From 228a58056c7a543f78cd2f7f824bb3f7a3280334 Mon Sep 17 00:00:00 2001 From: Richard Kranendonk Date: Thu, 30 Apr 2026 18:33:25 +0200 Subject: [PATCH] Removed BoF cruft --- ...erms-definitions-and-abbreviated terms.md} | 203 ++---------------- ...a-5.1-Policies-for-information-security.md | 14 +- .../OST/27002/EN/a-5.15-Access-control.md | 2 - .../EN/a-5.17-Authentication-information.md | 1 - ...tion-security-in-supplier-relationships.md | 1 - ...ion-security-roles-and-responsibilities.md | 1 - ...ion-security-within-supplier-agreements.md | 1 - ...mation-security-in-the-ICT-supply-chain.md | 3 - ...-change-management-of-supplier-services.md | 2 +- ...tion-security-for-use-of-cloud-services.md | 1 - ...ent-management-planning-and-preparation.md | 1 - ...ing-from-information-security-incidents.md | 1 - ...-Information-security-during-disruption.md | 1 - .../27002/EN/a-5.3-Segregation-of-duties.md | 19 +- ...0-ICT-readiness-for-business-continuity.md | 7 +- .../EN/a-5.32-Intellectual-property-rights.md | 1 - .../a-5.37-Documented-operating-procedures.md | 2 - .../EN/a-5.4-Management-responsibilities.md | 1 - .../EN/a-5.5-Contact-with-authorities.md | 1 - ....6-Contact-with-special-interest-groups.md | 1 - .../OST/27002/EN/a-5.7-Threat-intelligence.md | 1 - ...ormation-security-in-project-management.md | 1 - ...information-and-other-associated-assets.md | 2 - ...curity-awareness-education-and-training.md | 2 - ...ter-termination-or-change-of-employment.md | 2 - ...dentiality-or-non-disclosure-agreements.md | 2 - ....8-Information-security-event-reporting.md | 2 - .../EN/a-7.1-Physical-security-perimeters.md | 2 - ...3-Securing-offices-rooms-and-facilities.md | 2 - .../EN/a-7.4-Physical-security-monitoring.md | 2 - .../OST/27002/EN/a-8.13-Information-backup.md | 1 - .../ISO27x/OST/27002/EN/a-8.15-Logging.md | 2 - .../27002/EN/a-8.16-Monitoring-activities.md | 1 - ...tion-of-software-on-operational-systems.md | 1 - .../EN/a-8.2-Privileged-access-rights.md | 2 - .../EN/a-8.21-Security-of-network-services.md | 2 - .../EN/a-8.22-Segregation-of-networks.md | 2 - .../27002/EN/a-8.24-Use-of-cryptography.md | 6 - .../a-8.25-Secure-development-life-cycle.md | 5 - ...-8.26-Application-security-requirements.md | 1 - ...architecture-and-engineering-principles.md | 5 - .../OST/27002/EN/a-8.28-Secure-coding.md | 6 - ...y-testing-in-development-and-acceptance.md | 2 - .../OST/27002/EN/a-8.32-Change-management.md | 1 - .../27002/EN/a-8.5-Secure-authentication.md | 2 - .../EN/a-8.7-Protection-against-malware.md | 4 +- ...Management-of-technical-vulnerabilities.md | 2 - .../EN/a-8.9-Configuration-management.md | 1 - 48 files changed, 32 insertions(+), 296 deletions(-) rename Corpus/Standards/ISO27x/OST/27002/EN/{ISO_27002_OT 3 Terms, definitions and abbreviated terms.md => a-3-Terms-definitions-and-abbreviated terms.md} (83%) diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/ISO_27002_OT 3 Terms, definitions and abbreviated terms.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-3-Terms-definitions-and-abbreviated terms.md similarity index 83% rename from Corpus/Standards/ISO27x/OST/27002/EN/ISO_27002_OT 3 Terms, definitions and abbreviated terms.md rename to Corpus/Standards/ISO27x/OST/27002/EN/a-3-Terms-definitions-and-abbreviated terms.md index 4ac17cb..2b34ca2 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/ISO_27002_OT 3 Terms, definitions and abbreviated terms.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-3-Terms-definitions-and-abbreviated terms.md @@ -1,7 +1,4 @@ -#iso27002/2022/EN - - -**3.1** **Terms** **and** **definitions** +## 3.1 Terms and definitions @@ -75,7 +72,7 @@ ISO Store Order: OP-582678 / Downloaded: 2022-02-17 Single user licence only, co -— organization’s structure. +— organization's structure. @@ -115,7 +112,7 @@ Note 1 to entry: Material includes information and other associated _assets_ (3. -[SOURCE: ISO/IEC 27050-1:2019, 3.1, modified — “Note 1 to entry” added] +[SOURCE: ISO/IEC 27050-1:2019, 3.1, modified — "Note 1 to entry" added] @@ -151,7 +148,7 @@ Note 2 to entry: Controls may not always exert the intended or assumed modifying **disrupti****on** -incident, whether anticipated or unanticipated, that causes an unplanned, negative deviation from the expected delivery of products and services according to an organization’s objectives +incident, whether anticipated or unanticipated, that causes an unplanned, negative deviation from the expected delivery of products and services according to an organization's objectives @@ -251,7 +248,7 @@ occurrence indicating a possible _information_ _security_ _breach_ (3.1.13) or f -[SOURCE: ISO/IEC 27035-1:2016, 3.3, modified — “breach of information security” has been replaced with “information security breach”] +[SOURCE: ISO/IEC 27035-1:2016, 3.3, modified — "breach of information security" has been replaced with "information security breach"] @@ -259,7 +256,7 @@ occurrence indicating a possible _information_ _security_ _breach_ (3.1.13) or f **information** **security incident** -one or multiple related and identified _information_ _security_ _events_ (3.1.14) that can harm an organization’s _assets_ (3.1.2) or compromise its operations +one or multiple related and identified _information_ _security_ _events_ (3.1.14) that can harm an organization's _assets_ (3.1.2) or compromise its operations @@ -309,11 +306,11 @@ ability to prove the occurrence of a claimed event or action and its originating **pers****onnel** -persons doing work under the organization’s direction +persons doing work under the organization's direction -Note 1 to entry: The concept of personnel includes the organization’s members, such as the governing body, top management, employees, temporary staff, contractors and volunteers. +Note 1 to entry: The concept of personnel includes the organization's members, such as the governing body, top management, employees, temporary staff, contractors and volunteers. @@ -351,7 +348,7 @@ any information that (a) can be used to establish a link between the information -Note 1 to entry: The “natural person” in the definition is the _PII_ _principal_ (3.1.22). To determine whether a PII principal is identifiable, account should be taken of all the means which can reasonably be used by the privacy stakeholder holding the data, or by any other party, to establish the link between the set of PII and the natural person. +Note 1 to entry: The "natural person" in the definition is the _PII_ _principal_ (3.1.22). To determine whether a PII principal is identifiable, account should be taken of all the means which can reasonably be used by the privacy stakeholder holding the data, or by any other party, to establish the link between the set of PII and the natural person. @@ -367,7 +364,7 @@ natural person to whom the _personally identifiable_ _information_ _(PII)_ (3.1. -Note 1 to entry: Depending on the jurisdiction and the particular data protection and privacy legislation, the synonym “data subject” can also be used instead of the term “PII principal”. +Note 1 to entry: Depending on the jurisdiction and the particular data protection and privacy legislation, the synonym "data subject" can also be used instead of the term "PII principal". @@ -397,7 +394,7 @@ intentions and direction of an organization, as formally expressed by its top ma **privacy** **impact** **assessment** **PIA** -overall _process_ (3.1.27) of identifying, analysing, evaluating, consulting, communicating and planning the treatment of potential privacy impacts with regard to the processing of _personally_ _identifiable_ _information_ _(PII)_ (3.1.21), framed within an organization’s broader risk management framework +overall _process_ (3.1.27) of identifying, analysing, evaluating, consulting, communicating and planning the treatment of potential privacy impacts with regard to the processing of _personally_ _identifiable_ _information_ _(PII)_ (3.1.21), framed within an organization's broader risk management framework @@ -437,37 +434,11 @@ information created, received and maintained as evidence and as an _asset_ (3.1. - - - - - - -**4** © ISO/IEC 2022 – All rights reserved - -Licensed to ISO27DIY / Richard Kranendonk (rkranendonk@mac.com) - -ISO Store Order: OP-582678 / Downloaded: 2022-02-17 Single user licence only, copying and networking prohibited. - - - - - - - -**ISO/IEC 27002:2022(E)** - - - - - - - Note 1 to entry: Legal obligations in this context include all legal, statutory, regulatory and contractual requirements. -[SOURCE: ISO 15489-1:2016, 3.14, modified— “Note 1 to entry” added.] +[SOURCE: ISO 15489-1:2016, 3.14, modified— "Note 1 to entry" added.] @@ -501,7 +472,7 @@ property of consistent intended behaviour and results **rule** -accepted principle or instruction that states the organization’s expectations on what is required to be done, what is allowed or not allowed +accepted principle or instruction that states the organization's expectations on what is required to be done, what is allowed or not allowed @@ -545,7 +516,7 @@ EXAMPLE Topic-specific policy on _access_ _control_ (3.1.1), topic-specific poli **u****ser** -_interested_ _party_ (3.1.18) with access to the organization’s _information_ _systems_ (3.1.17) +_interested_ _party_ (3.1.18) with access to the organization's _information_ _systems_ (3.1.17) @@ -553,40 +524,6 @@ EXAMPLE _Personnel_ (3.1.20), customers, suppliers. - - - - - - -© ISO/IEC 2022 – All rights reserved - - - - - - - - - - - -**5** - - - - - - - -**ISO/IEC 27002:2022(E)** - - - - - - - **3.1.37** **user** **endpoint** **device** @@ -617,202 +554,90 @@ weakness of an _asset_ (3.1.2) or _control_ (3.1.8) that can be exploited by one ABAC attribute-based access control - - ACL access control list - - BIA business impact analysis - - BYOD bring your own device - - CAPTCHA completely automated public Turing test to tell computers and humans apart - - CPU central processing unit - - DAC discretionary access control - - DNS domain name system - - GPS global positioning system - - IAM identity and access management - - ICT information and communication technology - - ID identifier - - IDE integrated development environment - - IDS intrusion detection system - - IoT internet of things - - IP internet protocol - - IPS intrusion prevention system - - IT information technology - - ISMS information security management system - - MAC mandatory access control - - NTP network time protocol - - PIA privacy impact assessment - - PII personally identifiable information - - - - - - -**6** © ISO/IEC 2022 – All rights reserved - -Licensed to ISO27DIY / Richard Kranendonk (rkranendonk@mac.com) - -ISO Store Order: OP-582678 / Downloaded: 2022-02-17 Single user licence only, copying and networking prohibited. - - - - - - - -**ISO/IEC 27002:2022(E)** - - - - - - - PIN personal identification number - - PKI public key infrastructure - - PTP precision time protocol - - RBAC role-based access control - - RPO recovery point objective - - RTO recovery time objective - - SAST static application security testing - - SD secure digital - - SDN software-defined networking - - SD-WAN software-defined wide area networking - - SIEM security information and event management - - SMS short message service - - SQL structured query language - - SSO single sign on - - SWID software identification - - UEBA user and entity behaviour analytics - - UPS uninterruptible power supply - - URL uniform resource locator - - USB universal serial bus - - VM virtual machine - - VPN virtual private network - - WiFi wireless fidelity \ No newline at end of file diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.1-Policies-for-information-security.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.1-Policies-for-information-security.md index c16d528..e097f37 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.1-Policies-for-information-security.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.1-Policies-for-information-security.md @@ -1,4 +1,3 @@ -#iso27002/2022/EN ## 5.1 Policies for information security #### Control @@ -8,7 +7,7 @@ Information security policy and topic-specific policies should be defined, appro To ensure continuing suitability, adequacy, effectiveness of management direction and support for information security in accordance with business, legal, statutory, regulatory and contractual requirements. #### Guidance -At the highest level, the organization should define an “information security policy” which is approved by top management and which sets out the organization’s approach to managing its information security. +At the highest level, the organization should define an "information security policy" which is approved by top management and which sets out the organization's approach to managing its information security. The information security policy should take into consideration requirements derived from: @@ -45,10 +44,10 @@ j) information classification and handling; k) management of technical vulnerabilities; l) secure development. -The responsibility for the development, review and approval of the topic-specific policies should be allocated to relevant personnel based on their appropriate level of authority and technical competency. The review should include assessing opportunities for improvement of the organization’s information security policy and topic-specific policies and managing information security in response to changes to: +The responsibility for the development, review and approval of the topic-specific policies should be allocated to relevant personnel based on their appropriate level of authority and technical competency. The review should include assessing opportunities for improvement of the organization's information security policy and topic-specific policies and managing information security in response to changes to: -a) the organization’s business strategy; -b) the organization’s technical environment; +a) the organization's business strategy; +b) the organization's technical environment; c) regulations, statutes, legislation and contracts; d) information security risks; e) the current and projected information security threat environment; @@ -56,7 +55,7 @@ f) lessons learned from information security events and incidents. The review of information security policy and topic-specific policies should take the results of management reviews and audits into account. Review and update of other related policies should be considered when one policy is changed to maintain consistency. -The information security policy and topic-specific policies should be communicated to relevant personnel and interested parties in a form that is relevant, accessible and understandable to the intended reader. Recipients of the policies should be required to acknowledge they understand and agree to comply with the policies where applicable. The organization can determine the formats and names of these policy documents that meet the organization’s needs. In some organizations, the information security policy and topic-specific policies can be in a single document. The organization can name these topic-specific policies as standards, directives, policies or others. +The information security policy and topic-specific policies should be communicated to relevant personnel and interested parties in a form that is relevant, accessible and understandable to the intended reader. Recipients of the policies should be required to acknowledge they understand and agree to comply with the policies where applicable. The organization can determine the formats and names of these policy documents that meet the organization's needs. In some organizations, the information security policy and topic-specific policies can be in a single document. The organization can name these topic-specific policies as standards, directives, policies or others. If the information security policy or any topic-specific policy is distributed outside the organization, care should be taken not to improperly disclose confidential information. @@ -73,5 +72,4 @@ Topic-specific policies can vary across organizations. # Related -- [[ISO_27002_PE 5.1 Policies for information security]] - +- [[ISO_27002_PE 5.1 Policies for information security]] \ No newline at end of file diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.15-Access-control.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.15-Access-control.md index bfe1808..a55aa6e 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.15-Access-control.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.15-Access-control.md @@ -1,5 +1,3 @@ -#iso27002/2022/EN - ## 5.15 Access control | Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains | diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.17-Authentication-information.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.17-Authentication-information.md index debc788..50be34b 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.17-Authentication-information.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.17-Authentication-information.md @@ -1,4 +1,3 @@ -#iso27002/2022/EN ## 5.17 Authentication information ### Control diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.19-Information-security-in-supplier-relationships.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.19-Information-security-in-supplier-relationships.md index 11664ac..a614244 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.19-Information-security-in-supplier-relationships.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.19-Information-security-in-supplier-relationships.md @@ -1,4 +1,3 @@ -#iso27002/2022/EN ## 5.19 Information security in supplier relationships **Control** diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.2-Information-security-roles-and-responsibilities.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.2-Information-security-roles-and-responsibilities.md index d525666..7b88880 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.2-Information-security-roles-and-responsibilities.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.2-Information-security-roles-and-responsibilities.md @@ -1,4 +1,3 @@ -#iso27002/2022/EN ## 5.2 Information security roles and responsibilities ### Control diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.20-Addressing-information-security-within-supplier-agreements.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.20-Addressing-information-security-within-supplier-agreements.md index 55e407d..3eecb00 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.20-Addressing-information-security-within-supplier-agreements.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.20-Addressing-information-security-within-supplier-agreements.md @@ -1,4 +1,3 @@ -#iso27002/2022/EN ## 5.20 Addressing information security within supplier agreements **Control** diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.21-Managing-information-security-in-the-ICT-supply-chain.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.21-Managing-information-security-in-the-ICT-supply-chain.md index bed7514..5d9418c 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.21-Managing-information-security-in-the-ICT-supply-chain.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.21-Managing-information-security-in-the-ICT-supply-chain.md @@ -1,6 +1,3 @@ -#iso27002/2022/EN -[[ISO_27002_PE 5.21 Managing information security in the ICT supply chain]] - ## 5.21 Managing information security in the ICT supply chain **Control** diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.22-Monitoring-review-and-change-management-of-supplier-services.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.22-Monitoring-review-and-change-management-of-supplier-services.md index 6f842b7..885d951 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.22-Monitoring-review-and-change-management-of-supplier-services.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.22-Monitoring-review-and-change-management-of-supplier-services.md @@ -1,4 +1,4 @@ -#iso27002/2022/EN +## 5.22 Monitoring, review, and change management of supplier services **Control** The organization should regularly monitor, review, evaluate and manage change in supplier information security practices and service delivery. diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.23-Information-security-for-use-of-cloud-services.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.23-Information-security-for-use-of-cloud-services.md index 4b5329c..e13d64d 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.23-Information-security-for-use-of-cloud-services.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.23-Information-security-for-use-of-cloud-services.md @@ -1,4 +1,3 @@ -#iso27002/2022/EN ## 5.23 Information security for use of cloud services #### Control diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.24-Information-security-incident-management-planning-and-preparation.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.24-Information-security-incident-management-planning-and-preparation.md index f8fac08..a2bd547 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.24-Information-security-incident-management-planning-and-preparation.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.24-Information-security-incident-management-planning-and-preparation.md @@ -1,4 +1,3 @@ -#iso27002/2022/EN ## 5.24 Information security incident management planning and preparation #### Control diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.27-Learning-from-information-security-incidents.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.27-Learning-from-information-security-incidents.md index 6b32db2..089f267 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.27-Learning-from-information-security-incidents.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.27-Learning-from-information-security-incidents.md @@ -1,4 +1,3 @@ -#iso27002/2022/EN ## 5.27 Learning from information security incidents #### Control diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.29-Information-security-during-disruption.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.29-Information-security-during-disruption.md index c37ffcf..24172cd 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.29-Information-security-during-disruption.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.29-Information-security-during-disruption.md @@ -1,4 +1,3 @@ -#iso27002/2022/EN ## 5.29 Information security during disruption | Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains | diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.3-Segregation-of-duties.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.3-Segregation-of-duties.md index 9895400..f8858ba 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.3-Segregation-of-duties.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.3-Segregation-of-duties.md @@ -1,4 +1,3 @@ -#iso27002/2022/EN ## 5.3 Segregation of duties ### Control @@ -12,24 +11,24 @@ Segregation of duties and areas of responsibility aims to separate conflicting d The organization should determine which duties and areas of responsibility need to be segregated. The following are examples of activities that can require segregation: -a)   initiating, approving and executing a change; +a) initiating, approving and executing a change; -b)   requesting, approving and implementing access rights; +b) requesting, approving and implementing access rights; -c)   designing, implementing and reviewing code; +c) designing, implementing and reviewing code; -d)   developing software and administering production systems; +d) developing software and administering production systems; -e)   using and administering applications; +e) using and administering applications; -f)   using applications and administering databases; +f) using applications and administering databases; -g)   designing, auditing and assuring information security controls. +g) designing, auditing and assuring information security controls. -The  possibility of collusion should be considered in designing the segregation controls. Small organizations can find segregation of duties difficult to achieve, but the principle should be applied as far as is possible and practicable. Whenever it is difficult to segregate, other controls should be considered, such as monitoring of activities, audit trails and management supervision. +The possibility of collusion should be considered in designing the segregation controls. Small organizations can find segregation of duties difficult to achieve, but the principle should be applied as far as is possible and practicable. Whenever it is difficult to segregate, other controls should be considered, such as monitoring of activities, audit trails and management supervision. Care should be taken when using role-based access control systems to ensure that persons are not granted conflicting roles. When there is a large number of roles, the organization should consider using automated tools to identify conflicts and facilitate their removal. Roles should be carefully defined and provisioned to minimize access problems if a role is removed or reassigned. -### Other **information** +### Other information No other information. \ No newline at end of file diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.30-ICT-readiness-for-business-continuity.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.30-ICT-readiness-for-business-continuity.md index 57a9d36..0c3c50a 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.30-ICT-readiness-for-business-continuity.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.30-ICT-readiness-for-business-continuity.md @@ -1,9 +1,4 @@ -#iso27002/2022/EN -See also: -- [BCP_Bedrijfscontinuïteitsplanning](../../../../../📚️%20Literature%20notes/BCP_Bedrijfscontinuïteitsplanning.md) -- [Disaster Recovery Planning](../../../../../🎇%20Sparks/Disaster%20Recovery%20Planning.md) - -# **5.30** **ICT** **readiness** **for** **business** continuity +## **5.30** **ICT** **readiness** **for** **business** continuity ## Purpose diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.32-Intellectual-property-rights.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.32-Intellectual-property-rights.md index 74e38b0..6637786 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.32-Intellectual-property-rights.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.32-Intellectual-property-rights.md @@ -1,4 +1,3 @@ -#iso27002/2022/EN ## 5.32 Intellectual property rights **Control** diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.37-Documented-operating-procedures.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.37-Documented-operating-procedures.md index 141da41..741a191 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.37-Documented-operating-procedures.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.37-Documented-operating-procedures.md @@ -1,5 +1,3 @@ - - ## 5.37 Documented operating procedures | Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains | diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.4-Management-responsibilities.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.4-Management-responsibilities.md index 2f50de6..113f2e7 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.4-Management-responsibilities.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.4-Management-responsibilities.md @@ -1,4 +1,3 @@ -#iso27002/2022/EN ## 5.4 Management responsibilities #### Control diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.5-Contact-with-authorities.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.5-Contact-with-authorities.md index 423a885..a6fcb18 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.5-Contact-with-authorities.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.5-Contact-with-authorities.md @@ -1,4 +1,3 @@ -#iso27002/2022/EN ## 5.5 Contact with authorities #### Control diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.6-Contact-with-special-interest-groups.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.6-Contact-with-special-interest-groups.md index ad461d2..3756091 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.6-Contact-with-special-interest-groups.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.6-Contact-with-special-interest-groups.md @@ -1,4 +1,3 @@ -#iso27002/2022/EN ## 5.6 Contact with special interest groups #### Control diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.7-Threat-intelligence.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.7-Threat-intelligence.md index 538e7c8..ff4ee61 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.7-Threat-intelligence.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.7-Threat-intelligence.md @@ -1,4 +1,3 @@ -#iso27002/2022/EN ## 5.7 Threat intelligence #### Control diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.8-Information-security-in-project-management.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.8-Information-security-in-project-management.md index 1cded2c..7d9150b 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.8-Information-security-in-project-management.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.8-Information-security-in-project-management.md @@ -1,4 +1,3 @@ -#iso27002/2022/EN ## 5.8 Information security in project management #### Control diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.9-Inventory-of-information-and-other-associated-assets.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.9-Inventory-of-information-and-other-associated-assets.md index 8168224..26c260a 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.9-Inventory-of-information-and-other-associated-assets.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.9-Inventory-of-information-and-other-associated-assets.md @@ -1,5 +1,3 @@ -#iso27002/2022/EN - ## 5.9 Inventory of information and other associated assets | Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains | diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-6.3-Information-security-awareness-education-and-training.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-6.3-Information-security-awareness-education-and-training.md index 5994f8f..f290ca1 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-6.3-Information-security-awareness-education-and-training.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-6.3-Information-security-awareness-education-and-training.md @@ -1,5 +1,3 @@ -#iso27002/2022/EN - ## 6.3 Information security awareness, education and training | **Control type** | **Information security properties** | **Cybersecurity concepts** | **Operational capabilities** | **Security domains** | diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-6.5-Responsibilities-after-termination-or-change-of-employment.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-6.5-Responsibilities-after-termination-or-change-of-employment.md index 172277d..e8e029d 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-6.5-Responsibilities-after-termination-or-change-of-employment.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-6.5-Responsibilities-after-termination-or-change-of-employment.md @@ -1,5 +1,3 @@ - - ## 6.5 Responsibilities after termination or change of employment | **Control type** | **Information security properties** | **Cybersecurity concepts** | **Operational capabilities** | **Security domains** | diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-6.6-Confidentiality-or-non-disclosure-agreements.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-6.6-Confidentiality-or-non-disclosure-agreements.md index b669405..be79fae 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-6.6-Confidentiality-or-non-disclosure-agreements.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-6.6-Confidentiality-or-non-disclosure-agreements.md @@ -1,5 +1,3 @@ - - ## 6.6 Confidentiality or non-disclosure agreements diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-6.8-Information-security-event-reporting.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-6.8-Information-security-event-reporting.md index 0b00a6c..0c1aec9 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-6.8-Information-security-event-reporting.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-6.8-Information-security-event-reporting.md @@ -1,5 +1,3 @@ - - ## 6.8 Information security event reporting diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-7.1-Physical-security-perimeters.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-7.1-Physical-security-perimeters.md index 216097e..2f6f13a 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-7.1-Physical-security-perimeters.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-7.1-Physical-security-perimeters.md @@ -1,5 +1,3 @@ - - ## 7.1 Physical security perimeters | **Control type** | **Information security properties** | **Cybersecurity concepts** | **Operational capabilities** | **Security domains** | diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-7.3-Securing-offices-rooms-and-facilities.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-7.3-Securing-offices-rooms-and-facilities.md index 3868b43..1b83685 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-7.3-Securing-offices-rooms-and-facilities.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-7.3-Securing-offices-rooms-and-facilities.md @@ -1,5 +1,3 @@ - - ## 7.3 Securing offices, rooms and facilities diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-7.4-Physical-security-monitoring.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-7.4-Physical-security-monitoring.md index bec1efd..ab30fdb 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-7.4-Physical-security-monitoring.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-7.4-Physical-security-monitoring.md @@ -1,5 +1,3 @@ - - ## 7.4 Physical security monitoring diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.13-Information-backup.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.13-Information-backup.md index e978a2d..f3baf55 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.13-Information-backup.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.13-Information-backup.md @@ -1,4 +1,3 @@ -#iso27002/2022/EN ## 8.13 Information backup | Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains | diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.15-Logging.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.15-Logging.md index cfdfc06..2fe1db6 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.15-Logging.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.15-Logging.md @@ -1,5 +1,3 @@ -#iso27002/2022/EN - ## 8.15 Logging | **Control type** | **Information security properties** | **Cybersecurity concepts** | **Operational capabilities** | **Security domains** | diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.16-Monitoring-activities.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.16-Monitoring-activities.md index b7d3de8..f2df294 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.16-Monitoring-activities.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.16-Monitoring-activities.md @@ -1,4 +1,3 @@ -#iso27002/2022/EN ## 8.16 Monitoring activities | **Control type** | **Information security properties** | **Cybersecurity concepts** | **Operational capabilities** | **Security domains** | diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.19-Installation-of-software-on-operational-systems.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.19-Installation-of-software-on-operational-systems.md index 4282a53..cf3feb6 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.19-Installation-of-software-on-operational-systems.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.19-Installation-of-software-on-operational-systems.md @@ -1,4 +1,3 @@ -#iso27002/2022/EN ## 8.19 Installation of software on operational systems | Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains | diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.2-Privileged-access-rights.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.2-Privileged-access-rights.md index 9cbe003..e9422e8 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.2-Privileged-access-rights.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.2-Privileged-access-rights.md @@ -1,5 +1,3 @@ -#iso27002/2022/EN - ## 8.2 Privileged access rights | Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains | diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.21-Security-of-network-services.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.21-Security-of-network-services.md index 9ec3b9f..66c0216 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.21-Security-of-network-services.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.21-Security-of-network-services.md @@ -1,5 +1,3 @@ - - ## 8.21 Security of network services | Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains | diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.22-Segregation-of-networks.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.22-Segregation-of-networks.md index 61f0528..9449c18 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.22-Segregation-of-networks.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.22-Segregation-of-networks.md @@ -1,5 +1,3 @@ -#iso27002/2022/EN - ## 8.22 Segregation of networks | Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains | diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.24-Use-of-cryptography.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.24-Use-of-cryptography.md index e3b584b..2b5eb7a 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.24-Use-of-cryptography.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.24-Use-of-cryptography.md @@ -1,9 +1,3 @@ ---- -tags: - - iso27001/2022/EN ---- - - ## 8.24 Use of cryptography diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.25-Secure-development-life-cycle.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.25-Secure-development-life-cycle.md index 661a1a2..6a9422e 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.25-Secure-development-life-cycle.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.25-Secure-development-life-cycle.md @@ -1,8 +1,3 @@ ---- -tags: - - iso27001/2022/EN ---- - ## 8.25 Secure development life cycle | Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains | diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.26-Application-security-requirements.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.26-Application-security-requirements.md index f83b078..43a9ca1 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.26-Application-security-requirements.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.26-Application-security-requirements.md @@ -1,4 +1,3 @@ -#iso27002/2022/EN ## 8.26 Application security requirements | Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains | diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.27-Secure-system-architecture-and-engineering-principles.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.27-Secure-system-architecture-and-engineering-principles.md index 130b1a0..8795494 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.27-Secure-system-architecture-and-engineering-principles.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.27-Secure-system-architecture-and-engineering-principles.md @@ -1,8 +1,3 @@ ---- -tags: - - iso27001/2022/EN ---- - ## 8.27 Secure system architecture and engineering principles | Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains | diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.28-Secure-coding.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.28-Secure-coding.md index 1d24c99..ad6e9af 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.28-Secure-coding.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.28-Secure-coding.md @@ -1,9 +1,3 @@ ---- -tags: - - iso27001/2022/EN ---- - - | Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains | | ------------ | ----------------------------------------- | ---------------------- | -------------------------------------------------- | ---------------- | | #Preventive | #Confidentiality #Integrity #Availability | #Protect | #Application_security #System_and_network_security | #Protection | diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.29-Security-testing-in-development-and-acceptance.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.29-Security-testing-in-development-and-acceptance.md index e386602..dabba50 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.29-Security-testing-in-development-and-acceptance.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.29-Security-testing-in-development-and-acceptance.md @@ -1,5 +1,3 @@ -#iso27002/2022/EN - ## 8.29 Security testing in development and acceptance | Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains | diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.32-Change-management.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.32-Change-management.md index eb8b550..7154dcb 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.32-Change-management.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.32-Change-management.md @@ -1,4 +1,3 @@ -#iso27002/2022/EN ## 8.32 Change management | Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains | diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.5-Secure-authentication.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.5-Secure-authentication.md index 6355aa3..111ab8b 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.5-Secure-authentication.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.5-Secure-authentication.md @@ -1,5 +1,3 @@ -#iso27002/2022/EN - ## 8.5 Secure authentication | Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains | diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.7-Protection-against-malware.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.7-Protection-against-malware.md index 8ed499e..e14a23b 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.7-Protection-against-malware.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.7-Protection-against-malware.md @@ -1,6 +1,4 @@ -#iso27002/2022/EN - -# 8.7  **Protection** **against** **malware** +## 8.7  **Protection** **against** **malware** ## Control Protection against malware should be implemented and supported by appropriate user awareness. diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.8-Management-of-technical-vulnerabilities.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.8-Management-of-technical-vulnerabilities.md index 77430c6..245b592 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.8-Management-of-technical-vulnerabilities.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.8-Management-of-technical-vulnerabilities.md @@ -1,5 +1,3 @@ -#iso27002/2022/EN -x ## 8.8 Management of technical vulnerabilities diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.9-Configuration-management.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.9-Configuration-management.md index 518d996..6287b0f 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.9-Configuration-management.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.9-Configuration-management.md @@ -1,4 +1,3 @@ -#iso27002/2022/EN ## 8.9 Configuration management ### Control