Merge 27002-metadata changes: add DOCX, prepend_frontmatter.py, rename controls, delete obsolete MoC, update content

Corpus/Information security concepts MoC.md

@@ -0,0 +1,75 @@
+---
+Related:
+  - "[ISO\\_27002\\_OT 3 Terms, definitions and abbreviated terms](Standards/ISO27x/OST/27002/EN/a-3-Terms-definitions-and-abbreviated%20terms.md)"
+  - https://csiac.org/databases/acronyms/
+tags:
+  - type/MoC
+---
+[Assets](🎇%20Sparks/Assets.md)
+	[NIST Asset Types](📚️%20Literature%20notes/NIST%20Asset%20Types.md)
+	[Asset lifecycle](📚️%20Literature%20notes/Asset%20lifecycle.md)
+	[Asset ownership](🎇%20Sparks/Asset%20ownership.md)
+	[[Asset ownership DEL]]
+	[Assets, Vulnerabilities, Threats, Risks](📚️%20Literature%20notes/Assets,%20Vulnerabilities,%20Threats,%20Risks.md)
+[Assets, Vulnerabilities, Threats, Risks](🎇%20Sparks/Assets,%20Vulnerabilities,%20Threats,%20Risks.md)
+[Attack Surface Analysis](📚️%20Literature%20notes/Attack%20Surface%20Analysis.md)
+[Authentication](Standards/ISO27x/Authentication.md)
+	[Multi-factor authentication](🎇%20Sparks/Multi-factor%20authentication.md) (MFA)
+	[Passwordless Authentication](🎇%20Sparks/Passwordless%20Authentication.md)
+	[Risk-Based Authentication](🎇%20Sparks/Risk-Based%20Authentication.md)
+	[Single Sign On (SSO)](📚️%20Literature%20notes/Single%20Sign%20On%20(SSO).md)
+	[Tokens](🎇%20Sparks/Tokens.md)
+[Authorization](Standards/ISO27x/Authorization.md)
+	[Access Control](🎇%20Sparks/Access%20Control.md)
+[Awareness](🎇%20Sparks/Awareness.md)
+[BCP_Bedrijfscontinuïteitsplanning](📚️%20Literature%20notes/BCP_Bedrijfscontinuïteitsplanning.md)
+	[Business Impact Analysis (BIA)](🎇%20Sparks/Business%20Impact%20Analysis%20(BIA).md)
+	[Disaster Recovery Planning](🎇%20Sparks/Disaster%20Recovery%20Planning.md)
+[Change management MoC](MoCs/Change%20management%20MoC.md)
+[Classification](🎇%20Sparks/Classification.md)
+[Compliance](🎇%20Sparks/Compliance.md)
+[Data Breach](💡Permanent%20ideas/Data%20Breach.md)
+[Data Governance](📚️%20Literature%20notes/Data%20Governance.md)
+Frameworks
+	[ISO 27k family](../../iso27DIY-gis/reference/Examples/ISO%2027k%20family.md)
+	[NIST articles list](Standards/NIST/NIST%20articles%20list.md)
+[Governance](🎇%20Sparks/Governance.md)
+[[Hardening]]
+[Identity and Access Management (IAM)](💡Drafts%20and%20Ideas/Identity%20and%20Access%20Management%20(IAM).md)
+	[Identification](💡Drafts%20and%20Ideas/Identification.md)
+	[Authentication](Standards/ISO27x/Authentication.md)
+	[Authorization](Standards/ISO27x/Authorization.md)
+Impact
+	[Change management MoC](MoCs/Change%20management%20MoC.md)
+	[Impact of Disruption](💡Drafts%20and%20Ideas/Impact%20of%20Disruption.md)
+[Incidents](🎇%20Sparks/Incidents.md)
+[Maturity Models](📚️%20Literature%20notes/Maturity%20Models.md)
+[Metrics](📚️%20Literature%20notes/InfoSec%20Metrics.md)
+[Operational Technology](💡Drafts%20and%20Ideas/Operational%20Technology.md) or OT Security
+[Policies](📚️%20Literature%20notes/Policies.md)
+[[Posture Management]]
+[Ransomware](🎇%20Sparks/Ransomware.md)
+[Risks](🎇%20Sparks/Risks.md)
+	[Risk analysis](🎇%20Sparks/Risk%20analysis.md)
+	[Risk appetite](💡Drafts%20and%20Ideas/Risk%20appetite.md)
+	[Risk inventories](🎇%20Sparks/Risk%20inventories.md)
+	[Risk management](🎇%20Sparks/Risk%20management.md)
+	[Risk ownership](🎇%20Sparks/Risk%20ownership.md)
+	[Risk ownership](🎇%20Sparks/Risk%20ownership.md)
+	[Risk prioritization](🎇%20Sparks/Risk%20prioritization.md)
+	[Risk tolerance](🎇%20Sparks/Risk%20tolerance.md)
+	[Risk treatment](🎇%20Sparks/Risk%20treatment.md)
+	[Risks vs Threats vs Vulnerabilities](🎇%20Sparks/Risks%20vs%20Threats%20vs%20Vulnerabilities.md)
+[Roles and Responsibilities](🎇%20Sparks/Roles%20and%20Responsibilities.md)
+[Threat](📚️%20Literature%20notes/Threat.md)
+	[Threat Intelligence](🎇%20Sparks/Threat%20Intelligence.md)
+	[Security Threat Modeling](📚️%20Literature%20notes/Security%20Threat%20Modeling.md)
+	[Privacy Threat Modeling](📚️%20Literature%20notes/Privacy%20Threat%20Modeling.md)
+	[AI Threat Modeling](🎇%20Sparks/AI%20Threat%20Modeling.md)
+	[Threat Catalogues](📚️%20Literature%20notes/Threat%20Catalogues.md)
+[Vendor security MoC](🎇%20Sparks/Vendor%20security%20MoC.md) or Supply chain security
+[Vulnerability](💡Drafts%20and%20Ideas/Vulnerability.md)
+	[Bug bounty program](🎇%20Sparks/Bug%20bounty%20program.md)
+[Zero Trust](📚️%20Literature%20notes/Zero%20Trust.md)
+
+

Corpus/Standards/ISO27x/OST/27002/EN/a-5.3-Segregation-of-duties.md

@@ -11,24 +11,24 @@ Segregation of duties and areas of responsibility aims to separate conflicting d
 
 The organization should determine which duties and areas of responsibility need to be segregated. The following are examples of activities that can require segregation:
 
-a)   initiating, approving and executing a change;
+a)   initiating, approving and executing a change;
 
-b)   requesting, approving and implementing access rights;
+b)   requesting, approving and implementing access rights;
 
-c)   designing, implementing and reviewing code;
+c)   designing, implementing and reviewing code;
 
-d)   developing software and administering production systems;
+d)   developing software and administering production systems;
 
-e)   using and administering applications;
+e)   using and administering applications;
 
-f)   using applications and administering databases;
+f)   using applications and administering databases;
 
-g)   designing, auditing and assuring information security controls.
+g)   designing, auditing and assuring information security controls.
 
 
-The  possibility of collusion should be considered in designing the segregation controls. Small organizations can find segregation of duties difficult to achieve, but the principle should be applied as far as is possible and practicable. Whenever it is difficult to segregate, other controls should be considered, such as monitoring of activities, audit trails and management supervision.
+The  possibility of collusion should be considered in designing the segregation controls. Small organizations can find segregation of duties difficult to achieve, but the principle should be applied as far as is possible and practicable. Whenever it is difficult to segregate, other controls should be considered, such as monitoring of activities, audit trails and management supervision.
 
 Care should be taken when using role-based access control systems to ensure that persons are not granted conflicting roles. When there is a large number of roles, the organization should consider using automated tools to identify conflicts and facilitate their removal. Roles should be carefully defined and provisioned to minimize access problems if a role is removed or reassigned.
 
-### Other **information**
+### Other information
 No other information.

Corpus/Standards/ISO27x/OST/27002/EN/a-6.1-Screening.md

@@ -1,7 +1,3 @@
-## Control 6.1 Screening
-
-  
-
 ## 6.1 Screening
 
 | **Control type** | **Information security properties**       | **Cybersecurity concepts** | **Operational capabilities** | **Security domains**      |

Corpus/🎇 Sparks/Risks.md

@@ -1,6 +1,6 @@
 [Assets, Vulnerabilities, Threats, Risks](Assets,%20Vulnerabilities,%20Threats,%20Risks.md)
 [Vulnerability](../💡Drafts%20and%20Ideas/Vulnerability.md)
-[📗 Information security concepts MoC](../📗%20Information%20security%20concepts%20MoC.md)
+[Information security concepts MoC](../Information%20security%20concepts%20MoC.md)
 [Assets, Vulnerabilities, Threats, Risks](../📚️%20Literature%20notes/Assets,%20Vulnerabilities,%20Threats,%20Risks.md)
 
 

Corpus/💡Drafts and Ideas/Information Security.md

@@ -1,3 +1,3 @@
-- [📗 Information security concepts MoC](../📗%20Information%20security%20concepts%20MoC.md)
+- [Information security concepts MoC](../Information%20security%20concepts%20MoC.md)
 - [🗃 Standards and Regulations for information security](../Standards/other/🗃%20Standards%20and%20Regulations%20for%20information%20security.md)
 

Corpus/📗 Information security concepts MoC.md

@@ -1,6 +1,12 @@
 ---
 Related:
+<<<<<<< HEAD
   - "[ISO\\_27002\\_OT 3 Terms, definitions and abbreviated terms](Standards/ISO27x/OST/27002/EN/a-3-Terms-definitions-and-abbreviated-terms.md)"
+||||||| 2d92263
+  - "[ISO\\_27002\\_OT 3 Terms, definitions and abbreviated terms](Standards/ISO27x/OST/27002/EN/ISO_27002_OT%203%20Terms,%20definitions%20and%20abbreviated%20terms.md)"
+=======
+  - "[ISO\\_27002\\_OT 3 Terms, definitions and abbreviated terms](Standards/ISO27x/OST/27002/EN/a-3-Terms-definitions-and-abbreviated%20terms.md)"
+>>>>>>> 27002-metadata
   - https://csiac.org/databases/acronyms/
 tags:
   - type/MoC