Moved a directory, changed some filenames

Corpus/ISMS/Access Control.md

@@ -1,6 +1,6 @@
 # Access Control
 
-While [authorization](../Standards/ISO27x/Authorization.md) is primarily concerned with establishing the policies and rules that dictate access (i.e. *what* a person or system is allowed to do), **access control** is the _system_ or _process_ that enforces those defined permissions.
+While [authorization](../Standards/ISO27x/about/Authorization.md) is primarily concerned with establishing the policies and rules that dictate access (i.e. *what* a person or system is allowed to do), **access control** is the _system_ or _process_ that enforces those defined permissions.
 
 See:
 - [Gedachten over rechtenstructuren](../Information%20Security/Gedachten%20over%20rechtenstructuren.md)

Corpus/ISMS/Authorization vs Access Control.md

@@ -6,7 +6,7 @@ tags:
 
 # Authorization vs. Access Control
 
-[Authorization](../Standards/ISO27x/Authorization.md) defines _what_ a user (or system) is allowed to do, [access control ](Access%20Control.md) is the _system_ or _process_ that enforces those defined permissions.
+[Authorization](../Standards/ISO27x/about/Authorization.md) defines _what_ a user (or system) is allowed to do, [access control ](Access%20Control.md) is the _system_ or _process_ that enforces those defined permissions.
 
 ## Authorization
 
@@ -23,8 +23,8 @@ tags:
 - **What it is:** Access control is the **mechanism or system that enforces the authorization policies**. It's the technical implementation that actually grants or denies access to a resource based on the authorized permissions.
 - **The "How":** It answers the question, "How is the 'what' actually applied and managed?"
 - **Enforcement:** Access control is the act of putting those policies into practice. It involves:
-    - Checking a user's identity ([Authentication](../Standards/ISO27x/Authentication.md)).
-    - Consulting the pre-defined [Authorization](../Standards/ISO27x/Authorization.md)authorization rules.
+    - Checking a user's identity ([Authentication](../Standards/ISO27x/about/Authentication.md)).
+    - Consulting the pre-defined [Authorization](../Standards/ISO27x/about/Authorization.md)authorization rules.
     - Granting or denying access to specific resources (files, applications, data, network segments, physical locations, etc.) or actions (read, write, delete, execute).
 - **Examples:**
     - An Access Control List (ACL) on a file system that specifies which users or groups can read, write, or execute a particular file.

Corpus/ISMS/Basic ISMS governance model.md

@@ -2,7 +2,7 @@
 
 A straightforward governance structure for your Information Security Management System based on ISO 27001 and ISO 27002.
 
-*Based on [Governance model for Policies and Controls](../Standards/ISO27x/Governance%20model%20for%20Policies%20and%20Controls.md), which contains the references to the Standard.*
+*Based on [Governance model for Policies and Controls](../Standards/ISO27x/about/Governance%20model%20for%20Policies%20and%20Controls.md), which contains the references to the Standard.*
 ## Policy Lifecycle: Who Does What
 
 ### Key Players

Corpus/ISMS/Business Impact Analysis (BIA).md

@@ -8,7 +8,7 @@ A Business Impact Analysis (BIA) examines the potential impacts of disruptions,
 The outcomes help to prioritize business activities and resources to enable the resumption of product and service delivery after a (major) disruption[^1].
 
 Guidelines and tooling:
-- [Guidelines for business impact analysis ISO 22317](../Standards/ISO27x/ISO%2022317%20Guidelines%20for%20business%20impact%20analysis.md)
+- [Guidelines for business impact analysis ISO 22317](../Standards/ISO27x/about/ISO%2022317%20Guidelines%20for%20business%20impact%20analysis.md)
 - [Assessing reputational risks](../Various/Assessing%20reputational%20risks.md)
 - [BIA Workshop](../Standards/ISO27x/Implementation%20Products/BIA%20Workshop.md)
 - [TLP impact matrix](Data%20classification/Traffic%20Light%20Protocol%20TLP.md)

Corpus/ISMS/Data classification/Datatags privacy oriented data classification system.md

@@ -4,7 +4,7 @@ Science. 2015101601. October 16, 2015. http://techscience.org/a/2015101601; PDF
 
 Related:
 - [ISO 27001 A 8.2 Information classification](../../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%208.2%20Information%20classification.md)
-- [Privacy in ISO 27001](../../Standards/ISO27x/Privacy%20in%20ISO%2027001.md)
+- [Privacy in ISO 27001](../../Standards/ISO27x/about/Privacy%20in%20ISO%2027001.md)
 
 Sweeney et all have developed a privacy oriented data classification system with six levels:
 

Corpus/ISMS/Metrics for Information Security.md

@@ -25,4 +25,4 @@ W. Krag Brotby and Gary Hinson (PRAGMATIC Security Metrics, 2013) state metrics
 ![](../Various/Privacy/PRAGMATIC_security_metrics_examples.xlsx)
 
 Standards and Frameworks:
-- [ISO 27004](../Standards/ISO27x/ISO%2027004.md)
+- [ISO 27004](../Standards/ISO27x/about/ISO%2027004.md)

Corpus/ISMS/Risk analysis methods.md

@@ -4,9 +4,9 @@
 See also under [Threat](../📚️%20Literature%20notes/Threat.md)
 
 [Open Group Risk Analysis Standard (O-RA)](https://pubs.opengroup.org/security/o-ra/)
-[Open Group FAIR \ ISO 27005 Cookbook for Risk Assessment](../Standards/ISO27x/FAIR%20ISO%2027005%20Cookbook.pdf)
+[Open Group FAIR \ ISO 27005 Cookbook for Risk Assessment](../Standards/ISO27x/about/FAIR%20ISO%2027005%20Cookbook.pdf)
 
-[SURF Toolkit risicobeoordeling](../Standards/SURF%20Toolkit%20risicobeoordeling.md)
+[SURF Toolkit risicobeoordeling](../Standards/SURF/SURF%20Toolkit%20risicobeoordeling.md)
 	
 [](../Information%20Security/Risks/Risk_Assessment_Process.gif)
 

Corpus/ISMS/Stakeholder Analysis.md

@@ -6,4 +6,4 @@ Different stakeholders have different interests. Think of your stereotypical IT
 
 ## Related
 - [ISO 27001_OT C 4 Context of the organization](../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001_OT%20C%204%20Context%20of%20the%20organization.md#4%202%20Understanding%20the%20needs%20and%20expectations%20of%20interested%20parties)
-- [ISO31000-5.4.1-Understanding-the-organization-and-its-context](../Standards/ISO27x/ISO31000-5.4.1-Understanding-the-organization-and-its-context.md)
+- [ISO31000-5.4.1-Understanding-the-organization-and-its-context](../Standards/ISO27x/about/ISO31000-5.4.1-Understanding-the-organization-and-its-context.md)