richardk/iso27diy-corp
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Renamed some folders

Browse source
This commit is contained in:
Richard Kranendonk 2026-04-29 14:20:35 +02:00
parent 3542083f69
commit 3c800ae860
278 changed files with 113 additions and 113 deletions
Download patch file Download diff file Expand all files Collapse all files

6
Corpus/💡Drafts and Ideas/Context, Strategy, and Leadership/Sources for the Context sessions.md
View file

@ -9,10 +9,10 @@
[Context analysis](../../📚️%20Literature%20notes/Context%20analysis.md)
## Mark I content
[ISO27DIY Video A.4 Context and Scope - Internal issues](../../Standards/ISO27x/archive/iso27DIY%20mk%20I/ISO27DIY%20Video%20A.4%20Context%20and%20Scope%20-%20Internal%20issues.md)
[ISO27DIY Video A.4 Context and Scope - Internal issues](../../Standards/ISO27x/legacy/iso27DIY%20mk%20I/ISO27DIY%20Video%20A.4%20Context%20and%20Scope%20-%20Internal%20issues.md)
[ISO27DIY Video A.2 Context and Scope - Stakeholders](../../Standards/ISO27x/archive/iso27DIY%20mk%20I/ISO27DIY%20Video%20A.2%20Context%20and%20Scope%20-%20Stakeholders.md)
[ISO27DIY Video A.3 Context and Scope - Regulations and Contracts](../../Standards/ISO27x/archive/iso27DIY%20mk%20I/ISO27DIY%20Video%20A.3%20Context%20and%20Scope%20-%20Regulations%20and%20Contracts.md)
[ISO27DIY Video A.2 Context and Scope - Stakeholders](../../Standards/ISO27x/legacy/iso27DIY%20mk%20I/ISO27DIY%20Video%20A.2%20Context%20and%20Scope%20-%20Stakeholders.md)
[ISO27DIY Video A.3 Context and Scope - Regulations and Contracts](../../Standards/ISO27x/legacy/iso27DIY%20mk%20I/ISO27DIY%20Video%20A.3%20Context%20and%20Scope%20-%20Regulations%20and%20Contracts.md)
## Standard
[ISO_27001_2022_4.1_MoC Understanding the organization and its context](../../Corpus/Standards/MoCs/ISO_27001_2022_4.1_MoC%20Understanding%20the%20organization%20and%20its%20context.md)

8
Corpus/💡Drafts and Ideas/Dealing with a reported application vulnerability Log4j.md
View file

@ -32,16 +32,16 @@ Do an impact analyses and identify a treatment:
## Relevant ISO 27001 controls
The main control of interest here is [ISO 27001 A 12.6.1 Management of technical vulnerabilities](../Standards/ISO27x/archive/ISO%2027001%202013/ISO%2027001%20A%2012.6.1%20Management%20of%20technical%20vulnerabilities.md), which ensures timely awareness of vulnerabilities through [ISO 27001 A 6.1.4 Contact with special interest groups](../Standards/ISO27x/archive/ISO%2027001%202013/ISO%2027001%20A%206.1.4%20Contact%20with%20special%20interest%20groups.md), evaluation of an organizations exposure, and having set [ISO 27001 A 16.1.1 Responsibilities and procedures](../Standards/ISO27x/archive/ISO%2027001%202013/ISO%2027001%20A%2016.1.1%20Responsibilities%20and%20procedures.md) to enable a quick and effective response.
The main control of interest here is [ISO 27001 A 12.6.1 Management of technical vulnerabilities](../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%2012.6.1%20Management%20of%20technical%20vulnerabilities.md), which ensures timely awareness of vulnerabilities through [ISO 27001 A 6.1.4 Contact with special interest groups](../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%206.1.4%20Contact%20with%20special%20interest%20groups.md), evaluation of an organizations exposure, and having set [ISO 27001 A 16.1.1 Responsibilities and procedures](../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%2016.1.1%20Responsibilities%20and%20procedures.md) to enable a quick and effective response.
Stopping the gap:
- [[ISO 27001 A 13.1.1 Network controls]]
- [[ISO 27001 A 13.1.2 Security of network services]]
- [ISO 27001 A 12.5.1 Installation of software on operational systems](../Standards/ISO27x/archive/ISO%2027001%202013/ISO%2027001%20A%2012.5.1%20Installation%20of%20software%20on%20operational%20systems.md)
- [ISO 27001 A 12.5.1 Installation of software on operational systems](../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%2012.5.1%20Installation%20of%20software%20on%20operational%20systems.md)
Preventative measures:
- [ISO 27001 A 12.6.2 Restrictions on software installation](../Standards/ISO27x/archive/ISO%2027001%202013/ISO%2027001%20A%2012.6.2%20Restrictions%20on%20software%20installation.md)
- [ISO 27001 A 12.6.2 Restrictions on software installation](../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%2012.6.2%20Restrictions%20on%20software%20installation.md)
- [[ISO 27001 A 14.1.1 Information security requirements analysis and specification]]
- [[ISO 27001 14.2.1 Secure development policy]]
- [[ISO 27001 A 14.2.7 Outsourced development]]
- [ISO 27001 A 18 Compliance](../Standards/ISO27x/archive/ISO%2027001%202013/ISO%2027001%20A%2018%20Compliance.md) of systems
- [ISO 27001 A 18 Compliance](../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%2018%20Compliance.md) of systems

2
Corpus/💡Drafts and Ideas/GRC software is geschreven voor domeindeskundigen.md
View file

@ -1,4 +1,4 @@
This note relates to the [ISO27DIY Business model](../Standards/ISO27x/archive/iso27DIY%20mk%20I/ISO27DIY%20Business%20model.md)
This note relates to the [ISO27DIY Business model](../Standards/ISO27x/legacy/iso27DIY%20mk%20I/ISO27DIY%20Business%20model.md)
Probleem: de GRC software wordt aangekocht om een operationeel probleem van de compliance officer op te lossen.

6
Corpus/💡Drafts and Ideas/Labeling of information in the digital domain.md
View file

@ -1,4 +1,4 @@
[ISO 27001 A 8.2.2 Labelling of information](../Standards/ISO27x/archive/ISO%2027001%202013/ISO%2027001%20A%208.2.2%20Labelling%20of%20information.md) makes procedures for information labelling in accordance with the classification scheme mandatory.
[ISO 27001 A 8.2.2 Labelling of information](../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%208.2.2%20Labelling%20of%20information.md) makes procedures for information labelling in accordance with the classification scheme mandatory.
For physical assets its straightforward: a restricted area sign on the door to the server room, a classified mark on a folder, a privacy sensitive sticker on a backup tape, etc.
@ -13,6 +13,6 @@ Labeling of digital information assets close to the source e.g. assign
Looking at it that way, any metadata that helps ensure the acceptable use and proper handling of information assets could be identified as labeling. A data dictionary that contains classification information could also be considered to use labeling.
Related:
- [ISO 27001 A 8.2.1 Classification of information](../Standards/ISO27x/archive/ISO%2027001%202013/ISO%2027001%20A%208.2.1%20Classification%20of%20information.md)
- [ISO 27001 A 8.1.3 Acceptable use of assets](../Standards/ISO27x/archive/ISO%2027001%202013/ISO%2027001%20A%208.1.3%20Acceptable%20use%20of%20assets.md)
- [ISO 27001 A 8.2.1 Classification of information](../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%208.2.1%20Classification%20of%20information.md)
- [ISO 27001 A 8.1.3 Acceptable use of assets](../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%208.1.3%20Acceptable%20use%20of%20assets.md)
- [[Enforcement tooling]]

4
Corpus/💡Drafts and Ideas/Modules, Screens and Content.md
View file

@ -3,14 +3,14 @@ See also [Three user modes for AuditGlue](Three%20user%20modes%20for%20AuditGlue
# Guided implementation mode
The 'guided implementation mode' will (roughly) resemble the structure and sequence of the [📼 ISO27DIY Video Series](../Standards/ISO27x/archive/iso27DIY%20mk%20I/📼%20ISO27DIY%20Video%20Series.md). This will be the reference for now.
The 'guided implementation mode' will (roughly) resemble the structure and sequence of the [📼 ISO27DIY Video Series](../Standards/ISO27x/legacy/iso27DIY%20mk%20I/📼%20ISO27DIY%20Video%20Series.md). This will be the reference for now.
# Operational mode
Here's the ISMS tool structure created in cooperation with Nedap: [Nedap ISMS tool structure](Nedap%20ISMS%20tool%20structure.md).
There's also this [ISO 27001 structure diagram](../Standards/ISO27x/archive/iso27DIY%20mk%20I/ISO%2027001%20structure%20diagram.md).
There's also this [ISO 27001 structure diagram](../Standards/ISO27x/legacy/iso27DIY%20mk%20I/ISO%2027001%20structure%20diagram.md).
See also the ISMS Tool and Overzicht beveiliging Excel sheets created for NHC:
- ![](NHC%20ISMS%20tool_template%20nieuw.xlsx)

2
Corpus/💡Drafts and Ideas/Operational Technology.md
View file

@ -5,7 +5,7 @@ Operational Technology Security or OT Security
Mentions "Industrial Internet of Things (IIOT) Devices" and SCADA (see CISSP book)
Relationship to ISO 27k:
- most obvious to [ISO 27001 A 13 Communications security](../Standards/ISO27x/archive/ISO%2027001%202013/ISO%2027001%20A%2013%20Communications%20security.md)
- most obvious to [ISO 27001 A 13 Communications security](../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%2013%20Communications%20security.md)
- also ISA/IEC 62443 series wasn't that the thing at Ultimaker?
- Detailled Google Groups [post](https://groups.google.com/g/iso27001security/c/DhgybAN7pxk?pli=1) mentions:
- [Generic SCADA Risk Management Framework](https://www.tisn.gov.au/Documents/SCADA-Generic-Risk-Management-Framework.pdf)

2
Corpus/💡Drafts and Ideas/Privacy.md
View file

@ -2,6 +2,6 @@
[AVG GDPR resources](../Standards/AVG/AVG%20GDPR%20resources.md)
Privacy in ISO 27001:
- [ISO 27001 A 18 Compliance](../Standards/ISO27x/archive/ISO%2027001%202013/ISO%2027001%20A%2018%20Compliance.md#A%2018%201%204%20Privacy%20and%20protection%20of%20personally%20identifiable%20information)
- [ISO 27001 A 18 Compliance](../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%2018%20Compliance.md#A%2018%201%204%20Privacy%20and%20protection%20of%20personally%20identifiable%20information)
[Personal Health Train | Health-RI](https://www.health-ri.nl/initiatives/personal-health-train)

2
Corpus/💡Drafts and Ideas/Vulnerability.md
View file

@ -13,6 +13,6 @@ See also:
- (https://www.google.nl/search?q=software+vulnerability+databases)
- [API Endpoint Vulnerabilities](https://www.reblaze.com/blog/api-security/how-hackers-attack-your-mobile-apps-part-3-api-endpoint-vulnerabilities/)
- [NSA and CISA publish hardening guides](https://www.nsa.gov/Press-Room/News-Highlights/Article/Article/2716980/nsa-cisa-release-kubernetes-hardening-guidance/utm_source/nsa-cisa-release-kubernetes-hardening-guidance/)
- [ISO 27001 A 12.6 Technical vulnerability management](../Standards/ISO27x/archive/ISO%2027001%202013/ISO%2027001%20A%2012.6%20Technical%20vulnerability%20management.md)
- [ISO 27001 A 12.6 Technical vulnerability management](../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%2012.6%20Technical%20vulnerability%20management.md)
- [a-8.8-Management-of-technical-vulnerabilities](../Standards/ISO27x/OST/27002/EN/a-8.8-Management-of-technical-vulnerabilities.md)