Moved a directory, changed some filenames
This commit is contained in:
parent
ae27a60bcf
commit
347706835e
195 changed files with 696 additions and 255 deletions
|
Before Width: | Height: | Size: 286 KiB After Width: | Height: | Size: 286 KiB |
|
|
@ -31,7 +31,7 @@ IG3 assets contain sensitive information or functions that are subject to regula
|
|||
Safeguards selected for IG3 must abate targeted attacks from a sophisticated adversary and reduce the impact of zero-day attacks.
|
||||
|
||||
|
||||
|
||||
|
||||
Source: CIS Controls v8.1 PDF, pp 8-12
|
||||
|
||||
|
||||
|
Before Width: | Height: | Size: 57 KiB After Width: | Height: | Size: 57 KiB |
|
|
@ -1,12 +0,0 @@
|
|||
# Authentication
|
||||
Authentication is the proof of identity that is achieved through providing credentials to the access control mechanism.
|
||||
|
||||
|
||||
|
||||
See also:
|
||||
- [a-8.5-Secure-authentication](OST/27002/EN/a-8.5-Secure-authentication.md)
|
||||
- [Authentication Methods Used for Network Security](../../Information%20Security/Authentication%20Methods%20Used%20for%20Network%20Security.md)
|
||||
- [Identity and Access Management (IAM)](../../Information%20Security/Identity%20and%20Access%20Management%20(IAM).md)
|
||||
- [Authorization](Authorization.md)
|
||||
- [Identification](../../Information%20Security/Identification.md)
|
||||
|
||||
|
|
@ -1,13 +0,0 @@
|
|||
# Authorization
|
||||
Authorization is the mechanism that determines the access level(s) of the subjects to the objects.
|
||||
|
||||
See also:
|
||||
- [Authorization vs Access Control](../../ISMS/Authorization%20vs%20Access%20Control.md)
|
||||
- [Access Control Models](../../ISMS/Access%20Control%20Models.md)
|
||||
- [Authentication](Authentication.md)
|
||||
- [Identification](../../Information%20Security/Identification.md)
|
||||
- [CASSM Consumer Authentication Strength Maturity Model](../../Information%20Security/CASSM%20Consumer%20Authentication%20Strength%20Maturity%20Model.md)
|
||||
- [Identity and Access Management (IAM)](../../Information%20Security/Identity%20and%20Access%20Management%20(IAM).md)
|
||||
- [a-5.15-Access-control](OST/27002/EN/a-5.15-Access-control.md) ???
|
||||
|
||||
|
||||
|
|
@ -1,54 +0,0 @@
|
|||
---
|
||||
tags:
|
||||
- iso27001
|
||||
- iso27002
|
||||
- type/MoC
|
||||
- nen7510
|
||||
---
|
||||
# ISO and NEN security standards
|
||||
## ISO 27001 & 27002
|
||||
|
||||
Indexes:
|
||||
- [ISO 27001:2022 EN](ISO_27001_2022_Index.md)
|
||||
- [ISO 27002:2022 EN](ISO_27001_2022_Index%20EXT.md) – Includes references to 2013 version!
|
||||
- [ISO 27001:2023 NL](OST/ISO_27001_2023_NL_Index.md)
|
||||
- [ISO 27002:2022 NL](OST/ISO_27002_2022_NL_Index.md)
|
||||
- [Vertaaltabel Engels-Nederlands](ISO_27002_2022_Vertaaltabel_Engels_Nederlands.md)
|
||||
|
||||
EN source tekst:
|
||||
- ISO 27001:2022 [PDF](OST/27001/EN/ISO_27001_2022_EN.pdf)
|
||||
- ISO 27002:2022 [PDF](OST/27002/EN/ISO_27002_2022_EN.pdf)
|
||||
|
||||
NL brontekst:
|
||||
- ISO 27001:2023 [PDF](OST/27001/NL/ISO_27001_2023_NL_PDF.md)
|
||||
- ISO 27002:2022 [PDF](OST/ISO_27002_2022_NL_PDF.md)
|
||||
|
||||
|
||||
See also:
|
||||
- [Plain English ISO IEC 27002 2005 from Praxiom](https://www.praxiom.com/iso-17799-objectives.htm)
|
||||
- [Changes in ISO 27001:2022 (table)](OST/27001/Detailed%20comparison%20between%202017%20and%202022.md)
|
||||
- [[ISO 27002 2022 What's New]]
|
||||
- [ISO_27001_2023_NL_Aanpassingen](OST/ISO_27001_2023_NL_Aanpassingen.md)
|
||||
- [Changes in ISO 27001_2022_Advisera](../../../../iso27DIY-gis/reference/Changes%20in%20ISO%2027001_2022_Advisera.md)
|
||||
- [IBB op hoofdlijnen](OST/IBB%20op%20hoofdlijnen.md)
|
||||
- [ISO 27001 2023 Processen en Artefacten](OST/ISO%2027001%202023%20Processen%20en%20Artefacten.md)
|
||||
- [Advised Documents for ISO 27001](../../../../iso27DIY-gis/reference/Advised%20Documents%20for%20ISO%2027001.md)
|
||||
- [Types of Controls](Types%20of%20Controls.md)
|
||||
|
||||
Depreciated:
|
||||
[ISO_27001_2013_EN_Index](legacy/ISO%2027001%202013/ISO_27001_2013_EN_Index.md)
|
||||
[ISO_27001_2017_NL_Index](legacy/ISO%2027001%202017%20NL/ISO_27001_2017_NL_Index.md)
|
||||
|
||||
## Related ISO standards
|
||||
- [ISO 27k family](../../../../iso27DIY-gis/reference/Examples/ISO%2027k%20family.md)
|
||||
- [ISO 27000](ISO%2027000%20MoC.md)
|
||||
- [ISO 27005](ISO%2027005.md)
|
||||
- NEN 7510
|
||||
- [NEN 7510-1:2024](OST/7510/NEN7510_2024_NL_1.md)
|
||||
- [NEN 7510-2:2024](OST/7510/NEN7510_2024_NL_2.md)
|
||||
- [NEN 7510-1:2024 Bijlage A](OST/7510/NEN7510_2024_NL_1_A.md)
|
||||
- [NEN 7510-1:2024 Bijlage B](OST/7510/NEN7510_2024_NL_1_B.md)
|
||||
- [NEN 7510-1:2024 Bijlage C](OST/7510/NEN7510_2024_NL_1_C.md)
|
||||
- [NEN 7510-1:2024 vs. ISO 27001:2022](OST/7510/NEN%207510%20vs%20ISO%2027001.md)
|
||||
- [Lijst met relevante risico's](OST/7510/NEN7510%20Risicos.md)
|
||||
|
||||
|
|
@ -1,52 +0,0 @@
|
|||
#iso27001/2022/EN
|
||||
# ISO 27001:2022 EN Index
|
||||
|
||||
| Clause | Title |
|
||||
| ---------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
|
||||
| **F** | **[Foreword](../ISO-27001-OST/ISO27001-EN-2022/ISO_27001_OT%20F%20Foreword.md)** |
|
||||
| **0** | **[Introduction](../ISO-27001-OST/ISO27001-EN-2022/c-0-Introduction.md)** |
|
||||
| **1** | **[Scope](../ISO-27001-OST/ISO27001-EN-2022/c-1-Scope.md)** |
|
||||
| **2** | **[Normative references](../ISO-27001-OST/ISO27001-EN-2022/c-2-Normative-references.md)** |
|
||||
| **3** | **[Terms and definitions](../ISO-27001-OST/ISO27001-EN-2022/ISO_27001_OT%20Terms%20and%20definitions.md)** |
|
||||
| **4** | **[Context of the organization](ISO_27001_2022_4_MoC%20Context%20of%20the%20organization.md)** |
|
||||
| 4.1 | [Understanding the organization and its context ](../../MoCs/ISO_27001_2022_4.1_MoC%20Understanding%20the%20organization%20and%20its%20context.md) |
|
||||
| 4.2 | [Understanding the needs and expectations of interested parties ](../../MoCs/ISO_27001_2022_4.2_MoC%20Understanding%20the%20needs%20and%20expectations%20of%20interested%20parties.md) |
|
||||
| 4.3 | [Determining the scope of the information security management system ](../../MoCs/ISO_27001_2022_4.3_MoC%20Determining%20the%20scope%20of%20the%20information%20security%20management%20system.md) |
|
||||
| 4.4 | [Information security management system ](../../MoCs/ISO_27001_2022_4.4_MoC%20Information%20security%20management%20system.md) |
|
||||
| **5** | **[Leadership](../../MoCs/ISO_27001_2022_5_MoC%20Leadership.md)** |
|
||||
| 5.1 | [Leadership and commitment ](../../MoCs/ISO_27001_2022_5.1_MoC%20Leadership%20and%20commitment.md) |
|
||||
| 5.2 | [Policy ](../../MoCs/ISO_27001_2022_5.2_MoC%20Policy.md) |
|
||||
| 5.3 | [Organizational roles, responsibilities and authorities ](../../MoCs/ISO_27001_2022_5.3_MoC%20Organizational%20roles,%20responsibilities%20and%20authorities.md) |
|
||||
| **6** | **[Planning](../../MoCs/ISO_27001_2022_6_MoC%20Planning.md)** |
|
||||
| 6.1 | [Actions to address risks and opportunities ](../../MoCs/ISO_27001_2022_6.1_MoC%20Actions%20to%20address%20risks%20and%20opportunities.md) |
|
||||
| 6.1.1 | [General ](../../MoCs/ISO_27001_2022_6.1.1_MoC%20General.md) |
|
||||
| 6.1.2 | [Information security risk assessment ](../../ISMS/Qualifying%20vs%20quantifying%20risks.md) |
|
||||
| 6.1.3 | [Information security risk treatment ](../../MoCs/ISO_27001_2022_6.1.3_MoC%20Information%20security%20risk%20treatment.md) |
|
||||
| 6.2 | [Information security objectives and planning to achieve them ](../../MoCs/ISO_27001_2022_6.2_MoC%20Information%20security%20objectives%20and%20planning%20to%20achieve%20them.md) |
|
||||
| 6.3 | [Planning of changes ](../../MoCs/ISO_27001_2022_6.3_MoC%20Planning%20of%20changes.md) |
|
||||
| **7** | **[Support](../../MoCs/ISO_27001_2022_7_MoC%20Support.md)** |
|
||||
| 7.1 | [ Resources ](../../MoCs/ISO_27001_2022_7.1_MoC%20Resources.md) |
|
||||
| 7.2 | [ Competence ](../../MoCs/ISO_27001_2022_7.2_MoC%20Competence.md) |
|
||||
| 7.3 | [ Awareness ](../../MoCs/ISO_27001_2022_7.3_MoC%20Awareness.md) |
|
||||
| 7.4 | [ Communication ](../../MoCs/ISO_27001_2022_7.4_MoC%20Communication.md) |
|
||||
| 7.5 | [ Documented information ](../../MoCs/ISO_27001_2022_7.5_MoC%20Documented%20information.md) |
|
||||
| 7.5.1 | General ↑ |
|
||||
| 7.5.2 | Creating and updating ↑ |
|
||||
| 7.5.3 | Control of documented information ↑ |
|
||||
| **8** | **[Operation](../../MoCs/ISO_27001_2022_8_MoC%20Operation.md)** |
|
||||
| 8.1 | [Operational planning and control ](../../MoCs/ISO_27001_2022_8.1_MoC%20Operational%20planning%20and%20control.md) |
|
||||
| 8.2 | [Information security risk assessment ](../../MoCs/ISO_27001_2022_8.2_MoC%20Information%20security%20risk%20assessment.md) |
|
||||
| 8.3 | [Information security risk treatment ](../../MoCs/ISO_27001_2022_8.3_MoC%20Information%20security%20risk%20treatment.md) |
|
||||
| **9** | **[Performance evaluation](../../MoCs/ISO_27001_2022_9_MoC%20Performance%20evaluation.md)** |
|
||||
| 9.1 | [Monitoring, measurement, analysis and evaluation ](../../MoCs/ISO_27001_2022_9.1_MoC%20Monitoring,%20measurement,%20analysis%20and%20evaluation.md) |
|
||||
| 9.2 | [Internal audit ](../../MoCs/ISO_27001_2022_9.2_MoC%20Internal%20audit.md) |
|
||||
| 9.2.1 | General ↑ |
|
||||
| 9.2.2 | Internal audit programme ↑ |
|
||||
| 9.3 | [Management review ](../../MoCs/ISO_27001_2022_9.3_MoC%20Management%20review.md) |
|
||||
| 9.3.1 | General ↑ |
|
||||
| 9.3.2 | Management review inputs ↑ |
|
||||
| 9.3.3 | Management review results ↑ |
|
||||
| **10** | **[Improvement](../../MoCs/ISO_27001_2022_10_MoC%20Improvement.md)** |
|
||||
| 10.1 | [Continual improvement ](../../MoCs/ISO_27001_2022_10.1_MoC%20Continual%20improvement.md) |
|
||||
| 10.2 | [Nonconformity and corrective action ](../../MoCs/ISO_27001_2022_10.2_MoC%20Nonconformity%20and%20corrective%20action.md) |
|
||||
| **[Annex A](ISO_27001_2022_Index%20EXT.md)** | **Information security controls reference** |
|
||||
|
|
@ -13,7 +13,7 @@
|
|||
| Volgende herzieningsdatum | [Datum] |
|
||||
| Status | [Concept/Goedgekeurd] |
|
||||
|
||||
*Noot: Oorspronkelijke versie gebaseerd op ISO/IEC 27001:2013; [Toevoegingen IBB ISO27001-2022](../Toevoegingen%20IBB%20ISO27001-2022.md) zijn hierin verwerkt.*
|
||||
*Noot: Oorspronkelijke versie gebaseerd op ISO/IEC 27001:2013; [Nieuwe beheersmaatregelen in ISO 27001-2022](../about/Nieuwe%20beheersmaatregelen%20in%20ISO%2027001-2022.md) zijn hierin verwerkt.*
|
||||
|
||||
## Inhoudsopgave
|
||||
|
||||
|
|
|
|||
|
|
@ -1,19 +0,0 @@
|
|||
# MoC Roles and responsibilities in ISO 27001
|
||||
|
||||
**See**:
|
||||
|
||||
Recent:
|
||||
- [Explicitly mentioned roles in ISO 27001](Explicitly%20mentioned%20roles%20in%20ISO%2027001.md)
|
||||
- [ISO 27001 Leadership Responsibilities](ISO%2027001%20Leadership%20Responsibilities.md)
|
||||
- [ISO 27001 Top Management responsibilities](ISO%2027001%20Top%20Management%20responsibilities.md)
|
||||
- [Governance model for Policies and Controls](Governance%20model%20for%20Policies%20and%20Controls.md)
|
||||
- [Basic ISMS governance model](../../ISMS/Basic%20ISMS%20governance%20model.md)
|
||||
- [m400-more-governance](../../../../iso27DIY-gis/guide/m400/m400-more-governance.md)
|
||||
|
||||
Older:
|
||||
- [Roles and Responsibilities](../../ISMS/Roles%20and%20Responsibilities.md)
|
||||
- [Risk ownership](../../Information%20Security/Risks/Risk%20ownership.md)
|
||||
- [Ideas on Risk Ownership](../../ISMS/Ideas%20on%20Risk%20Ownership.md)
|
||||
- [Asset ownership](../../Sparks/Asset%20ownership.md)
|
||||
- [Procuratieregeling](../../Various/Procuratieregeling.md)
|
||||
- [Control ownership](../../ISMS/Control%20ownership.md)
|
||||
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
According to [Mark Bernard](https://www.linkedin.com/posts/markesbernard_the-changes-to-isoiec-27001-isms-are-not-activity-7344467878198329344-nZN7) , 28 juni 2025, "The changes to ISO/IEC 27001 ISMS are not straightforward. Some believe that the total number of controls was reduced; however, the truth is that new controls were added while existing controls were consolidated and streamlined."
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
## New ISMS Control Objectives - ISO 27001:2022 CLAUSE 4 TO 10
|
||||
|
|
|
|||
|
|
@ -15,4 +15,4 @@ status: active
|
|||
For the purposes of this document, the terms and definitions given in
|
||||
ISO/IEC 27000 apply.
|
||||
|
||||
[ISO 27000 MoC](../../../ISO%2027000%20MoC.md)
|
||||
[ISO 27000 MoC](../../../about/ISO%2027000%20MoC.md)
|
||||
|
|
@ -15,5 +15,5 @@ status: active
|
|||
|
||||
The organization shall determine external and internal issues that are relevant to its purpose and that affect its ability to achieve the intended outcome(s) of its information security management system.
|
||||
|
||||
NOTE Determining these issues refers to establishing the external and internal context of the organization considered in [Clause 5.4.1](../../../ISO31000-5.4.1-Understanding-the-organization-and-its-context.md) of ISO 31000:2018.
|
||||
NOTE Determining these issues refers to establishing the external and internal context of the organization considered in [Clause 5.4.1](../../../about/ISO31000-5.4.1-Understanding-the-organization-and-its-context.md) of ISO 31000:2018.
|
||||
|
||||
|
|
|
|||
|
|
@ -1,53 +1,53 @@
|
|||
# Index to the original texts of ISO 27001
|
||||
2022 version
|
||||
|
||||
| Clause | Title |
|
||||
| ----------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|
||||
| **F** | **[Foreword](27001/EN/c-f-Foreword.md)** |
|
||||
| Clause | Title |
|
||||
| ----------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|
||||
| **F** | **[Foreword](27001/EN/c-f-Foreword.md)** |
|
||||
| **0** | **[Introduction](27001/EN/c-0-Introduction.md)** |
|
||||
| **1** | **[Scope](27001/EN/c-1-Scope.md)** |
|
||||
| **2** | **[Normative references](27001/EN/c-2-Normative-references.md)** |
|
||||
| **3** | **[Terms and definitions](27001/EN/c-3-Terms-and-definitions.md)** |
|
||||
| **4** | **Context of the organization** |
|
||||
| **4** | **Context of the organization** |
|
||||
| 4.1 | [Understanding the organization and its context ](27001/EN/c-4.1-Understanding-the-organization-and-its-context.md) |
|
||||
| 4.2 | [Understanding the needs and expectations of interested parties ](27001/EN/c-4.2-Understanding-the-needs-and-expectations-of-interested-parties.md) |
|
||||
| 4.3 | [Determining the scope of the information security management system ](27001/EN/c-4.3-Determining-the-scope-of-the-information-security-management-system.md) |
|
||||
| 4.4 | [Information security management system ](27001/EN/c-4.4-Information-security-management-system.md) |
|
||||
| **5** | **Leadership** |
|
||||
| **5** | **Leadership** |
|
||||
| 5.1 | [Leadership and commitment ](27001/EN/c-5.1-Leadership-and-commitment.md) |
|
||||
| 5.2 | [Policy ](27001/EN/c-5.2-Policy.md) |
|
||||
| 5.3 | [Organizational roles, responsibilities and authorities ](27001/EN/c-5.3-Organizational-roles-responsibilities-and-authorities.md) |
|
||||
| **6** | **Planning** |
|
||||
| 6.1 | Actions to address risks and opportunities *(no content)* |
|
||||
| **6** | **Planning** |
|
||||
| 6.1 | Actions to address risks and opportunities *(no content)* |
|
||||
| 6.1.1 | [General ](27001/EN/c-6.1.1-General.md) |
|
||||
| 6.1.2 | [Information security risk assessment ](27001/EN/c-6.1.2-Information-security-risk-assessment.md) |
|
||||
| 6.1.3 | [Information security risk treatment ](27001/EN/c-6.1.3-Information-security-risk-treatment.md) |
|
||||
| 6.2 | [Information security objectives and planning to achieve them ](27001/EN/c-6.2-Information-security-objectives-and-planning-to-achieve-them.md) |
|
||||
| 6.3 | [Planning of changes ](27001/EN/c-6.3-Planning-of-changes.md) |
|
||||
| **7** | **Support** |
|
||||
| **7** | **Support** |
|
||||
| 7.1 | [ Resources ](27001/EN/c-7.1-Resources.md) |
|
||||
| 7.2 | [ Competence ](27001/EN/c-7.2-Competence.md) |
|
||||
| 7.3 | [ Awareness ](27001/EN/c-7.3-Awareness.md) |
|
||||
| 7.4 | [ Communication ](27001/EN/c-7.4-Communication.md) |
|
||||
| 7.5 | [ Documented information ](27001/EN/c-7.5-Documented-information.md) |
|
||||
| 7.5.1 | General ↑ |
|
||||
| 7.5.2 | Creating and updating ↑ |
|
||||
| 7.5.3 | Control of documented information ↑ |
|
||||
| **8** | **Operation** |
|
||||
| 7.5.1 | General ↑ |
|
||||
| 7.5.2 | Creating and updating ↑ |
|
||||
| 7.5.3 | Control of documented information ↑ |
|
||||
| **8** | **Operation** |
|
||||
| 8.1 | [Operational planning and control ](27001/EN/c-8.1-Operational-planning-and-control.md) |
|
||||
| 8.2 | [Information security risk assessment ](27001/EN/c-8.2-Information-security-risk-assessment.md) |
|
||||
| 8.3 | [Information security risk treatment ](27001/EN/c-8.3-Information-security-risk-treatment.md) |
|
||||
| **9** | **Performance evaluation** |
|
||||
| **9** | **Performance evaluation** |
|
||||
| 9.1 | [Monitoring, measurement, analysis and evaluation ](27001/EN/c-9.1-Monitoring-measurement-analysis-and-evaluation.md) |
|
||||
| 9.2 | [Internal audit ](27001/EN/c-9.2-Internal-audit.md) |
|
||||
| 9.2.1 | General ↑ |
|
||||
| 9.2.2 | Internal audit programme ↑ |
|
||||
| 9.2.1 | General ↑ |
|
||||
| 9.2.2 | Internal audit programme ↑ |
|
||||
| 9.3 | [Management review ](27001/EN/c-9.3-Management-review.md) |
|
||||
| 9.3.1 | General ↑ |
|
||||
| 9.3.2 | Management review inputs ↑ |
|
||||
| 9.3.3 | Management review results ↑ |
|
||||
| **10** | **Improvement** |
|
||||
| 9.3.1 | General ↑ |
|
||||
| 9.3.2 | Management review inputs ↑ |
|
||||
| 9.3.3 | Management review results ↑ |
|
||||
| **10** | **Improvement** |
|
||||
| 10.1 | [Continual improvement ](27001/EN/c-10.1-Continual-improvement.md) |
|
||||
| 10.2 | [Nonconformity and corrective action ](27001/EN/c-10.2-Nonconformity-and-corrective-action.md) |
|
||||
| **Annex A** | **[Information security controls reference ](Index%20to%20the%20original%20texts%20of%20ISO%2027002.md)** |
|
||||
| **Annex A** | **[Information security controls reference ](ISO_27002_2022_EN_Index.md)** |
|
||||
|
||||
|
|
@ -32,7 +32,7 @@ A very important thing to bring up early, is **risk ownership**. We need to be c
|
|||
|
||||
As an auditor I expect to see a clearly defined and understandable risk assessment process, and evidence for its execution, by maybe getting somebody to take me through risk assessments that have been performed.
|
||||
|
||||
Although Clause 6.1.2 tells you what should be considered when doing risk assessments, it does not tell you *how* to conduct a risk assessment. It doesn't tell you to use a risk calculation scale of 1 to 10, or high, medium and low, or using some other kind of formula, and neither does the ISO 27002 implementation guidance, of the [ISO 27005](../ISO%2027005.md) (Guidance on managing information security risks).
|
||||
Although Clause 6.1.2 tells you what should be considered when doing risk assessments, it does not tell you *how* to conduct a risk assessment. It doesn't tell you to use a risk calculation scale of 1 to 10, or high, medium and low, or using some other kind of formula, and neither does the ISO 27002 implementation guidance, of the [ISO 27005](../about/ISO%2027005.md) (Guidance on managing information security risks).
|
||||
|
||||
What it *does* tell us, is that we need to have an agreed way of conducting risk assessments, and that we need predefined risk acceptance criteria.
|
||||
|
||||
|
|
|
|||
|
|
@ -33,7 +33,7 @@ This was previously called risk transfer, but this term was dropped because you
|
|||
|
||||
### Risk modification by implementing controls
|
||||
|
||||
Clause 8.3 of [ISO 27005](../ISO%2027005.md), the guidance document on risk management[^1], says that we shall select controls in order to address risks. These can be preventative, detective or corrective in nature.
|
||||
Clause 8.3 of [ISO 27005](../about/ISO%2027005.md), the guidance document on risk management[^1], says that we shall select controls in order to address risks. These can be preventative, detective or corrective in nature.
|
||||
|
||||
Which controls will be implemented by the organization, is specified in the Statement of Applicability (6.1.3d).
|
||||
|
||||
|
|
|
|||
Binary file not shown.
|
After Width: | Height: | Size: 91 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 148 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 156 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 87 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 195 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 96 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 132 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 142 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 102 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 67 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 78 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 76 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 112 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 100 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 144 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 96 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 190 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 76 KiB |
|
|
@ -7,6 +7,7 @@ tags:
|
|||
- PECB-LA
|
||||
isotags: []
|
||||
status: active
|
||||
processed: true
|
||||
---
|
||||
# S01 Course objectives and structure
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ tags:
|
|||
- PECB-LA
|
||||
isotags: []
|
||||
status: active
|
||||
processed: true
|
||||
---
|
||||
# S02.1 Introduction to management systems and ISO 27000 family of standards
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ tags:
|
|||
- PECB-LA
|
||||
isotags: []
|
||||
status: active
|
||||
processed: true
|
||||
---
|
||||
# S02.2 Introduction to management systems and ISO 27000 family of standards
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ tags:
|
|||
- PECB-LA
|
||||
isotags: []
|
||||
status: active
|
||||
processed: true
|
||||
---
|
||||
# S02.3 Introduction to management systems and ISO 27000 family of standards
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ tags:
|
|||
- PECB-LA
|
||||
isotags: []
|
||||
status: active
|
||||
processed: true
|
||||
---
|
||||
# S03 Certification process
|
||||
|
||||
|
|
|
|||
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
|
@ -7,6 +7,7 @@ tags:
|
|||
- PECB-LA
|
||||
isotags: []
|
||||
status: active
|
||||
processed: false
|
||||
---
|
||||
# S06.1 Fundamental audit concepts and principles
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ tags:
|
|||
- PECB-LA
|
||||
isotags: []
|
||||
status: active
|
||||
processed: false
|
||||
---
|
||||
# S06.2 Fundamental audit concepts and principles
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ tags:
|
|||
- PECB-LA
|
||||
isotags: []
|
||||
status: active
|
||||
processed: false
|
||||
---
|
||||
# S06.3 Fundamental audit concepts and principles
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ tags:
|
|||
- PECB-LA
|
||||
isotags: []
|
||||
status: active
|
||||
processed: false
|
||||
---
|
||||
# S06.4 Fundamental audit concepts and principles
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ tags:
|
|||
- PECB-LA
|
||||
isotags: []
|
||||
status: active
|
||||
processed: false
|
||||
---
|
||||
# S06.5 Fundamental audit concepts and principles
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ tags:
|
|||
- PECB-LA
|
||||
isotags: []
|
||||
status: active
|
||||
processed: false
|
||||
---
|
||||
# S06.6 Fundamental audit concepts and principles
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ tags:
|
|||
- PECB-LA
|
||||
isotags: []
|
||||
status: active
|
||||
processed: false
|
||||
---
|
||||
# S07.1 The impact of trends and technology in auditing
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ tags:
|
|||
- PECB-LA
|
||||
isotags: []
|
||||
status: active
|
||||
processed: false
|
||||
---
|
||||
# S07.2 The impact of trends and technology in auditing
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ tags:
|
|||
- PECB-LA
|
||||
isotags: []
|
||||
status: active
|
||||
processed: false
|
||||
---
|
||||
# S08.1 Evidence based auditing
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ tags:
|
|||
- PECB-LA
|
||||
isotags: []
|
||||
status: active
|
||||
processed: false
|
||||
---
|
||||
# S08.2 Evidence based auditing
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ tags:
|
|||
- PECB-LA
|
||||
isotags: []
|
||||
status: active
|
||||
processed: false
|
||||
---
|
||||
# S09 Risk based audit
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ tags:
|
|||
- PECB-LA
|
||||
isotags: []
|
||||
status: active
|
||||
processed: false
|
||||
---
|
||||
# S10.1 Initiation of the audit process
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ tags:
|
|||
- PECB-LA
|
||||
isotags: []
|
||||
status: active
|
||||
processed: false
|
||||
---
|
||||
# S10.2 Initiation of the audit process
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ tags:
|
|||
- PECB-LA
|
||||
isotags: []
|
||||
status: active
|
||||
processed: false
|
||||
---
|
||||
# S10.3 Initiation of the audit process
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ tags:
|
|||
- PECB-LA
|
||||
isotags: []
|
||||
status: active
|
||||
processed: false
|
||||
---
|
||||
# S11.1 Stage 1 audit
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ tags:
|
|||
- PECB-LA
|
||||
isotags: []
|
||||
status: active
|
||||
processed: false
|
||||
---
|
||||
# S11.2 Stage 1 audit
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ tags:
|
|||
- PECB-LA
|
||||
isotags: []
|
||||
status: active
|
||||
processed: false
|
||||
---
|
||||
# S12.1 Preparing for stage 2 audit
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ tags:
|
|||
- PECB-LA
|
||||
isotags: []
|
||||
status: active
|
||||
processed: false
|
||||
---
|
||||
# S12.2 Preparing for stage 2 audit
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ tags:
|
|||
- PECB-LA
|
||||
isotags: []
|
||||
status: active
|
||||
processed: false
|
||||
---
|
||||
# S13.1 Stage 2 audit
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ tags:
|
|||
- PECB-LA
|
||||
isotags: []
|
||||
status: active
|
||||
processed: false
|
||||
---
|
||||
# S13.2 Stage 2 audit
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ tags:
|
|||
- PECB-LA
|
||||
isotags: []
|
||||
status: active
|
||||
processed: false
|
||||
---
|
||||
# S14.1 Communication during the audit
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ tags:
|
|||
- PECB-LA
|
||||
isotags: []
|
||||
status: active
|
||||
processed: false
|
||||
---
|
||||
# S14.2 Communication during the audit
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ tags:
|
|||
- PECB-LA
|
||||
isotags: []
|
||||
status: active
|
||||
processed: false
|
||||
---
|
||||
# S15.1 Audit procedures
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ tags:
|
|||
- PECB-LA
|
||||
isotags: []
|
||||
status: active
|
||||
processed: false
|
||||
---
|
||||
# S15.2 Audit procedures
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ tags:
|
|||
- PECB-LA
|
||||
isotags: []
|
||||
status: active
|
||||
processed: false
|
||||
---
|
||||
# S15.3 Audit procedures
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ tags:
|
|||
- PECB-LA
|
||||
isotags: []
|
||||
status: active
|
||||
processed: false
|
||||
---
|
||||
# S15.4 Audit procedures
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ tags:
|
|||
- PECB-LA
|
||||
isotags: []
|
||||
status: active
|
||||
processed: false
|
||||
---
|
||||
# S15.5 Audit procedures
|
||||
|
||||
|
|
|
|||
|
|
@ -10,6 +10,7 @@ isotags:
|
|||
- C.4.2
|
||||
- C.7.5.3
|
||||
status: active
|
||||
processed: false
|
||||
---
|
||||
# S16.1 Creating audit test plans
|
||||
|
||||
|
|
|
|||
|
|
@ -25,6 +25,7 @@ isotags:
|
|||
- C.10.1
|
||||
- C.10.2
|
||||
status: active
|
||||
processed: false
|
||||
---
|
||||
# S16.2 Creating audit test plans
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ tags:
|
|||
- PECB-LA
|
||||
isotags: []
|
||||
status: active
|
||||
processed: false
|
||||
---
|
||||
# S17.1 Drafting audit findings and nonconformity reports
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ tags:
|
|||
- PECB-LA
|
||||
isotags: []
|
||||
status: active
|
||||
processed: false
|
||||
---
|
||||
# S17.2 Drafting audit findings and nonconformity reports
|
||||
|
||||
|
|
|
|||
|
|
@ -8,6 +8,7 @@ tags:
|
|||
isotags:
|
||||
- C.7.5.2
|
||||
status: active
|
||||
processed: false
|
||||
---
|
||||
# S18 Audit documentation and quality review
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ tags:
|
|||
- PECB-LA
|
||||
isotags: []
|
||||
status: active
|
||||
processed: false
|
||||
---
|
||||
# S19.1 Closing of the audit
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ tags:
|
|||
- PECB-LA
|
||||
isotags: []
|
||||
status: active
|
||||
processed: false
|
||||
---
|
||||
# S19.2 Closing of the audit
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ tags:
|
|||
- PECB-LA
|
||||
isotags: []
|
||||
status: active
|
||||
processed: false
|
||||
---
|
||||
# S20 Evaluation of action plans by the auditor
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ tags:
|
|||
- PECB-LA
|
||||
isotags: []
|
||||
status: active
|
||||
processed: false
|
||||
---
|
||||
# S21.1 Beyond the initial audit
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ tags:
|
|||
- PECB-LA
|
||||
isotags: []
|
||||
status: active
|
||||
processed: false
|
||||
---
|
||||
# S21.2 Beyond the initial audit
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ tags:
|
|||
- PECB-LA
|
||||
isotags: []
|
||||
status: active
|
||||
processed: false
|
||||
---
|
||||
# S22.1 Managing an internal audit program
|
||||
|
||||
|
|
|
|||
|
|
@ -8,6 +8,7 @@ tags:
|
|||
isotags:
|
||||
- C.10.2
|
||||
status: active
|
||||
processed: false
|
||||
---
|
||||
# S22.2 Managing an internal audit program
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ tags:
|
|||
- PECB-LA
|
||||
isotags: []
|
||||
status: active
|
||||
processed: false
|
||||
---
|
||||
# S23.1 Closing of the training course
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ tags:
|
|||
- PECB-LA
|
||||
isotags: []
|
||||
status: active
|
||||
processed: false
|
||||
---
|
||||
# S23.2 Closing of the training course
|
||||
|
||||
|
|
|
|||
|
|
@ -0,0 +1,16 @@
|
|||
# PECB Lead Auditor Training — Transcriptions Index
|
||||
|
||||
```dataviewjs
|
||||
const files = dv.pages('"iso27diy-corp/Corpus/Standards/ISO27x/PECB-Lead-Auditor-Training/transcriptions"')
|
||||
.where(p => p.file.name !== "index")
|
||||
.sort(p => p.file.name, "asc");
|
||||
|
||||
dv.table(
|
||||
["#", "Read", "Transcription"],
|
||||
files.map((p, i) => [
|
||||
i + 1,
|
||||
p.processed ? "✅" : "⬜",
|
||||
p.file.link
|
||||
])
|
||||
);
|
||||
```
|
||||
|
|
@ -1,9 +0,0 @@
|
|||
# Privacy in ISO 27001
|
||||
|
||||
[Core concepts of Privacy](Core%20concepts%20of%20Privacy.md)
|
||||
[AVG GDPR resources](../AVG/AVG%20GDPR%20resources.md)
|
||||
|
||||
Privacy in ISO 27001:
|
||||
- [ISO 27001 A 18 Compliance](legacy/ISO%2027001%202013/ISO%2027001%20A%2018%20Compliance.md#A%2018%201%204%20Privacy%20and%20protection%20of%20personally%20identifiable%20information)
|
||||
|
||||
[Personal Health Train | Health-RI](https://www.health-ri.nl/initiatives/personal-health-train)
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
# Zero Trust and ISO 27001
|
||||
|
||||
[Zero Trust](../📚️%20Literature%20notes/Zero%20Trust.md) is a security principle that can be applied to systems and processes. [ISO 27001 A.13.2 Information transfer](legacy/ISO%2027001%202013/ISO%2027001%20A.13.2%20Information%20transfer.md) is a method to manage security risks.
|
||||
|
||||
12
Corpus/Standards/ISO27x/about/Authentication.md
Normal file
12
Corpus/Standards/ISO27x/about/Authentication.md
Normal file
|
|
@ -0,0 +1,12 @@
|
|||
# Authentication
|
||||
Authentication is the proof of identity that is achieved through providing credentials to the access control mechanism.
|
||||
|
||||
|
||||
|
||||
See also:
|
||||
- [a-8.5-Secure-authentication](../OST/27002/EN/a-8.5-Secure-authentication.md)
|
||||
- [Authentication Methods Used for Network Security](../../../Information%20Security/Authentication%20Methods%20Used%20for%20Network%20Security.md)
|
||||
- [Identity and Access Management (IAM)](../../../Information%20Security/Identity%20and%20Access%20Management%20(IAM).md)
|
||||
- [Authorization](Authorization.md)
|
||||
- [Identification](../../../Information%20Security/Identification.md)
|
||||
|
||||
13
Corpus/Standards/ISO27x/about/Authorization.md
Normal file
13
Corpus/Standards/ISO27x/about/Authorization.md
Normal file
|
|
@ -0,0 +1,13 @@
|
|||
# Authorization
|
||||
Authorization is the mechanism that determines the access level(s) of the subjects to the objects.
|
||||
|
||||
See also:
|
||||
- [Authorization vs Access Control](../../../ISMS/Authorization%20vs%20Access%20Control.md)
|
||||
- [Access Control Models](../../../ISMS/Access%20Control%20Models.md)
|
||||
- [Authentication](Authentication.md)
|
||||
- [Identification](../../../Information%20Security/Identification.md)
|
||||
- [CASSM Consumer Authentication Strength Maturity Model](../../../Information%20Security/CASSM%20Consumer%20Authentication%20Strength%20Maturity%20Model.md)
|
||||
- [Identity and Access Management (IAM)](../../../Information%20Security/Identity%20and%20Access%20Management%20(IAM).md)
|
||||
- [a-5.15-Access-control](../OST/27002/EN/a-5.15-Access-control.md) ???
|
||||
|
||||
|
||||
|
Before Width: | Height: | Size: 115 KiB After Width: | Height: | Size: 115 KiB |
Some files were not shown because too many files have changed in this diff Show more
Loading…
Add table
Add a link
Reference in a new issue