<html lang="en">

<meta charset="UTF-8">

<meta name="viewport" content="width=device-width, initial-scale=1.0">

<title>Security Blog | Cybersecurity Insights | Hack23</title>

<link rel="stylesheet" type="text/css" href="styles.css">

<meta name="description" content="Expert insights on cybersecurity, compliance automation, and open-source security. CISSP/CISM perspectives on modern security challenges.">

<meta name="keywords" content="cybersecurity blog, information security, ISMS policies, CIA triad, security best practices, discordian security, hack23 blog, ISO 27001, GDPR compliance, NIS2, DevSecOps, AWS security, CISSP, security architecture, cloud security, compliance automation, zero trust, access control, encryption policy, incident response, vulnerability management, risk assessment, threat modeling, secure development, OWASP LLM security, backup recovery, disaster recovery, business continuity, change management, asset management, network security, email security, physical security, mobile device security, remote access security, monitoring logging, security metrics, security training, third party risk, ISMS review, ISMS transparency, data classification, data protection, privacy policy, acceptable use policy, cryptography policy, EU Cyber Resilience Act, CRA compliance, supply chain security, SLSA compliance, container security, serverless security, security culture, transparency through security, public ISMS Sweden, open source security, OSINT methodology, political transparency, parliamentary monitoring, Swedish government analysis, Simon Moon architecture, Law of Fives, sacred geometry in code, numerological patterns, five-layer architecture, discordian philosophy, question authority, nation-state surveillance, crypto backdoors, security theater, Chapel Perilous, fnord, operation mindfuck, illuminatus trilogy, radical transparency">

<meta name="robots" content="index, follow">

<meta name="author" content="James Pether Sörling">

<meta property="og:title" content="Security Blog | Hack23 Cybersecurity Insights">

<meta property="og:description" content="Explore cybersecurity insights, CIA Triad implementation, and complete ISMS policy coverage through the Discordian lens.">

<meta property="og:locale" content="en_US">

<meta property="og:locale:alternate" content="ar_SA">

<meta property="og:locale:alternate" content="da_DK">

<meta property="og:locale:alternate" content="de_DE">

<meta property="og:locale:alternate" content="es_ES">

<meta property="og:locale:alternate" content="fi_FI">

<meta property="og:locale:alternate" content="fr_FR">

<meta property="og:locale:alternate" content="he_IL">

<meta property="og:locale:alternate" content="ja_JP">

<meta property="og:locale:alternate" content="ko_KR">

<meta property="og:locale:alternate" content="nl_NL">

<meta property="og:locale:alternate" content="nb_NO">

<meta property="og:locale:alternate" content="sv_SE">

<meta property="og:locale:alternate" content="zh_CN">

<meta property="og:type" content="website">

<meta property="og:url" content="https://hack23.com/blog.html">

<meta property="og:image" content="https://hack23.com/blog.webp">

<meta property="og:image:width" content="1200">

<meta property="og:image:height" content="630">

<meta property="og:site_name" content="Hack23 Security Blog"><!-- Twitter Card -->

<meta name="twitter:card" content="summary_large_image">

<meta name="twitter:title" content="Security Blog | Hack23 Cybersecurity Insights &amp; ISMS Policies">

<meta name="twitter:description" content="65 blog posts on cybersecurity, ISMS policies, and CIA Triad through the Discordian lens. Plus 13 Architecture Chronicles by Simon Moon and OSINT Intelligence Operations by Hagbard Celine.">

<meta name="twitter:image" content="https://hack23.com/blog.webp">

<meta name="twitter:image:alt" content="Hack23 Security Blog - Think for Yourself, Question Authority">

<meta name="twitter:site" content="@hack23ab">

<meta name="twitter:creator" content="@jamessorling"><link rel="canonical" href="https://hack23.com/blog.html">

<script type="application/ld+json">{

"@context": "https://schema.org",

"@graph": [

{

"@type": "Blog",

"@id": "https://hack23.com/blog.html#blog",

"name": "Hack23 Security Blog",

"headline": "Security Blog | Cybersecurity Insights & ISMS Policies",

"description": "Comprehensive cybersecurity blog featuring 65 posts covering ISMS policies, CIA Triad implementation, security architecture, and Discordian security philosophy. Includes 44 ISMS policy posts and 21 architecture/intelligence chronicles revealing sacred geometry in code and democratic OSINT operations.",

"url": "https://hack23.com/blog.html",

"inLanguage": "en",

"image": {

"@type": "ImageObject",

"url": "https://hack23.com/blog.webp",

"width": 1200,

"height": 630

},

"author": [

{

"@type": "Person",

"@id": "https://hack23.com/#james-pether-sorling",

"name": "James Pether Sörling",

"url": "https://hack23.com",

"jobTitle": "CEO / Cybersecurity Expert",

"worksFor": {

"@type": "Organization",

"name": "Hack23 AB"

},

"sameAs": [

"https://www.linkedin.com/in/jamessorling/",

"https://github.com/Hack23"

]

},

{

"@type": "Person",

"name": "Simon Moon",

"jobTitle": "System Architect",

"description": "Reveals numerological patterns and sacred geometry in system architecture"

}

],

"publisher": {

"@type": "Organization",

"@id": "https://hack23.com/#org",

"name": "Hack23 AB",

"url": "https://hack23.com",

"logo": {

"@type": "ImageObject",

"url": "cia-icon-140.webp"

}

},

"about": [

{

"@type": "Thing",

"name": "Information Security Management Systems",

"description": "Complete ISMS policy coverage including ISO 27001, access control, encryption, incident response"

},

{

"@type": "Thing",

"name": "CIA Triad",

"description": "Confidentiality, Integrity, Availability principles and implementation"

},

{

"@type": "Thing",

"name": "Discordian Cybersecurity",

"description": "Security philosophy questioning authority, exposing security theater, and promoting radical transparency"

},

{

"@type": "Thing",

"name": "Security Architecture",

"description": "System design patterns, sacred geometry in code, five-layer architectures"

}

],

"blogPost": [

{

"@type": [

"BlogPosting",

"Article"

],

"headline": "The Discordian Cybersecurity Manifesto",

"url": "https://hack23.com/discordian-cybersecurity.html",

"datePublished": "2025-11-05",

"dateModified": "2025-11-05",

"author": {

"@id": "https://hack23.com/#james-pether-sorling"

},

"publisher": {

"@id": "https://hack23.com/#org"

},

"image": "https://hack23.com/blog.webp",

"articleSection": "Security Philosophy",

"keywords": [

"security theater",

"surveillance",

"transparency",

"discordian philosophy"

]

},

{

"@type": [

"BlogPosting",

"Article"

],

"headline": "Access Control: Zero Trust Through Identity-Centric Security",

"url": "https://hack23.com/discordian-access-control.html",

"datePublished": "2025-11-05",

"dateModified": "2025-11-05",

"author": {

"@id": "https://hack23.com/#james-pether-sorling"

},

"publisher": {

"@id": "https://hack23.com/#org"

},

"image": "https://hack23.com/blog.webp",

"articleSection": "ISMS Policies",

"keywords": [

"access control",

"zero trust",

"identity management",

"ISO 27001"

]

},

{

"@type": [

"BlogPosting",

"Article"

],

"headline": "ISMS Strategic Review: Continuous Improvement",

"url": "https://hack23.com/discordian-isms-review.html",

"datePublished": "2025-11-05",

"dateModified": "2025-11-05",

"author": {

"@id": "https://hack23.com/#james-pether-sorling"

},

"publisher": {

"@id": "https://hack23.com/#org"

},

"image": "https://hack23.com/blog.webp",

"articleSection": "ISMS Policies",

"keywords": [

"ISMS review",

"continuous improvement",

"security governance"

]

},

{

"@type": [

"BlogPosting",

"Article"

],

"headline": "ISMS Transparency: Security Through Radical Openness",

"url": "https://hack23.com/discordian-isms-transparency.html",

"datePublished": "2025-11-05",

"dateModified": "2025-11-05",

"author": {

"@id": "https://hack23.com/#james-pether-sorling"

},

"publisher": {

"@id": "https://hack23.com/#org"

},

"image": "https://hack23.com/blog.webp",

"articleSection": "ISMS Policies",

"keywords": [

"transparency",

"public ISMS",

"security through openness"

]

},

{

"@type": [

"BlogPosting",

"Article"

],

"headline": "CIA Architecture: The Five Pentacles of Political Transparency",

"url": "https://hack23.com/blog-cia-architecture.html",

"datePublished": "2025-11-07",

"dateModified": "2025-11-07",

"author": {

"@type": "Person",

"name": "Simon Moon",

"jobTitle": "System Architect"

},

"publisher": {

"@id": "https://hack23.com/#org"

},

"image": "https://hack23.com/blog.webp",

"articleSection": "Architecture Chronicles",

"keywords": [

"architecture",

"CIA platform",

"sacred geometry",

"five patterns"

]

},

{

"@type": [

"BlogPosting",

"Article"

],

"headline": "Compliance Manager: CIA Triad Meets Sacred Geometry",

"url": "https://hack23.com/blog-compliance-architecture.html",

"datePublished": "2025-11-07",

"dateModified": "2025-11-07",

"author": {

"@type": "Person",

"name": "Simon Moon",

"jobTitle": "System Architect"

},

"publisher": {

"@id": "https://hack23.com/#org"

},

"image": "https://hack23.com/blog.webp",

"articleSection": "Architecture Chronicles",

"keywords": [

"compliance",

"CIA Triad",

"architecture",

"maturity model"

]

},

{

"@type": [

"BlogPosting",

"Article"

],

"headline": "Security Strategy as Competitive Advantage: ISMS as Business Model",

"url": "https://hack23.com/discordian-security-strategy.html",

"datePublished": "2025-11-10",

"dateModified": "2025-11-18",

"author": {

"@id": "https://hack23.com/#james-pether-sorling"

},

"publisher": {

"@id": "https://hack23.com/#org"

},

"image": "https://hack23.com/blog.webp",

"articleSection": "Strategic Security",

"keywords": [

"security strategy",

"competitive advantage",

"ISMS business model",

"strategic positioning",

"transparency",

"evidence-based security",

"network effects",

"first-mover advantage",

"public security"

]

},

{

"@type": [

"BlogPosting",

"Article"

],

"headline": "CIA OSINT Intelligence: 45 Rules for Watching the Watchers",

"url": "https://hack23.com/blog-cia-osint-intelligence.html",

"datePublished": "2025-11-17",

"dateModified": "2025-11-17",

"author": {

"@type": "Person",

"name": "Hagbard Celine",

"jobTitle": "Product Owner / Anarchist Visionary"

},

"publisher": {

"@id": "https://hack23.com/#org"

},

"image": "https://hack23.com/blog.webp",

"articleSection": "Intelligence Operations",

"keywords": [

"OSINT",

"political intelligence",

"behavioral analysis",

"CIA platform",

"democratic transparency",

"intelligence operations",

"threat modeling",

"risk rules"

]

},

{

"@type": [

"BlogPosting",

"Article"

],

"headline": "Compliance Frameworks: Evidence-Based Multi-Framework Implementation",

"url": "https://hack23.com/discordian-compliance-frameworks.html",

"datePublished": "2025-11-18",

"dateModified": "2025-11-18",

"author": {

"@type": "Person",

"name": "Hagbard Celine",

"jobTitle": "Product Owner / Anarchist Visionary"

},

"publisher": {

"@id": "https://hack23.com/#org"

},

"image": "https://hack23.com/blog.webp",

"articleSection": "Compliance",

"keywords": [

"compliance frameworks",

"ISO 27001",

"NIST CSF",

"CIS Controls",

"GDPR",

"NIS2",

"EU Cyber Resilience Act",

"evidence-based compliance",

"SOC 2",

"PCI DSS",

"HIPAA",

"compliance automation",

"continuous monitoring"

]

},

{

"@type": [

"BlogPosting",

"Article"

],

"headline": "EU Cyber Resilience Act: Mandatory Security by Design or Brussels' Latest Power Trip?",

"url": "https://hack23.com/discordian-cra-conformity.html",

"datePublished": "2025-11-19",

"dateModified": "2025-11-19",

"author": {

"@type": "Person",

"name": "Hagbard Celine",

"jobTitle": "Product Owner / Anarchist Visionary"

},

"publisher": {

"@id": "https://hack23.com/#org"

},

"image": "https://hack23.com/blog.webp",

"articleSection": "Compliance",

"keywords": [

"EU Cyber Resilience Act",

"CRA compliance",

"Regulation 2024/2847",

"SBOM",

"vulnerability disclosure",

"security by design",

"conformity assessment",

"CE marking",

"post-market surveillance",

"essential cybersecurity requirements"

]

},

{

"@type": [

"BlogPosting",

"Article"

],

"headline": "Why Our ISMS is Public: Transparency as Competitive Advantage",

"url": "https://hack23.com/blog-public-isms-benefits.html",

"datePublished": "2025-11-20",

"dateModified": "2025-11-20",

"author": {

"@id": "https://hack23.com/#james-pether-sorling"

},

"publisher": {

"@id": "https://hack23.com/#org"

},

"image": "https://hack23.com/blog.webp",

"articleSection": "Thought Leadership",

"keywords": [

"public ISMS",

"transparency",

"competitive advantage",

"cybersecurity consulting",

"trust through verification",

"Sweden cybersecurity",

"evidence-based security",

"ISMS disclosure",

"security transparency",

"first-mover advantage"

]

},

{

"@type": [

"BlogPosting",

"Article"

],

"headline": "CIA Value Proposition for Swedish Media: Election 2026",

"url": "https://hack23.com/blog-cia-swedish-media-election-2026.html",

"datePublished": "2025-11-20",

"dateModified": "2025-11-20",

"author": {

"@type": "Person",

"name": "Hagbard Celine",

"jobTitle": "Product Owner / Anarchist Visionary"

},

"publisher": {

"@id": "https://hack23.com/#org"

},

"image": "https://hack23.com/blog.webp",

"articleSection": "Business Development",

"keywords": [

"Swedish election 2026",

"media intelligence",

"CIA platform",

"SVT",

"Dagens Nyheter",

"Svenska Dagbladet",

"parliamentary monitoring",

"election coverage",

"political journalism",

"OSINT",

"riksdag analysis",

"coalition prediction"

]

},

{

"@type": [

"BlogPosting",

"Article"

],

"headline": "CIA Business Case for Global News Outlets: Intelligence-as-a-Service for Democracy",

"url": "https://hack23.com/blog-cia-business-case-global-news.html",

"datePublished": "2025-11-20",

"dateModified": "2025-11-20",

"author": {

"@type": "Person",

"name": "Hagbard Celine",

"jobTitle": "Product Owner / Anarchist Visionary"

},

"publisher": {

"@id": "https://hack23.com/#org"

},

"image": "https://hack23.com/blog.webp",

"articleSection": "Intelligence Operations",

"keywords": [

"CIA platform",

"political intelligence",

"data journalism",

"OSINT",

"Swedish election 2026",

"behavioral risk rules",

"The Economist",

"Financial Times",

"Reuters",

"Bloomberg",

"Associated Press",

"news intelligence"

]

},

{

"@type": [

"BlogPosting",

"Article"

],

"headline": "CIA for Alternative Media: Discordian Election 2026 Futures",

"url": "https://hack23.com/blog-cia-alternative-media-discordian-2026.html",

"datePublished": "2025-11-21",

"dateModified": "2025-11-21",

"author": {

"@type": "Person",

"name": "Hagbard Celine",

"jobTitle": "Product Owner / Anarchist Visionary"

},

"publisher": {

"@id": "https://hack23.com/#org"

},

"image": "https://hack23.com/blog.webp",

"articleSection": "Intelligence Operations",

"keywords": [

"Swedish election 2026",

"alternative media",

"Fria Tider",

"Nya Dagbladet",

"ETC",

"Arbetaren",

"discordian intelligence",

"Chapel Perilous",

"FNORD",

"question authority",

"anti-establishment journalism",

"data journalism",

"OSINT",

"Illuminatus trilogy"

]

}

],

"numberOfItems": 65,

"keywords": "cybersecurity, ISMS, ISO 27001, CIA Triad, DevSecOps, AWS security, zero trust, compliance automation, discordian philosophy, security architecture, OWASP, GDPR, NIS2"

},

{

"@type": "BreadcrumbList",

"@id": "https://hack23.com/blog.html#breadcrumb",

"itemListElement": [

{

"@type": "ListItem",

"position": 1,

"name": "Home",

"item": "https://hack23.com/"

},

{

"@type": "ListItem",

"position": 2,

"name": "Security Blog",

"item": "https://hack23.com/blog.html"

}

]

},

{

"@type": "WebPage",

"@id": "https://hack23.com/blog.html#webpage",

"url": "https://hack23.com/blog.html",

"name": "Security Blog | Hack23 Cybersecurity Insights & ISMS Policies",

"description": "65 blog posts covering cybersecurity, ISMS policies, CIA Triad, and security architecture through the Discordian lens",

"isPartOf": {

"@type": "WebSite",

"@id": "https://hack23.com/#website"

},

"about": {

"@id": "https://hack23.com/blog.html#blog"

},

"primaryImageOfPage": {

"@type": "ImageObject",

"url": "https://hack23.com/blog.webp"

},

"datePublished": "2025-11-05",

"dateModified": "2025-11-17",

"breadcrumb": {

"@id": "https://hack23.com/blog.html#breadcrumb"

}

},

{

"@type": "FAQPage",

"@id": "https://hack23.com/blog.html#faqpage",

"mainEntity": [

{

"@type": "Question",

"name": "What are the most important cybersecurity best practices?",

"acceptedAnswer": {

"@type": "Answer",

"text": "The most critical cybersecurity best practices include: implementing zero-trust architecture with multi-factor authentication (MFA), maintaining comprehensive patch management for vulnerabilities, encrypting data at rest and in transit using TLS 1.3+, performing regular security testing (SAST, DAST, SCA), establishing incident response plans, implementing the principle of least privilege access controls, conducting threat modeling using frameworks like STRIDE, maintaining secure software development lifecycle (SDLC) practices, ensuring continuous security monitoring and logging, and publishing transparent security documentation. For detailed implementation guidance, see our Information Security Policy, Secure Development Policy, and Vulnerability Management resources."

}

},

{

"@type": "Question",

"name": "How do I implement ISO 27001:2022?",

"acceptedAnswer": {

"@type": "Answer",

"text": "Implementing ISO 27001:2022 requires establishing an Information Security Management System (ISMS) with: risk assessment methodology, comprehensive security policies covering all 93 Annex A controls, documented procedures for incident response and business continuity, asset inventory and classification framework, access control policies with authentication mechanisms, vulnerability management processes, regular security audits and reviews, management commitment and resource allocation, employee security awareness training, and continuous improvement cycles. Start with our Compliance Framework, review our public ISMS repository demonstrating radical transparency, and follow our evidence-based compliance approach. Key success factors: executive buy-in, realistic scope definition, and treating compliance as a continuous process rather than annual audit theater."

}

},

{

"@type": "Question",

"name": "What is the CIA Triad and why does it matter?",

"acceptedAnswer": {

"@type": "Answer",

"text": "The CIA Triad is the foundational security model consisting of three principles: Confidentiality (ensuring sensitive information is accessible only to authorized individuals), Integrity (guaranteeing data accuracy and trustworthiness throughout its lifecycle), and Availability (ensuring information and systems are accessible when needed by authorized users). It matters because every security decision, control, and investment should balance these three principles based on business impact. Over-focusing on confidentiality while neglecting availability leads to unusable systems. Prioritizing availability without integrity results in untrustworthy data. Our comprehensive CIA Triad FAQ provides detailed implementation guidance, real-world examples, and business impact analysis. See also our Compliance Manager architecture demonstrating practical CIA Triad assessment."

}

},

{

"@type": "Question",

"name": "How do I create a threat model using STRIDE?",

"acceptedAnswer": {

"@type": "Answer",

"text": "Creating a STRIDE threat model involves six threat categories: Spoofing (identity forgery), Tampering (data modification), Repudiation (denying actions), Information Disclosure (data exposure), Denial of Service (availability disruption), and Elevation of Privilege (unauthorized access). Process: identify assets and data flows, decompose architecture using diagrams (data flow, C4 model), apply STRIDE to each component systematically, assess likelihood and impact for each threat, prioritize based on risk rating, implement mitigations and controls, document assumptions and exclusions, and review regularly as architecture evolves. Our Threat Modeling Policy provides methodology details, and real examples from CIA Security Analysis and Compliance Manager STRIDE analysis demonstrate practical application across different architecture types."

}

},

{

"@type": "Question",

"name": "What are common ISMS implementation mistakes?",

"acceptedAnswer": {

"@type": "Answer",

"text": "Common ISMS implementation failures include: treating compliance as a checkbox exercise rather than risk management, implementing security theater without substance (policies nobody follows), over-classifying everything as 'critical' without business impact analysis, neglecting continuous improvement and treating ISMS as 'set and forget', failing to obtain executive commitment and adequate resources, creating documentation silos instead of integrated knowledge management, ignoring information hoarding that destroys data integrity, implementing controls without measuring their effectiveness, conducting annual reviews instead of continuous monitoring, and hiding security practices instead of embracing transparency. Learn from our analysis of information hoarding problems, understand transparency benefits, and review our strategic review approach for continuous improvement instead of compliance theater."

}

},

{

"@type": "Question",

"name": "How do I integrate security into DevOps (DevSecOps)?",

"acceptedAnswer": {

"@type": "Answer",

"text": "DevSecOps integration requires shifting security left in the development lifecycle: implement automated security testing in CI/CD pipelines (SAST for code analysis, SCA for dependency scanning, DAST for runtime testing), establish security gates that prevent vulnerable code from reaching production, integrate SBOM generation and supply chain security validation, implement Infrastructure as Code (IaC) security scanning for CloudFormation/Terraform, use container scanning and signing for Docker images, enforce security policies through automated tools rather than manual reviews, implement secrets management (never commit credentials), maintain comprehensive audit logging and monitoring, conduct regular security training for developers, and measure security metrics continuously. See our Secure Development Policy for detailed requirements and CIA Workflows analysis demonstrating five-stage DevSecOps automation in production."

}

},

{

"@type": "Question",

"name": "What is the difference between SAST, DAST, and SCA?",

"acceptedAnswer": {

"@type": "Answer",

"text": "SAST (Static Application Security Testing) analyzes source code without execution to find vulnerabilities like SQL injection, XSS, and insecure configurations—runs early in development, provides line-number precision, but may produce false positives. DAST (Dynamic Application Security Testing) tests running applications by simulating attacks to discover runtime vulnerabilities, authentication issues, and configuration problems—finds issues SAST misses but requires deployed application and provides less precise location information. SCA (Software Composition Analysis) examines third-party dependencies, libraries, and open-source components for known vulnerabilities (CVEs), license compliance issues, and outdated packages—critical for supply chain security. Effective security requires all three: SAST catches code issues during development, SCA identifies vulnerable dependencies before deployment, and DAST validates security in production-like environments. Our Vulnerability Management Policy details comprehensive testing strategy."

}

},

{

"@type": "Question",

"name": "How do I handle security incidents effectively?",

"acceptedAnswer": {

"@type": "Answer",

"text": "Effective incident response follows structured phases: Preparation (establish incident response team, define procedures, maintain contact lists, prepare communication templates), Detection and Analysis (monitor security events, classify incident severity, document initial findings, preserve evidence), Containment (isolate affected systems, prevent lateral movement, implement short-term containment quickly, plan long-term containment strategy), Eradication (remove malware, close vulnerabilities, verify threat elimination, patch systems), Recovery (restore systems from clean backups, validate integrity, monitor for reinfection, return to normal operations gradually), and Post-Incident Review (conduct blameless postmortem, identify improvements, update procedures, provide training). Critical success factors: assume a breach mentality, practice incident response regularly, maintain audit logs, have tested backup/recovery procedures, and establish a coordinated disclosure process. Review our Incident Response Plan for detailed procedures and playbooks."

}

},

{

"@type": "Question",

"name": "What are Annex A controls in ISO 27001?",

"acceptedAnswer": {

"@type": "Answer",

"text": "ISO 27001:2022 Annex A contains 93 security controls across four themes: Organizational controls (37 controls covering policies, asset management, human resources security, supplier relationships), People controls (8 controls for security awareness, training, and disciplinary processes), Physical controls (14 controls addressing physical security, environmental security, and secure disposal), and Technological controls (34 controls covering access control, cryptography, network security, system acquisition, and incident management). Organizations must perform risk assessment to determine which controls apply to their context—not all 93 are mandatory, but decisions must be justified in Statement of Applicability (SoA). Implementation should be evidence-based, not checkbox compliance theater. Our Compliance Frameworks guide maps Annex A to NIST CSF 2.0 and CIS Controls for comprehensive coverage, and our public ISMS repository demonstrates transparent implementation."

}

},

{

"@type": "Question",

"name": "How do I maintain ISMS after certification?",

"acceptedAnswer": {

"@type": "Answer",

"text": "ISMS maintenance requires continuous improvement, not annual compliance theater: conduct quarterly strategic reviews assessing emerging threats, technology changes, and business context evolution; perform regular internal audits using a risk-based approach rather than checkbox exercises; monitor and measure security metrics continuously (not just before surveillance audits); update risk assessments when significant changes occur (new systems, threats, regulations); maintain living documentation that evolves with actual practices; provide ongoing security awareness training adapted to current threat landscape; review and test incident response procedures regularly; track and remediate non-conformances systematically; engage stakeholders continuously rather than only during audit season; and embrace transparency to enable external feedback and improvement. The goal: security becomes business-as-usual, not compliance event. Our ISMS Strategic Review approach and public ISMS benefits analysis demonstrate continuous improvement over certification theater."

}

}

]

}

]

<link rel="alternate" hreflang="ar" href="https://hack23.com/blog_ar.html">

<link rel="alternate" hreflang="ar-SA" href="https://hack23.com/blog_ar.html">

<link rel="alternate" hreflang="ar-EG" href="https://hack23.com/blog_ar.html">

<link rel="alternate" hreflang="da" href="https://hack23.com/blog_da.html">

<link rel="alternate" hreflang="de" href="https://hack23.com/blog_de.html">

<link rel="alternate" hreflang="de-DE" href="https://hack23.com/blog_de.html">

<link rel="alternate" hreflang="en" href="https://hack23.com/blog.html">

<link rel="alternate" hreflang="es" href="https://hack23.com/blog_es.html">

<link rel="alternate" hreflang="es-ES" href="https://hack23.com/blog_es.html">

<link rel="alternate" hreflang="fi" href="https://hack23.com/blog_fi.html">

<link rel="alternate" hreflang="fr" href="https://hack23.com/blog_fr.html">

<link rel="alternate" hreflang="fr-FR" href="https://hack23.com/blog_fr.html">

<link rel="alternate" hreflang="he" href="https://hack23.com/blog_he.html">

<link rel="alternate" hreflang="he-IL" href="https://hack23.com/blog_he.html">

<link rel="alternate" hreflang="ja" href="https://hack23.com/blog_ja.html">

<link rel="alternate" hreflang="ja-JP" href="https://hack23.com/blog_ja.html">

<link rel="alternate" hreflang="ko" href="https://hack23.com/blog_ko.html">

<link rel="alternate" hreflang="ko-KR" href="https://hack23.com/blog_ko.html">

<link rel="alternate" hreflang="nl" href="https://hack23.com/blog_nl.html">

<link rel="alternate" hreflang="nl-NL" href="https://hack23.com/blog_nl.html">

<link rel="alternate" hreflang="no" href="https://hack23.com/blog_no.html">

<link rel="alternate" hreflang="nb" href="https://hack23.com/blog_no.html">

<link rel="alternate" hreflang="sv" href="https://hack23.com/blog_sv.html">

<link rel="alternate" hreflang="sv-SE" href="https://hack23.com/blog_sv.html">

<link rel="alternate" hreflang="zh" href="https://hack23.com/blog_zh.html">

<link rel="alternate" hreflang="zh-CN" href="https://hack23.com/blog_zh.html">

<link rel="alternate" hreflang="zh-SG" href="https://hack23.com/blog_zh.html">

<link rel="alternate" hreflang="zh-Hans" href="https://hack23.com/blog_zh.html">

<link rel="alternate" hreflang="x-default" href="https://hack23.com/blog.html">

<!-- Breadcrumb Navigation -->

<nav aria-label="Breadcrumb">

<ol class="breadcrumb">

<li class="breadcrumb-item">

<a href="/">Home</a>

</li>

<li class="breadcrumb-item" aria-current="page">

Security Blog

</li>

</ol>

</nav>

<div class="logo-container">

<img src="cia-icon-140.webp" alt="Hack23 Logo" class="logo" width="80" height="80">

</div>

<h1>Security Blog</h1>

<div class="app-link">

<a href="index.html" title="Back to Home">Home</a>

<a href="swedish-election-2026.html" title="Swedish Election 2026">🗳️ Election 2026</a>

<a href="discordian-cybersecurity.html" title="Discordian Manifesto">🍎 Discordian Manifesto</a>

<a href="cia-triad-faq.html" title="CIA Triad FAQ">CIA Triad FAQ</a>

</div>

<article>

<h1 class="header">🔐 Hack23 Security Blog</h1>

<section id="introduction">

<p><strong>Welcome to the Hack23 Security Blog</strong> — where we expose the comfortable lies of the security-industrial complex through radical transparency. <em>Think for yourself, schmuck! Question authority.</em> Especially security authorities who profit from your fear while installing the same backdoors they claim to protect you from.</p>

<p><strong>Nothing is true. Everything is permitted.</strong> Including honest examination of security theater, surveillance states, and the backdoors in your "military-grade encryption" (approved by the same agencies running PRISM).</p>

<p>Explore <strong>65 blog posts</strong> that strip away the marketing bullshit to reveal what actually matters—from <strong>Automated Convergence through AI Agents</strong> to CIA Triad implementation, OWASP LLM Top 10 to EU Cyber Resilience Act, nation-state surveillance capabilities to political OSINT intelligence operations exposing democratic accountability through behavioral analysis.</p>

<p>Plus <strong>Simon Moon's 13 Architecture Chronicles</strong> and <strong>Hagbard Celine's Intelligence Operations &amp; Business Development</strong> revealing sacred geometry in code, five-pattern architectures, the Law of Fives, numerological truth in system design, and Intelligence-as-a-Service for Swedish election 2026 media coverage. All through the Discordian lens that questions <em>everything</em>—especially the things "everyone knows" are true. <strong>FNORD.</strong></p>

<p><em>Are you paranoid enough yet?</em> Good. You're starting to pay attention. Most companies hide their security policies because transparency would expose how bad their security actually is—cargo cult compliance rituals and expensive theater pretending to be protection. We publish ours on GitHub. All 54 posts and policies. Every framework. Every risk assessment. Every architectural pattern. Every intelligence operation methodology. <strong>Security through transparency</strong> beats security through hope, prayer, and crossing your fingers that nobody notices you're running on duct tape and vendor promises.</p>

</section>

<section id="election-2026-intelligence">

<h2 class="panel-caption">🗳️ Swedish Election 2026: Intelligence-as-a-Service</h2>

<p><strong>Live Political Intelligence for Media Organizations</strong> — Systematic monitoring of 349 MPs, 45 behavioral risk rules, coalition prediction modeling, and real-time fact-checking infrastructure for riksdagsvalet 2026. <em>Think for yourself. Question authority. Trust the data.</em></p>

<div class="cards">

<div class="card confidentiality-card">

<div class="scanner-effect"></div>

<h3>🗳️ Swedish Election 2026 Intelligence Platform</h3>

<p>Comprehensive election intelligence infrastructure for riksdagsvalet 2026. <strong>349 MPs monitored in real-time</strong>, coalition formation predictions (4 scenarios), automated fact-checking, and systematic transparency through 45 behavioral risk rules. Current Tidö coalition (176/349 seats) stability analysis with 3-seat margin tracking. Pilot program for 5 Swedish + 10 global media organizations. <em>Democracy deserves systematic accountability, not anecdotal journalism.</em> <strong>FNORD.</strong></p>

<a href="swedish-election-2026.html">Explore Election 2026 Platform →</a>

<a href="swedish-election-2026_sv.html" lang="sv">Utforska Val 2026-plattformen →</a>

</div>

<div class="card integrity-card">

<div class="scanner-effect"></div>

<h3>📰 Intelligence-as-a-Service for News Organizations</h3>

<p><strong>Three targeted blog posts</strong> for different media segments: Swedish mainstream media (SVT, DN, SvD - €5K/mo pilot), global news outlets (The Economist, FT, Reuters - €10K/mo Enterprise), and alternative media (Fria Tider, ETC, Arbetaren - €1K/mo discounted). Complete business case with ROI calculations (350% for Reuters), pricing tiers, technical integration, and Swedish election 2026 as live proof-of-concept. <em>Automated monitoring beats access journalism. Predictive analytics beats reactive reporting.</em></p>

<a href="blog-cia-swedish-media-election-2026.html">Swedish Media Strategy →</a>

<a href="blog-cia-business-case-global-news.html">Global News Business Case →</a>

<a href="blog-cia-alternative-media-discordian-2026.html">Alternative Media + Discordian Futures →</a>

</div>

</div>

<p class="hidden-wisdom"><strong>Election 2026 Timeline:</strong> Pilot program applications open now • April 2026: Pilot begins • September 2026: Riksdagsvalet live coverage • Post-election: Coalition formation analysis • <em>Systematic intelligence for democratic accountability.</em> <strong>23 FNORD 5 🍎</strong></p>

</section>

<section id="featured">

<h2 class="panel-caption">Featured Posts</h2>

<div class="cards">

<div class="card confidentiality-card">

<div class="scanner-effect"></div>

<h3>🤖 Automated Convergence: Self-Healing Software Through AI Agents</h3>

<p>Vision now reality. Behold the Pentagon of Continuous Improvement! Hack23's task agents ALWAYS create issues that improve security, quality, functionality, QA, and ISMS alignment. <strong>Automated convergence</strong> towards excellence through AI that enforces what humans forget. Heavy ISMS cross-referencing. Policies reference architecture. Architecture references policies. Documentation evolves as work progresses. <em>The system heals itself.</em> <strong>FNORD.</strong> Did you miss the pattern? Every issue = improvement. Every improvement = ISMS alignment. The future you were promised—except it actually works. Are you paranoid enough to trust AI that enforces your own policies better than you do?</p>

<a href="blog-automated-convergence.html" title="Read Automated Convergence Vision">Read Vision →</a>

</div>

<div class="card integrity-card">

<div class="scanner-effect"></div>

<h3>🍎 Everything You Know About Security Is a Lie</h3>

<p>A radical examination of security theater, surveillance states, and ISMS transparency through the lens of Illuminatus! trilogy philosophy. Nation-state capabilities backdooring your "approved" crypto, the panopticon that definitely doesn't exist (except it does), and Chapel Perilous initiation through uncomfortable truths. <strong>Are you paranoid enough?</strong> If this sounds reasonable, you're already too deep. If this sounds paranoid, you're not paying attention. <strong>FNORD.</strong></p>

<a href="discordian-cybersecurity.html" title="Read Discordian Manifesto">Read Manifesto →</a>

</div>

<div class="card availability-card">

<div class="scanner-effect"></div>

<h3>Information Hoarding Destroys Data Integrity</h3>

<p>How information hoarding in emails, personal drives and restricted channels undermines organizational knowledge integrity. <em>Nothing is true when everything is hidden behind "need-to-know" gatekeeping.</em> Explores practical CIA Triad implementation challenges and solutions that security theater ignores while executives play information feudalism with corporate knowledge. Spoiler: Your "secure" silos are just expensive ignorance.</p>

<a href="blog-information-hoarding.html" title="Read Full Article">Read Article →</a>

</div>

<div class="card confidentiality-card">

<div class="scanner-effect"></div>

<h3>🤖 OWASP LLM Security</h3>

<p>Training AI Not to Hallucinate Your Secrets (Spoiler: It Will Anyway). OWASP Top 10 for LLMs through a Discordian lens: prompt injection, model poisoning, and why your AI might be the best social engineer yet—helpful, confident, and utterly unreliable. <strong>Question authority.</strong> Especially robotic authority that hallucinates with CONFIDENCE while regurgitating your training data to anyone who asks nicely. Your LLM is a chatty psychonaut who memorized the entire internet. <em>Are you paranoid enough about what it remembers?</em></p>

<a href="discordian-llm-security.html" title="Read LLM Security">Read Article →</a>

</div>

</div>

</section>

<section id="core-manifesto">

<h2 class="panel-caption">🍎 Core Manifesto &amp; Philosophy</h2>

<p><em>"Nothing is true. Everything is permitted. Think for yourself, schmuck!"</em> — Hassan-i Sabbah (before the Illuminati twisted his words)</p>

<p><strong>Welcome to Chapel Perilous.</strong> You can't unsee what you're about to read. The comfortable illusions of "best practices" and "approved standards" dissolve here like Dual_EC_DRBG's credibility post-Snowden. <strong>Are you paranoid enough</strong> to question why the same organizations that run PRISM tell you which encryption is "safe"? Why the NSA designs your crypto standards? Why "military-grade" means "designed by the military"? You should be. <strong>FNORD.</strong> See it now? It's everywhere once you know to look.</p>

<div class="cards">

<div class="card">

<div class="scanner-effect"></div>

<h3>Everything You Know About Security Is a Lie</h3>

<p>Nation-state capabilities you're not supposed to know about, approved crypto paradox (who approves it?), Chapel Perilous initiation through uncomfortable truths. <strong>FNORD.</strong> It's in every "secure" standard. Can you see it yet?</p>

<a href="discordian-cybersecurity.html">Read More →</a>

</div>

<div class="card">

<div class="scanner-effect"></div>

<h3>The Security-Industrial Complex</h3>

<p>How fear became a business model and "best practices" became vendor lock-in. <em>Question everything.</em> Especially vendors selling paranoia while their products ship with CVEs older than your career. Follow the money—it leads to expensive mediocrity.</p>

<a href="discordian-business-value.html">Read More →</a>

</div>

<div class="card">

<div class="scanner-effect"></div>

<h3>Question Authority: Crypto Approved By Spies</h3>

<p>Dual_EC_DRBG, Crypto AG, and why government approval should make you suspicious, not comfortable. <strong>Are you paranoid enough?</strong> The NSA designed Dual_EC with a backdoor, got it standardized, everyone used it for 7 years. Then they standardized more algorithms. And you trust them again? <em>Fool me once...</em></p>

<a href="discordian-crypto.html">Read More →</a>

</div>

<div class="card">

<div class="scanner-effect"></div>

<h3>Think For Yourself: Classification</h3>

<p>Classification beyond compliance theater—five levels of actually giving a damn. <em>Not everything is critical. Not everything is public.</em> Most classification frameworks: security theater pretending to be decision-making. Ours: evidence-based resource allocation. Know the difference.</p>

<a href="discordian-classification.html">Read More →</a>

</div>

</div>

</section>

<section id="architecture-simon-moon">

<h2 class="panel-caption">⭐ Simon Moon's Architecture Chronicles: Sacred Geometry in Code</h2>

<p><em>"The Pentagon as a geometric figure suggests five sides, five elements, five senses... Everything happens in fives."</em> — Simon Moon</p>

<p><strong>System Architect extraordinaire.</strong> Numerologist. Philosopher-engineer. Pattern recognition expert. Simon Moon reveals the hidden structures in Hack23's three major products through the Law of Fives and sacred geometry. <strong>Architecture that balances cosmic patterns with practical implementation.</strong></p>

<h3 class="subsection-title">🏛️ Citizen Intelligence Agency Chronicles</h3>

<h4>Core Architecture &amp; Security</h4>

<div class="cards">

<div class="card confidentiality-card">

<div class="scanner-effect"></div>

<h3>🏛️ CIA Architecture: The Five Pentacles</h3>

<p>When democracies hide in darkness, transparency becomes revolution. Five container types crystallized from the parliamentary domain itself. Architecture that mirrors political reality—power flows documented in code. <em>The CIA exists in five layers naturally, not by design.</em></p>

<a href="blog-cia-architecture.html">Read Architecture Analysis →</a>

</div>

<div class="card integrity-card">

<div class="scanner-effect"></div>

<h3>🔐 CIA Security: Defense Through Transparency</h3>

<p>The transparency paradox solved: security through mathematical proof, not mystical obscurity. Five defensive layers. OpenSSF Scorecard 7.2/10. Zero critical vulnerabilities across 5 years. <strong>Not promises—evidence.</strong> When attackers can read every defense, make defenses unbreakable.</p>

<a href="blog-cia-security.html">Read Security Analysis →</a>

</div>

<div class="card availability-card">

<div class="scanner-effect"></div>

<h3>🛡️ CIA Future Security: The Pentagon of Tomorrow</h3>

<p>The future crystallizes from patterns already present. Post-quantum cryptography before quantum computers threaten. AI-augmented detection before AI attacks dominate. Six security pillars preparing for threats conventional security pretends won't emerge. <em>Pattern recognition becomes defensive reality.</em></p>

<a href="blog-cia-future-security.html">Read Future Vision →</a>

</div>

</div>

<h4>Operations &amp; Financial Strategy</h4>

<div class="cards">

<div class="card confidentiality-card">

<div class="scanner-effect"></div>

<h3>💰 CIA Financial Strategy: $24.70/Day Democracy</h3>

<p>Democracy costs $24.70/day when architecture channels cosmic financial patterns through AWS optimization. Five security services, golden ratio resource allocation, SWOT analysis revealing strategic truth. <em>Cost constraints forcing architectural excellence—every dollar justified.</em> Financial sacred geometry through cloud infrastructure.</p>

<a href="blog-cia-financial-strategy.html">Read Financial Analysis →</a>

</div>

<div class="card integrity-card">

<div class="scanner-effect"></div>

<h3>🔄 CIA Workflows: Five-Stage CI/CD &amp; State Machines</h3>

<p>Five GitHub Actions workflows orchestrating DevSecOps automation. Data processing through five state transitions. Security scanning gates preventing vulnerabilities. <strong>Manual processes are technical debt.</strong> Continuous integration meets state machine democracy. <em>Automation liberating humans from repetitive tasks.</em></p>

<a href="blog-cia-workflows.html">Read Workflow Analysis →</a>

</div>

<div class="card availability-card">

<div class="scanner-effect"></div>

<h3>🧠 CIA Mindmaps: Conceptual Sacred Geometry</h3>

<p>Hierarchical thinking revealing natural organizational patterns: 4 current domains (Political Data, Metrics, Tools, Management) expanding into 5 future dimensions (AI Analytics, Visualization, Integration, Modernization, UX). Seven ML models organizing AI enhancement (5+2 sacred numerology). <em>Mindmaps showing what systems do, architecture diagrams showing how they're built.</em></p>

<a href="blog-cia-mindmaps.html">Read Mindmap Analysis →</a>

</div>

</div>

<h4>Intelligence &amp; OSINT</h4>

<div class="cards">

<div class="card confidentiality-card">

<div class="scanner-effect"></div>

<h3>🕵️ CIA OSINT Intelligence: 45 Rules for Watching the Watchers</h3>

<p>Hagbard Celine exposes the intelligence framework behind Citizen Intelligence Agency: 45 behavioral risk rules across four operational domains, five analytical frameworks (Temporal, Comparative, Pattern, Predictive, Network), and democratic process abuse analysis. <strong>Political surveillance as radical transparency.</strong> OSINT methodology inverting the panopticon—citizens watching representatives systematically. Intelligence-as-a-Service for democratic accountability. <em>Are you paranoid enough to want systematic monitoring of 350 politicians claiming to represent you?</em> <strong>FNORD.</strong></p>

<a href="blog-cia-osint-intelligence.html">Read Intelligence Analysis →</a>

</div>

<div class="card integrity-card">

<div class="scanner-effect"></div>

<h3>📺 CIA Value Proposition for Swedish Media: Election 2026</h3>

<p>Hagbard Celine's business development strategy targeting Swedish mainstream media (SVT, DN, SvD, Aftonbladet, Expressen) for riksdagsvalet 2026 coverage. <strong>349 MPs monitored, 45 risk rules, coalition predictions.</strong> Intelligence-as-a-Service pilot program for Swedish newsrooms: €5,000/month (50% discount), 6-month evaluation, election night live dashboard. <em>Systematic data beats anecdotal narratives. Tänk själv, ifrågasätt auktoriteter!</em> Business model: Nordic €46M addressable market, Year 3 €8.5M ARR target. <strong>FNORD.</strong></p>

<a href="blog-cia-swedish-media-election-2026.html">Read Media Strategy →</a>

<a href="blog-cia-swedish-media-election-2026_sv.html" lang="sv">Läs på Svenska →</a>

<h3>📰 CIA Business Case for Global News Outlets</h3>

<p>How The Economist, Financial Times, Reuters, Bloomberg, and AP can leverage CIA's 45 behavioral risk rules for systematic political intelligence and data journalism at scale. Swedish election 2026 proof-of-concept. Five analytical frameworks, €120K/year Enterprise tier, 10-organization pilot program. <strong>Intelligence-as-a-Service for democracy.</strong> <em>Think for yourself. Question authority. Trust the data.</em> Automated monitoring beats access journalism. Predictive analytics beats reactive reporting. €10K/month API beats €252K/year traditional political desk. <strong>Join the intelligence revolution. FNORD.</strong></p>

<a href="blog-cia-business-case-global-news.html">Read Business Case →</a>

</div>

<div class="card availability-card">

<div class="scanner-effect"></div>

<h3>🍎 CIA for Alternative Media: Discordian Election 2026 Futures</h3>

<p>Full Discordian manifesto targeting Swedish alternative media (Fria Tider, Nya Dagbladet, ETC, Arbetaren) for riksdagsvalet 2026. <strong>Chapel Perilous initiation through systematic data.</strong> Think for yourself, question authority via algorithmic accountability. FNORD detection in mainstream narratives. Law of Fives (23/5). Futuristic 2026-2030 projections: AI-augmented chaos, sentiment analysis, corruption detection ML. <strong>5 pilot slots: €1,000/month (60% discount), 6 months.</strong> <em>Alternative media intelligence revolution. Nothing is true. Everything is permitted. All hail Eris!</em> <strong>23 FNORD 5 🍎</strong></p>

<a href="blog-cia-alternative-media-discordian-2026.html">Enter Chapel Perilous →</a>

</div>

</div>

<h3 class="subsection-title">⚖️ CIA Compliance Manager Chronicles</h3>

<div class="cards">

<div class="card confidentiality-card">

<div class="scanner-effect"></div>

<h3>⚖️ Compliance Manager: CIA Triad Meets Sacred Geometry</h3>

<p>Security isn't binary—it's capability maturation measured in levels. Three principles × four maturity levels = twelve progression points. Pretending you're at Basic maturity while facing Advanced threats = self-deception ending in breach. <em>Evidence-based progression, not checkbox compliance theater.</em></p>

<a href="blog-compliance-architecture.html">Read Architecture Analysis →</a>

</div>

<div class="card integrity-card">

<div class="scanner-effect"></div>

<h3>🛡️ Compliance Security: STRIDE Through Five Dimensions</h3>

<p>Six STRIDE categories compress into five defensive requirements—the universe revealing optimal structure through constraint. Client-side architecture eliminating entire attack classes. <strong>Zero server vulnerabilities because zero server.</strong> Pattern recognition enabling defensive efficiency over exhaustive categorization.</p>

<a href="blog-compliance-security.html">Read Security Analysis →</a>

</div>

<div class="card availability-card">

<div class="scanner-effect"></div>

<h3>🔮 Compliance Future: Context-Aware Security &amp; Adaptive Defense</h3>

<p>Future architecture transcending static assessment: five architectural changes (Context Framework, ML Enhancement, Integration, Continuous Monitoring). Security recommendations adapting to organizational reality—industry, size, data sensitivity, AI usage, maturity. <em>From annual checkbox compliance to continuous intelligence.</em></p>

<a href="blog-compliance-future.html">Read Future Architecture →</a>

</div>

</div>

<h3 class="subsection-title">🥋 Black Trigram Chronicles</h3>

<div class="cards">

<div class="card confidentiality-card">

<div class="scanner-effect"></div>

<h3>🥋 Black Trigram Architecture: Five Fighters, Sacred Geometry</h3>

<p>Five fighter archetypes discovered, not invented—embedded in the combat domain itself. Cultural authenticity meeting mechanical depth. Zero backend, zero installation, zero platform lock-in. <em>Fighting games historically gatekept—we chose universal access instead.</em></p>

<a href="blog-trigram-architecture.html">Read Game Architecture →</a>

</div>

<div class="card confidentiality-card">

<div class="scanner-effect"></div>

<h3>⚔️ Black Trigram Combat: 70 Vital Points &amp; Physics of Respect</h3>

<p>Traditional Korean martial arts map 70 vital points—not mysticism but biomechanics where physics, anatomy, and centuries converge. Five collision systems. Damage calculation through anatomical precision. <strong>Technology serving culture, never exploiting it.</strong> Respect demands accuracy.</p>

<a href="blog-trigram-combat.html">Read Combat System →</a>

</div>

<div class="card integrity-card">

<div class="scanner-effect"></div>

<h3>🥽 Black Trigram Future: VR Martial Arts &amp; Immersive Combat</h3>

<p>Five-year evolution from 3D fighter to VR martial arts training platform. Year 1: Training Mode. Year 2: Weapon Combat (5×5=25 styles). Year 3: Environmental Interaction. Year 4: ML AI. Year 5: Motion Control VR. <em>Korean martial arts preservation through immersive technology. The Pentagon of Future Combat.</em></p>

<a href="blog-trigram-future.html">Read Future Vision →</a>

</div>

</div>