I have been thinking quite a lot since reading a book from Margeret Wheatley who pulled together systems-thinking and nature to management and organization dynamics.
It really does not make sense that we apply the rules of tick-boxes to prove compliance equally to closed and open systems. ISO27002 control framework is designed for closed systems. Our security programs do not work because in most it is the open systems that are problematic. It is my opinion that if we follow the simplicity that is a gift from nature and just apply this to how we deal with open systems in security we would find new ways forward.
Watch the following on the Fibonacci sequence in numbers.
Then imagine that this pattern is repeatable to what is called fractals, smaller and smaller and smaller the same pattern. The follow video is computer animated, but gives Nature is amazing!