richardk/iso27diy-corp
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Renamed some folders

Browse source
This commit is contained in:
Richard Kranendonk 2026-04-29 14:20:35 +02:00
parent 3542083f69
commit 3c800ae860
278 changed files with 113 additions and 113 deletions
Download patch file Download diff file Expand all files Collapse all files

2
Corpus/📚️ Literature notes/(ISC)² meeting on Secure Software Development.md
View file

@ -1,7 +1,7 @@
February 2, 2022
Relevant ISO 27001 clauses/controls:
- [ISO 27001 A.14.2 Security in development and support processes](../Standards/ISO27x/archive/ISO%2027001%202013/ISO%2027001%20A.14.2%20Security%20in%20development%20and%20support%20processes.md)
- [ISO 27001 A.14.2 Security in development and support processes](../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A.14.2%20Security%20in%20development%20and%20support%20processes.md)
R.vanderveer@sig.eu
@robvanderveer

2
Corpus/📚️ Literature notes/Agile Development for Application Security Managers.md
View file

@ -9,7 +9,7 @@ This booklet explains the Agile way of working with a non-development manager in
It is moderately suitable for distribution to them in a company setting.
Relevant ISO 27001 clauses/controls:
- [ISO 27001 A.14.2.1 Secure development policy](../Standards/ISO27x/archive/ISO%2027001%202013/ISO%2027001%20A.14.2.1%20Secure%20development%20policy.md)
- [ISO 27001 A.14.2.1 Secure development policy](../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A.14.2.1%20Secure%20development%20policy.md)
Related:
- [DevSecOps and ISO 27k](../🎇%20Sparks/DevSecOps%20and%20ISO%2027k.md)

2
Corpus/📚️ Literature notes/Applying Zero Trust Principles to Enterprise Mobility.md
View file

@ -3,4 +3,4 @@
https://www.cisa.gov/sites/default/files/publications/Zero_Trust_Principles_Enterprise_Mobility_For_Public_Comment_508C.pdf
Related:
[ISO 27001 A 6.2.1 Mobile device policy](../Standards/ISO27x/archive/ISO%2027001%202013/ISO%2027001%20A%206.2.1%20Mobile%20device%20policy.md)
[ISO 27001 A 6.2.1 Mobile device policy](../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%206.2.1%20Mobile%20device%20policy.md)

4
Corpus/📚️ Literature notes/Checklists Gerardus Blokdyk/Checklist for auditing Access Management.md
View file

@ -4,9 +4,9 @@ Publication date: January 29, 2022
Retrieved from on January 31, 2022
Relevant ISO 27001 clauses/controls:
- [ISO 27001 A 9 Access control](../../Standards/ISO27x/archive/ISO%2027001%202013/ISO%2027001%20A%209%20Access%20control.md)
- [ISO 27001 A 9 Access control](../../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%209%20Access%20control.md)
- [[ISO 27001 C 9.2 Internal audit]]
- [ISO 27001 A 18 Compliance](../../Standards/ISO27x/archive/ISO%2027001%202013/ISO%2027001%20A%2018%20Compliance.md)
- [ISO 27001 A 18 Compliance](../../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%2018%20Compliance.md)
Related:
- [Identity and Access Management (IAM)](../../💡Drafts%20and%20Ideas/Identity%20and%20Access%20Management%20(IAM).md)

4
Corpus/📚️ Literature notes/Checklists Gerardus Blokdyk/Checklist for auditing Business Continuity Planning.md
View file

@ -5,8 +5,8 @@ Retrieved from on January 19, 2022
Relevant ISO 27001 clauses/controls:
- [[ISO 27001 C 9.2 Internal audit]]
- [ISO 27001 A 18 Compliance](../../Standards/ISO27x/archive/ISO%2027001%202013/ISO%2027001%20A%2018%20Compliance.md)
- [ISO 27001 A 17 Information security aspects of business continuity management](../../Standards/ISO27x/archive/ISO%2027001%202013/ISO%2027001%20A%2017%20Information%20security%20aspects%20of%20business%20continuity%20management.md)
- [ISO 27001 A 18 Compliance](../../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%2018%20Compliance.md)
- [ISO 27001 A 17 Information security aspects of business continuity management](../../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%2017%20Information%20security%20aspects%20of%20business%20continuity%20management.md)
Related:

6
Corpus/📚️ Literature notes/Checklists Gerardus Blokdyk/Checklist for auditing Business Continuity and Disaster Recovery.md
View file

@ -4,9 +4,9 @@ Publication date: February 22, 2022
Retrieved on February 22, 2022
Relevant ISO 27001 clauses/controls:
- [ISO 27001 A 16.1 Management of information security incidents and improvements](../../Standards/ISO27x/archive/ISO%2027001%202013/ISO%2027001%20A%2016.1%20Management%20of%20information%20security%20incidents%20and%20improvements.md)
- [ISO 27001 2013 C 9.2 Internal audit](../../Standards/ISO27x/archive/ISO%2027001%202013/ISO%2027001%202013%20C%209.2%20Internal%20audit.md)
- [ISO 27001 A 18 Compliance](../../Standards/ISO27x/archive/ISO%2027001%202013/ISO%2027001%20A%2018%20Compliance.md)
- [ISO 27001 A 16.1 Management of information security incidents and improvements](../../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%2016.1%20Management%20of%20information%20security%20incidents%20and%20improvements.md)
- [ISO 27001 2013 C 9.2 Internal audit](../../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%202013%20C%209.2%20Internal%20audit.md)
- [ISO 27001 A 18 Compliance](../../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%2018%20Compliance.md)
Related:
- [BCP_Bedrijfscontinuïteitsplanning](../BCP_Bedrijfscontinuïteitsplanning.md)

4
Corpus/📚️ Literature notes/Checklists Gerardus Blokdyk/Checklist for auditing Cloud Security – organized by themes.md
View file

@ -6,9 +6,9 @@ Retrieved from on January 31, 2022
Relevant ISO 27001 clauses/controls:
All of them just to link this note somewhere:
- [ISO 27001 A 14 System acquisition, development and maintenance](../../Standards/ISO27x/archive/ISO%2027001%202013/ISO%2027001%20A%2014%20System%20acquisition,%20development%20and%20maintenance.md)
- [ISO 27001 A 14 System acquisition, development and maintenance](../../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%2014%20System%20acquisition,%20development%20and%20maintenance.md)
- [[ISO 27001 C 9.2 Internal audit]]
- [ISO 27001 A 18 Compliance](../../Standards/ISO27x/archive/ISO%2027001%202013/ISO%2027001%20A%2018%20Compliance.md)
- [ISO 27001 A 18 Compliance](../../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%2018%20Compliance.md)
Related:
- [Vendor security MoC](../../🎇%20Sparks/Vendor%20security%20MoC.md)

2
Corpus/📚️ Literature notes/Checklists Gerardus Blokdyk/Checklist for auditing Configuration Management.md
View file

@ -6,7 +6,7 @@ Retrieved on April 14, 2022
Relevant ISO 27001 clauses/controls:
- [a-8.9-Configuration-management](../../Standards/ISO27x/OST/27002/EN/a-8.9-Configuration-management.md)
- [[ISO 27001 C 9.2 Internal audit]]
- [ISO 27001 A 18 Compliance](../../Standards/ISO27x/archive/ISO%2027001%202013/ISO%2027001%20A%2018%20Compliance.md)
- [ISO 27001 A 18 Compliance](../../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%2018%20Compliance.md)
# Configuration Management: Ask This;

6
Corpus/📚️ Literature notes/Checklists Gerardus Blokdyk/Checklist for auditing Cyber Operations.md
View file

@ -17,8 +17,8 @@ The rest of the article is a haphazard collection of 'shoulds'.
Not very interesting.
Relevant ISO 27001 clauses/controls:
- [ISO 27001 C 5.3 Organizational roles, responsibilities and authorities](../../Standards/ISO27x/archive/ISO%2027001%202013/ISO%2027001%20C%205.3%20Organizational%20roles,%20responsibilities%20and%20authorities.md)
- [ISO 27001 A 6.1 Internal organization](../../Standards/ISO27x/archive/ISO%2027001%202013/ISO%2027001%20A%206.1%20Internal%20organization.md)
- [ISO 27001 C 5.3 Organizational roles, responsibilities and authorities](../../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20C%205.3%20Organizational%20roles,%20responsibilities%20and%20authorities.md)
- [ISO 27001 A 6.1 Internal organization](../../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%206.1%20Internal%20organization.md)
- [[ISO 27001 C 9.2 Internal audit]]
- [ISO 27001 A 18 Compliance](../../Standards/ISO27x/archive/ISO%2027001%202013/ISO%2027001%20A%2018%20Compliance.md)
- [ISO 27001 A 18 Compliance](../../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%2018%20Compliance.md)

6
Corpus/📚️ Literature notes/Checklists Gerardus Blokdyk/Checklist for auditing Cyber Threat Intelligence.md
View file

@ -5,9 +5,9 @@ Retrieved from on March 3, 2022
Relevant ISO 27001:2013 clauses/controls:
- [[ISO 27001 C 9.2 Internal audit]]
- [ISO 27001 A 18 Compliance](../../Standards/ISO27x/archive/ISO%2027001%202013/ISO%2027001%20A%2018%20Compliance.md)
- [ISO 27001 A 16 Information security incident management](../../Standards/ISO27x/archive/ISO%2027001%202013/ISO%2027001%20A%2016%20Information%20security%20incident%20management.md)
- [ISO 27001 A 12.4 Logging and monitoring](../../Standards/ISO27x/archive/ISO%2027001%202013/ISO%2027001%20A%2012.4%20Logging%20and%20monitoring.md)
- [ISO 27001 A 18 Compliance](../../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%2018%20Compliance.md)
- [ISO 27001 A 16 Information security incident management](../../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%2016%20Information%20security%20incident%20management.md)
- [ISO 27001 A 12.4 Logging and monitoring](../../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%2012.4%20Logging%20and%20monitoring.md)
- [[ISO 27001 A 13.1.1 Network controls]]
Relevant ISO 27002:2022 clauses/controls:

2
Corpus/📚️ Literature notes/Checklists Gerardus Blokdyk/Checklist for auditing Cybersecurity.md
View file

@ -5,7 +5,7 @@ Retrieved from on January 10, 2022
Relevant ISO 27001 clauses/controls:
- [[ISO 27001 C 9.2 Internal audit]]
- [ISO 27001 A.18.2 Information security reviews](../../Standards/ISO27x/archive/ISO%2027001%202013/ISO%2027001%20A.18.2%20Information%20security%20reviews.md)
- [ISO 27001 A.18.2 Information security reviews](../../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A.18.2%20Information%20security%20reviews.md)
Related:
- [Checklist for auditing GRC](Checklist%20for%20auditing%20GRC.md)

2
Corpus/📚️ Literature notes/Checklists Gerardus Blokdyk/Checklist for auditing DLP technologies.md
View file

@ -5,7 +5,7 @@ Retrieved from on March 23, 2022
Relevant ISO 27001:2013 clauses/controls:
- [[ISO 27001 C 9.2 Internal audit]]
- [ISO 27001 A 18 Compliance](../../Standards/ISO27x/archive/ISO%2027001%202013/ISO%2027001%20A%2018%20Compliance.md)
- [ISO 27001 A 18 Compliance](../../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%2018%20Compliance.md)
Relevant ISO 27002:2022 clauses/controls:
- [a-5.7-Threat-intelligence](../../Standards/ISO27x/OST/27002/EN/a-5.7-Threat-intelligence.md)

4
Corpus/📚️ Literature notes/Checklists Gerardus Blokdyk/Checklist for auditing DevOps IoT.md
View file

@ -5,8 +5,8 @@ Retrieved from on March 3, 2022
Relevant ISO 27001 clauses/controls:
- [[ISO 27001 C 9.2 Internal audit]]
- [ISO 27001 A 18 Compliance](../../Standards/ISO27x/archive/ISO%2027001%202013/ISO%2027001%20A%2018%20Compliance.md)
- [ISO 27001 A.14.2 Security in development and support processes](../../Standards/ISO27x/archive/ISO%2027001%202013/ISO%2027001%20A.14.2%20Security%20in%20development%20and%20support%20processes.md)
- [ISO 27001 A 18 Compliance](../../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%2018%20Compliance.md)
- [ISO 27001 A.14.2 Security in development and support processes](../../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A.14.2%20Security%20in%20development%20and%20support%20processes.md)
Related:
- [Operational Technology](../../💡Drafts%20and%20Ideas/Operational%20Technology.md)

2
Corpus/📚️ Literature notes/Checklists Gerardus Blokdyk/Checklist for auditing GRC.md
View file

@ -5,7 +5,7 @@ Retrieved from on January 10, 2022
Relevant ISO 27001 clauses/controls:
- [[MyVault/👩🏼‍⚖️ Standards and Regulations/ISO 27001 2013/ISO 27001 C 9 Performance evaluation]]
- [ISO 27001 A 18 Compliance](../../Standards/ISO27x/archive/ISO%2027001%202013/ISO%2027001%20A%2018%20Compliance.md)
- [ISO 27001 A 18 Compliance](../../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%2018%20Compliance.md)
Related:
[External audits](../../🎇%20Sparks/External%20audits.md)

2
Corpus/📚️ Literature notes/Checklists Gerardus Blokdyk/Checklist for auditing ISO 27001.md
View file

@ -5,7 +5,7 @@ Retrieved from on March 23, 2022
Relevant ISO 27001:2013 clauses/controls:
- [[ISO 27001 C 9.2 Internal audit]]
- [ISO 27001 A 18 Compliance](../../Standards/ISO27x/archive/ISO%2027001%202013/ISO%2027001%20A%2018%20Compliance.md)
- [ISO 27001 A 18 Compliance](../../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%2018%20Compliance.md)
## ISO 27001: Ask This;

4
Corpus/📚️ Literature notes/Checklists Gerardus Blokdyk/Checklist for auditing IT Security.md
View file

@ -5,8 +5,8 @@ Retrieved from on February 10, 2022
Relevant ISO 27001 clauses/controls:
- [[ISO 27001 C 9.2 Internal audit]]
- [ISO 27001 A 18 Compliance](../../Standards/ISO27x/archive/ISO%2027001%202013/ISO%2027001%20A%2018%20Compliance.md)
- [ISO 27001 A.18.2 Information security reviews](../../Standards/ISO27x/archive/ISO%2027001%202013/ISO%2027001%20A.18.2%20Information%20security%20reviews.md)
- [ISO 27001 A 18 Compliance](../../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%2018%20Compliance.md)
- [ISO 27001 A.18.2 Information security reviews](../../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A.18.2%20Information%20security%20reviews.md)
# IT Security: Ask This;
1. Does your management team have access to compliance reporting that illustrates your organization of your IT security preparedness?

4
Corpus/📚️ Literature notes/Checklists Gerardus Blokdyk/Checklist for auditing Incident Response Plan.md
View file

@ -4,9 +4,9 @@ Publication date: February 14, 2022
Retrieved from on February 14, 2022
Relevant ISO 27001 clauses/controls:
- [ISO 27001 A 16.1 Management of information security incidents and improvements](../../Standards/ISO27x/archive/ISO%2027001%202013/ISO%2027001%20A%2016.1%20Management%20of%20information%20security%20incidents%20and%20improvements.md)
- [ISO 27001 A 16.1 Management of information security incidents and improvements](../../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%2016.1%20Management%20of%20information%20security%20incidents%20and%20improvements.md)
- [[ISO 27001 C 9.2 Internal audit]]
- [ISO 27001 A 18 Compliance](../../Standards/ISO27x/archive/ISO%2027001%202013/ISO%2027001%20A%2018%20Compliance.md)
- [ISO 27001 A 18 Compliance](../../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%2018%20Compliance.md)
# Does your organization have a cyber incident response plan in place in the event of a data breach?

6
Corpus/📚️ Literature notes/Checklists Gerardus Blokdyk/Checklist for auditing Network Security.md
View file

@ -4,10 +4,10 @@ Publication date: February 10, 2022
Retrieved from on February 10, 2022
Relevant ISO 27001 clauses/controls:
- [ISO 27001 A.13.1 Network security management](../../Standards/ISO27x/archive/ISO%2027001%202013/ISO%2027001%20A.13.1%20Network%20security%20management.md)
- [ISO 27001 A.13.1 Network security management](../../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A.13.1%20Network%20security%20management.md)
- [[ISO 27001 C 9.2 Internal audit]]
- [ISO 27001 A 18 Compliance](../../Standards/ISO27x/archive/ISO%2027001%202013/ISO%2027001%20A%2018%20Compliance.md)
- [ISO 27001 A.18.2 Information security reviews](../../Standards/ISO27x/archive/ISO%2027001%202013/ISO%2027001%20A.18.2%20Information%20security%20reviews.md)
- [ISO 27001 A 18 Compliance](../../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%2018%20Compliance.md)
- [ISO 27001 A.18.2 Information security reviews](../../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A.18.2%20Information%20security%20reviews.md)
# Network Security: Ask This;
1. Is your organization logging any network events that would allow you to determine if a data security breach may have occurred?

2
Corpus/📚️ Literature notes/Checklists Gerardus Blokdyk/Checklist for auditing Security Operations.md
View file

@ -5,7 +5,7 @@ Retrieved from on February 14, 2022
Relevant ISO 27001 clauses/controls:
- [[ISO 27001 C 9.2 Internal audit]]
- [ISO 27001 A 18 Compliance](../../Standards/ISO27x/archive/ISO%2027001%202013/ISO%2027001%20A%2018%20Compliance.md)
- [ISO 27001 A 18 Compliance](../../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%2018%20Compliance.md)
Related:
- [Checklist for auditing Cyber Operations](Checklist%20for%20auditing%20Cyber%20Operations.md)

2
Corpus/📚️ Literature notes/Checklists Gerardus Blokdyk/Checklist for auditing Threat Intelligence.md
View file

@ -5,7 +5,7 @@ Retrieved from on February 14, 2022
Relevant ISO 27001 clauses/controls:
- [[ISO 27001 C 9.2 Internal audit]]
- [ISO 27001 A 18 Compliance](../../Standards/ISO27x/archive/ISO%2027001%202013/ISO%2027001%20A%2018%20Compliance.md)
- [ISO 27001 A 18 Compliance](../../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%2018%20Compliance.md)
Related:
- [Checklist for auditing Threat Management](Checklist%20for%20auditing%20Threat%20Management.md)

12
Corpus/📚️ Literature notes/Checklists Gerardus Blokdyk/Checklist for auditing Threat Management.md
View file

@ -2,9 +2,9 @@
Relevant ISO 27001 clauses/controls:
- [[ISO 27001 C 9.2 Internal audit]]
- [ISO 27001 C 6.1.2 Information security risk assessment](../../Standards/ISO27x/archive/ISO%2027001%202013/ISO%2027001%20C%206.1.2%20Information%20security%20risk%20assessment.md)
- [ISO 27001 A 18 Compliance](../../Standards/ISO27x/archive/ISO%2027001%202013/ISO%2027001%20A%2018%20Compliance.md)
- [ISO 27001 A.18.2 Information security reviews](../../Standards/ISO27x/archive/ISO%2027001%202013/ISO%2027001%20A.18.2%20Information%20security%20reviews.md)
- [ISO 27001 C 6.1.2 Information security risk assessment](../../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20C%206.1.2%20Information%20security%20risk%20assessment.md)
- [ISO 27001 A 18 Compliance](../../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%2018%20Compliance.md)
- [ISO 27001 A.18.2 Information security reviews](../../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A.18.2%20Information%20security%20reviews.md)
Related:
- [Assets, Vulnerabilities, Threats, Risks](../../🎇%20Sparks/Assets,%20Vulnerabilities,%20Threats,%20Risks.md)
@ -114,6 +114,6 @@ Retrieved from [LinkedIn](https://www.linkedin.com/pulse/address-threat-manageme
100. Does your cyber risk training focus on the technology, the organization and the individual?
Relevant ISO 27001 clauses/controls:
- [ISO 27001 C 8 Operation](../../Standards/ISO27x/archive/ISO%2027001%202013/ISO%2027001%20C%208%20Operation.md)
- [ISO 27001 A 16 Information security incident management](../../Standards/ISO27x/archive/ISO%2027001%202013/ISO%2027001%20A%2016%20Information%20security%20incident%20management.md)
- [ISO 27001 A 17 Information security aspects of business continuity management](../../Standards/ISO27x/archive/ISO%2027001%202013/ISO%2027001%20A%2017%20Information%20security%20aspects%20of%20business%20continuity%20management.md)
- [ISO 27001 C 8 Operation](../../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20C%208%20Operation.md)
- [ISO 27001 A 16 Information security incident management](../../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%2016%20Information%20security%20incident%20management.md)
- [ISO 27001 A 17 Information security aspects of business continuity management](../../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%2017%20Information%20security%20aspects%20of%20business%20continuity%20management.md)

2
Corpus/📚️ Literature notes/Checklists Gerardus Blokdyk/Checklist for auditing Threat Modeling.md
View file

@ -5,7 +5,7 @@ Retrieved from on March 15, 2022
Relevant ISO 27001:2013 clauses/controls:
- [[ISO 27001 C 9.2 Internal audit]]
- [ISO 27001 A 18 Compliance](../../Standards/ISO27x/archive/ISO%2027001%202013/ISO%2027001%20A%2018%20Compliance.md)
- [ISO 27001 A 18 Compliance](../../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%2018%20Compliance.md)
Relevant ISO 27002:2022 clauses/controls:

8
Corpus/📚️ Literature notes/Checklists Gerardus Blokdyk/Checklist for auditing Vendor Management.md
View file

@ -4,10 +4,10 @@ Publication date: February 23, 2022
Retrieved on February 24, 2022
Relevant ISO 27001 clauses/controls:
- [ISO 27001 A 6.1.5 Information security in project management](../../Standards/ISO27x/archive/ISO%2027001%202013/ISO%2027001%20A%206.1.5%20Information%20security%20in%20project%20management.md)
- [ISO 27001 A 15 Supplier relationships](../../Standards/ISO27x/archive/ISO%2027001%202013/ISO%2027001%20A%2015%20Supplier%20relationships.md)
- [ISO 27001 2013 C 9.2 Internal audit](../../Standards/ISO27x/archive/ISO%2027001%202013/ISO%2027001%202013%20C%209.2%20Internal%20audit.md)
- [ISO 27001 A 18 Compliance](../../Standards/ISO27x/archive/ISO%2027001%202013/ISO%2027001%20A%2018%20Compliance.md)
- [ISO 27001 A 6.1.5 Information security in project management](../../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%206.1.5%20Information%20security%20in%20project%20management.md)
- [ISO 27001 A 15 Supplier relationships](../../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%2015%20Supplier%20relationships.md)
- [ISO 27001 2013 C 9.2 Internal audit](../../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%202013%20C%209.2%20Internal%20audit.md)
- [ISO 27001 A 18 Compliance](../../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%2018%20Compliance.md)
Related:
- [Vendor security MoC](../../🎇%20Sparks/Vendor%20security%20MoC.md)

2
Corpus/📚️ Literature notes/Checklists Gerardus Blokdyk/Checklist for auditing Zero Trust approach.md
View file

@ -3,7 +3,7 @@ Retrieved from [LinkedIn](https://www.linkedin.com/pulse/define-zero-trust-appro
Relevant ISO 27001 clauses/controls:
- [[ISO 27001 C 9.2 Internal audit]]
- [ISO 27001 A 18 Compliance](../../Standards/ISO27x/archive/ISO%2027001%202013/ISO%2027001%20A%2018%20Compliance.md)
- [ISO 27001 A 18 Compliance](../../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%2018%20Compliance.md)
Related:
- [Zero Trust](../Zero%20Trust.md)

6
Corpus/📚️ Literature notes/Checklists Gerardus Blokdyk/Checklist for security product vendors assessment.md
View file

@ -5,9 +5,9 @@ Retrieved from on January 10, 2022
Relevant ISO 27001 clauses/controls:
- [[ISO 27001 A 14.1.1 Information security requirements analysis and specification]]
- [ISO 27001 A 15 Supplier relationships](../../Standards/ISO27x/archive/ISO%2027001%202013/ISO%2027001%20A%2015%20Supplier%20relationships.md)
- [ISO 27001 2013 C 9.2 Internal audit](../../Standards/ISO27x/archive/ISO%2027001%202013/ISO%2027001%202013%20C%209.2%20Internal%20audit.md)
- [ISO 27001 A 18 Compliance](../../Standards/ISO27x/archive/ISO%2027001%202013/ISO%2027001%20A%2018%20Compliance.md)
- [ISO 27001 A 15 Supplier relationships](../../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%2015%20Supplier%20relationships.md)
- [ISO 27001 2013 C 9.2 Internal audit](../../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%202013%20C%209.2%20Internal%20audit.md)
- [ISO 27001 A 18 Compliance](../../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%2018%20Compliance.md)
Related:
- [Examples of vendor selection questionnaires](../../🎇%20Sparks/Examples%20of%20vendor%20selection%20questionnaires.md)

2
Corpus/📚️ Literature notes/Context analysis.md
View file

@ -1,4 +1,4 @@
[ISO 27001 C 4.1](../Standards/ISO27x/archive/ISO%2027001%202013/ISO%2027001_OT%20C%204%20Context%20of%20the%20organization.md#4%201%20Understanding%20the%20organization%20and%20its%20context) requires that "the organization shall determine external and internal issues that are relevant to its purpose and that affect its ability to achieve the intended outcome(s) of its information security management system."
[ISO 27001 C 4.1](../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001_OT%20C%204%20Context%20of%20the%20organization.md#4%201%20Understanding%20the%20organization%20and%20its%20context) requires that "the organization shall determine external and internal issues that are relevant to its purpose and that affect its ability to achieve the intended outcome(s) of its information security management system."
No form or method are specified, but there are some good accepted tools for this.

2
Corpus/📚️ Literature notes/Cross standards mapping.md
View file

@ -1,6 +1,6 @@
The file AuditScripts-CIS-Controls-Master-Mappings-v7.1c.xlsx (in the Attachments folder, linking in editor to this file type is not supported) contains a mapping between the following standards:
- CSC Critical Security Controls
- [ISO 27001 A.13.2 Information transfer](../Standards/ISO27x/archive/ISO%2027001%202013/ISO%2027001%20A.13.2%20Information%20transfer.md) / ISO 27002
- [ISO 27001 A.13.2 Information transfer](../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A.13.2%20Information%20transfer.md) / ISO 27002
- IEC 62443
- NIST 800-53
- NIST 800-82

2
Corpus/📚️ Literature notes/Datatags System.md
View file

@ -3,7 +3,7 @@
Science. 2015101601. October 16, 2015. http://techscience.org/a/2015101601; PDF version attached: [](techsci-datatags-sweeneycrosasbarsinai.pdf).
Related:
- [ISO 27001 A 8.2 Information classification](../Standards/ISO27x/archive/ISO%2027001%202013/ISO%2027001%20A%208.2%20Information%20classification.md)
- [ISO 27001 A 8.2 Information classification](../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%208.2%20Information%20classification.md)
- [Privacy](../💡Drafts%20and%20Ideas/Privacy.md)
Sweeney at all have developed a privacy oriented data classification system with six levels:

2
Corpus/📚️ Literature notes/NSA Network Security Guidance.md
View file

@ -1,4 +1,4 @@
https://media.defense.gov/2022/Mar/01/2002947139/-1/-1/0/CTR_NSA_NETWORK_INFRASTRUCTURE_SECURITY_GUIDANCE_20220301.PDF
Related:
- [ISO 27001 A.13.1 Network security management](../Standards/ISO27x/archive/ISO%2027001%202013/ISO%2027001%20A.13.1%20Network%20security%20management.md)
- [ISO 27001 A.13.1 Network security management](../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A.13.1%20Network%20security%20management.md)

4
Corpus/📚️ Literature notes/Red, Blue, and Purple Teams.md
View file

@ -9,5 +9,5 @@ By Daniel Miessler
![](BAD-pyramid-miessler.png)
Related:
[ISO 27001 A.14.2.8 System security testing](../Standards/ISO27x/archive/ISO%2027001%202013/ISO%2027001%20A.14.2.8%20System%20security%20testing.md)
[ISO 27001 A.14.2.9 System acceptance testing](../Standards/ISO27x/archive/ISO%2027001%202013/ISO%2027001%20A.14.2.9%20System%20acceptance%20testing.md)
[ISO 27001 A.14.2.8 System security testing](../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A.14.2.8%20System%20security%20testing.md)
[ISO 27001 A.14.2.9 System acceptance testing](../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A.14.2.9%20System%20acceptance%20testing.md)

2
Corpus/📚️ Literature notes/Security Metrics that Count – for Twilio.md
View file

@ -13,5 +13,5 @@ They then used this data to generate dashboards for different audiences.
Related:
- [[MyVault/👩🏼‍⚖️ Standards and Regulations/ISO 27001 2013/ISO 27001 C 9 Performance evaluation#9 1 Monitoring measurement analysis and evaluation]]
- [ISO 27001 A 12.4 Logging and monitoring](../Standards/ISO27x/archive/ISO%2027001%202013/ISO%2027001%20A%2012.4%20Logging%20and%20monitoring.md)
- [ISO 27001 A 12.4 Logging and monitoring](../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%2012.4%20Logging%20and%20monitoring.md)

4
Corpus/📚️ Literature notes/Setting up a Successful Security Program.md
View file

@ -6,8 +6,8 @@ Retrieved February 10, 2022
Author: Phil Venables, @philvenables
Relevant ISO 27001 clauses/controls:
- [ISO 27001 C 5 Leadership](../Standards/ISO27x/archive/ISO%2027001%202013/ISO%2027001%20C%205%20Leadership.md)
- [ISO 27001 C 6 Planning](../Standards/ISO27x/archive/ISO%2027001%202013/ISO%2027001%20C%206%20Planning.md)
- [ISO 27001 C 5 Leadership](../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20C%205%20Leadership.md)
- [ISO 27001 C 6 Planning](../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20C%206%20Planning.md)

8
Corpus/📚️ Literature notes/Topical InfoSec Kanban’s.md
View file

@ -28,9 +28,9 @@ Note that these boards where created with Airtable.com.
### Related notes:
- [📼 ISO27DIY Video Series](../Standards/ISO27x/archive/iso27DIY%20mk%20I/📼%20ISO27DIY%20Video%20Series.md)
- [ISO27DIY Additional resources](../Standards/ISO27x/archive/iso27DIY%20mk%20I/ISO27DIY%20Additional%20resources.md)
- [📼 ISO27DIY Video Series](../Standards/ISO27x/legacy/iso27DIY%20mk%20I/📼%20ISO27DIY%20Video%20Series.md)
- [ISO27DIY Additional resources](../Standards/ISO27x/legacy/iso27DIY%20mk%20I/ISO27DIY%20Additional%20resources.md)
- [List of possible partners](../💡Drafts%20and%20Ideas/List%20of%20possible%20partners.md)
- [ISO27DIY Workshop Overview template](../Standards/ISO27x/archive/iso27DIY%20mk%20I/📒%20Templates/ISO27DIY%20Workshop%20Overview%20template.md)
- [ISO27DIY Workshop Overview template](../Standards/ISO27x/legacy/iso27DIY%20mk%20I/📒%20Templates/ISO27DIY%20Workshop%20Overview%20template.md)
- [Advised Documents for ISO 27001](../../../iso27DIY-gis/reference/Advised%20Documents%20for%20ISO%2027001.md)
- [💾 AuditGlue software](../Standards/ISO27x/archive/iso27DIY%20mk%20I/💾%20AuditGlue%20software.md)
- [💾 AuditGlue software](../Standards/ISO27x/legacy/iso27DIY%20mk%20I/💾%20AuditGlue%20software.md)