to spend 32 seconds watching it.

Enjoy.