diff --git a/Corpus/Information security concepts MoC.md b/Corpus/Information security concepts MoC.md new file mode 100644 index 0000000..578f8cd --- /dev/null +++ b/Corpus/Information security concepts MoC.md @@ -0,0 +1,75 @@ +--- +Related: + - "[ISO\\_27002\\_OT 3 Terms, definitions and abbreviated terms](Standards/ISO27x/OST/27002/EN/a-3-Terms-definitions-and-abbreviated%20terms.md)" + - https://csiac.org/databases/acronyms/ +tags: + - type/MoC +--- +[Assets](🎇%20Sparks/Assets.md) + [NIST Asset Types](📚️%20Literature%20notes/NIST%20Asset%20Types.md) + [Asset lifecycle](📚️%20Literature%20notes/Asset%20lifecycle.md) + [Asset ownership](🎇%20Sparks/Asset%20ownership.md) + [[Asset ownership DEL]] + [Assets, Vulnerabilities, Threats, Risks](📚️%20Literature%20notes/Assets,%20Vulnerabilities,%20Threats,%20Risks.md) +[Assets, Vulnerabilities, Threats, Risks](🎇%20Sparks/Assets,%20Vulnerabilities,%20Threats,%20Risks.md) +[Attack Surface Analysis](📚️%20Literature%20notes/Attack%20Surface%20Analysis.md) +[Authentication](Standards/ISO27x/Authentication.md) + [Multi-factor authentication](🎇%20Sparks/Multi-factor%20authentication.md) (MFA) + [Passwordless Authentication](🎇%20Sparks/Passwordless%20Authentication.md) + [Risk-Based Authentication](🎇%20Sparks/Risk-Based%20Authentication.md) + [Single Sign On (SSO)](📚️%20Literature%20notes/Single%20Sign%20On%20(SSO).md) + [Tokens](🎇%20Sparks/Tokens.md) +[Authorization](Standards/ISO27x/Authorization.md) + [Access Control](🎇%20Sparks/Access%20Control.md) +[Awareness](🎇%20Sparks/Awareness.md) +[BCP_Bedrijfscontinuïteitsplanning](📚️%20Literature%20notes/BCP_Bedrijfscontinuïteitsplanning.md) + [Business Impact Analysis (BIA)](🎇%20Sparks/Business%20Impact%20Analysis%20(BIA).md) + [Disaster Recovery Planning](🎇%20Sparks/Disaster%20Recovery%20Planning.md) +[Change management MoC](MoCs/Change%20management%20MoC.md) +[Classification](🎇%20Sparks/Classification.md) +[Compliance](🎇%20Sparks/Compliance.md) +[Data Breach](💡Permanent%20ideas/Data%20Breach.md) +[Data Governance](📚️%20Literature%20notes/Data%20Governance.md) +Frameworks + [ISO 27k family](../../iso27DIY-gis/reference/Examples/ISO%2027k%20family.md) + [NIST articles list](Standards/NIST/NIST%20articles%20list.md) +[Governance](🎇%20Sparks/Governance.md) +[[Hardening]] +[Identity and Access Management (IAM)](💡Drafts%20and%20Ideas/Identity%20and%20Access%20Management%20(IAM).md) + [Identification](💡Drafts%20and%20Ideas/Identification.md) + [Authentication](Standards/ISO27x/Authentication.md) + [Authorization](Standards/ISO27x/Authorization.md) +Impact + [Change management MoC](MoCs/Change%20management%20MoC.md) + [Impact of Disruption](💡Drafts%20and%20Ideas/Impact%20of%20Disruption.md) +[Incidents](🎇%20Sparks/Incidents.md) +[Maturity Models](📚️%20Literature%20notes/Maturity%20Models.md) +[Metrics](📚️%20Literature%20notes/InfoSec%20Metrics.md) +[Operational Technology](💡Drafts%20and%20Ideas/Operational%20Technology.md) or OT Security +[Policies](📚️%20Literature%20notes/Policies.md) +[[Posture Management]] +[Ransomware](🎇%20Sparks/Ransomware.md) +[Risks](🎇%20Sparks/Risks.md) + [Risk analysis](🎇%20Sparks/Risk%20analysis.md) + [Risk appetite](💡Drafts%20and%20Ideas/Risk%20appetite.md) + [Risk inventories](🎇%20Sparks/Risk%20inventories.md) + [Risk management](🎇%20Sparks/Risk%20management.md) + [Risk ownership](🎇%20Sparks/Risk%20ownership.md) + [Risk ownership](🎇%20Sparks/Risk%20ownership.md) + [Risk prioritization](🎇%20Sparks/Risk%20prioritization.md) + [Risk tolerance](🎇%20Sparks/Risk%20tolerance.md) + [Risk treatment](🎇%20Sparks/Risk%20treatment.md) + [Risks vs Threats vs Vulnerabilities](🎇%20Sparks/Risks%20vs%20Threats%20vs%20Vulnerabilities.md) +[Roles and Responsibilities](🎇%20Sparks/Roles%20and%20Responsibilities.md) +[Threat](📚️%20Literature%20notes/Threat.md) + [Threat Intelligence](🎇%20Sparks/Threat%20Intelligence.md) + [Security Threat Modeling](📚️%20Literature%20notes/Security%20Threat%20Modeling.md) + [Privacy Threat Modeling](📚️%20Literature%20notes/Privacy%20Threat%20Modeling.md) + [AI Threat Modeling](🎇%20Sparks/AI%20Threat%20Modeling.md) + [Threat Catalogues](📚️%20Literature%20notes/Threat%20Catalogues.md) +[Vendor security MoC](🎇%20Sparks/Vendor%20security%20MoC.md) or Supply chain security +[Vulnerability](💡Drafts%20and%20Ideas/Vulnerability.md) + [Bug bounty program](🎇%20Sparks/Bug%20bounty%20program.md) +[Zero Trust](📚️%20Literature%20notes/Zero%20Trust.md) + + diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.3-Segregation-of-duties.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.3-Segregation-of-duties.md index fa228d7..f8858ba 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.3-Segregation-of-duties.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.3-Segregation-of-duties.md @@ -11,24 +11,24 @@ Segregation of duties and areas of responsibility aims to separate conflicting d The organization should determine which duties and areas of responsibility need to be segregated. The following are examples of activities that can require segregation: -a)   initiating, approving and executing a change; +a) initiating, approving and executing a change; -b)   requesting, approving and implementing access rights; +b) requesting, approving and implementing access rights; -c)   designing, implementing and reviewing code; +c) designing, implementing and reviewing code; -d)   developing software and administering production systems; +d) developing software and administering production systems; -e)   using and administering applications; +e) using and administering applications; -f)   using applications and administering databases; +f) using applications and administering databases; -g)   designing, auditing and assuring information security controls. +g) designing, auditing and assuring information security controls. -The  possibility of collusion should be considered in designing the segregation controls. Small organizations can find segregation of duties difficult to achieve, but the principle should be applied as far as is possible and practicable. Whenever it is difficult to segregate, other controls should be considered, such as monitoring of activities, audit trails and management supervision. +The possibility of collusion should be considered in designing the segregation controls. Small organizations can find segregation of duties difficult to achieve, but the principle should be applied as far as is possible and practicable. Whenever it is difficult to segregate, other controls should be considered, such as monitoring of activities, audit trails and management supervision. Care should be taken when using role-based access control systems to ensure that persons are not granted conflicting roles. When there is a large number of roles, the organization should consider using automated tools to identify conflicts and facilitate their removal. Roles should be carefully defined and provisioned to minimize access problems if a role is removed or reassigned. -### Other **information** +### Other information No other information. \ No newline at end of file diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-6.1-Screening.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-6.1-Screening.md index a6b01a2..602ffc2 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-6.1-Screening.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-6.1-Screening.md @@ -1,7 +1,3 @@ -## Control 6.1 Screening - - - ## 6.1 Screening | **Control type** | **Information security properties** | **Cybersecurity concepts** | **Operational capabilities** | **Security domains** | diff --git a/Corpus/🎇 Sparks/Risks.md b/Corpus/🎇 Sparks/Risks.md index 838101c..a0958dc 100644 --- a/Corpus/🎇 Sparks/Risks.md +++ b/Corpus/🎇 Sparks/Risks.md @@ -1,6 +1,6 @@ [Assets, Vulnerabilities, Threats, Risks](Assets,%20Vulnerabilities,%20Threats,%20Risks.md) [Vulnerability](../💡Drafts%20and%20Ideas/Vulnerability.md) -[📗 Information security concepts MoC](../📗%20Information%20security%20concepts%20MoC.md) +[Information security concepts MoC](../Information%20security%20concepts%20MoC.md) [Assets, Vulnerabilities, Threats, Risks](../📚️%20Literature%20notes/Assets,%20Vulnerabilities,%20Threats,%20Risks.md) diff --git a/Corpus/💡Drafts and Ideas/Information Security.md b/Corpus/💡Drafts and Ideas/Information Security.md index 7c1447e..8783fba 100644 --- a/Corpus/💡Drafts and Ideas/Information Security.md +++ b/Corpus/💡Drafts and Ideas/Information Security.md @@ -1,3 +1,3 @@ -- [📗 Information security concepts MoC](../📗%20Information%20security%20concepts%20MoC.md) +- [Information security concepts MoC](../Information%20security%20concepts%20MoC.md) - [🗃 Standards and Regulations for information security](../Standards/other/🗃%20Standards%20and%20Regulations%20for%20information%20security.md) diff --git a/Corpus/📗 Information security concepts MoC.md b/Corpus/📗 Information security concepts MoC.md index bc5c4d8..8877780 100644 --- a/Corpus/📗 Information security concepts MoC.md +++ b/Corpus/📗 Information security concepts MoC.md @@ -1,6 +1,12 @@ --- Related: +<<<<<<< HEAD - "[ISO\\_27002\\_OT 3 Terms, definitions and abbreviated terms](Standards/ISO27x/OST/27002/EN/a-3-Terms-definitions-and-abbreviated-terms.md)" +||||||| 2d92263 + - "[ISO\\_27002\\_OT 3 Terms, definitions and abbreviated terms](Standards/ISO27x/OST/27002/EN/ISO_27002_OT%203%20Terms,%20definitions%20and%20abbreviated%20terms.md)" +======= + - "[ISO\\_27002\\_OT 3 Terms, definitions and abbreviated terms](Standards/ISO27x/OST/27002/EN/a-3-Terms-definitions-and-abbreviated%20terms.md)" +>>>>>>> 27002-metadata - https://csiac.org/databases/acronyms/ tags: - type/MoC