Renamed some folders
This commit is contained in:
parent
3542083f69
commit
3c800ae860
278 changed files with 113 additions and 113 deletions
|
|
@ -47,7 +47,7 @@
|
||||||
- Resources ([C7.1](../Corpus/Standards/MoCs/ISO_27001_2022_7.1_MoC%20Resources.md))
|
- Resources ([C7.1](../Corpus/Standards/MoCs/ISO_27001_2022_7.1_MoC%20Resources.md))
|
||||||
- Competencies ([C7.2](../Corpus/Standards/MoCs/ISO_27001_2022_7.2_MoC%20Competence.md))
|
- Competencies ([C7.2](../Corpus/Standards/MoCs/ISO_27001_2022_7.2_MoC%20Competence.md))
|
||||||
- Documentation ([A5.33](../Corpus/Standards/MoCs/ISO_27002_2022_5.33_MoC%20Protection%20of%20records.md), [C7.5.2](../Corpus/Standards/MoCs/ISO_27001_2022_7.5.2_MoC%20Creating%20and%20updating.md))
|
- Documentation ([A5.33](../Corpus/Standards/MoCs/ISO_27002_2022_5.33_MoC%20Protection%20of%20records.md), [C7.5.2](../Corpus/Standards/MoCs/ISO_27001_2022_7.5.2_MoC%20Creating%20and%20updating.md))
|
||||||
- Policies ([A5.1](../Corpus/Standards/ISO27x/archive/iso27DIY%20mk%20I/ISO_27002_2022_5.1_MoC%20Policies%20for%20information%20security.md))
|
- Policies ([A5.1](../Corpus/Standards/ISO27x/legacy/iso27DIY%20mk%20I/ISO_27002_2022_5.1_MoC%20Policies%20for%20information%20security.md))
|
||||||
- Review calendar ([A5.35](../Corpus/Standards/MoCs/ISO_27002_2022_5.35_MoC%20Independent%20review%20of%20information%20security.md), [C7.5.2](../Corpus/Standards/MoCs/ISO_27001_2022_7.5.2_MoC%20Creating%20and%20updating.md))
|
- Review calendar ([A5.35](../Corpus/Standards/MoCs/ISO_27002_2022_5.35_MoC%20Independent%20review%20of%20information%20security.md), [C7.5.2](../Corpus/Standards/MoCs/ISO_27001_2022_7.5.2_MoC%20Creating%20and%20updating.md))
|
||||||
- Communication and Awareness ([C7.3](../Corpus/Standards/MoCs/ISO_27001_2022_7.3_MoC%20Awareness.md), [C7.4](../Corpus/Standards/MoCs/ISO_27001_2022_7.4_MoC%20Communication.md))
|
- Communication and Awareness ([C7.3](../Corpus/Standards/MoCs/ISO_27001_2022_7.3_MoC%20Awareness.md), [C7.4](../Corpus/Standards/MoCs/ISO_27001_2022_7.4_MoC%20Communication.md))
|
||||||
- **m700: Securing the Business**
|
- **m700: Securing the Business**
|
||||||
|
|
|
||||||
|
|
@ -15,7 +15,7 @@
|
||||||
| 4.2 | [[ISO_27002_OT_4.2 Themes and attributes \| Themes and attributes ]] | |
|
| 4.2 | [[ISO_27002_OT_4.2 Themes and attributes \| Themes and attributes ]] | |
|
||||||
| 4.3 | [[ISO_27002_OT_4.3 Control layout \| Control layout ]] | |
|
| 4.3 | [[ISO_27002_OT_4.3 Control layout \| Control layout ]] | |
|
||||||
| **5** | **Organizational controls** | |
|
| **5** | **Organizational controls** | |
|
||||||
| 5.1 | [Policies for information security ](../Standards/ISO27x/archive/iso27DIY%20mk%20I/ISO_27002_2022_5.1_MoC%20Policies%20for%20information%20security.md) | 05.1.1, 05.1.2 |
|
| 5.1 | [Policies for information security ](../Standards/ISO27x/legacy/iso27DIY%20mk%20I/ISO_27002_2022_5.1_MoC%20Policies%20for%20information%20security.md) | 05.1.1, 05.1.2 |
|
||||||
| 5.2 | [Information security roles and responsibilities ](ISO_27002_2022_5.2_MoC%20Information%20security%20roles%20and%20responsibilities.md) | 06.1.1 |
|
| 5.2 | [Information security roles and responsibilities ](ISO_27002_2022_5.2_MoC%20Information%20security%20roles%20and%20responsibilities.md) | 06.1.1 |
|
||||||
| 5.3 | [Segregation of duties ](ISO_27002_2022_5.3_MoC%20Segregation%20of%20duties.md) | 06.1.2 |
|
| 5.3 | [Segregation of duties ](ISO_27002_2022_5.3_MoC%20Segregation%20of%20duties.md) | 06.1.2 |
|
||||||
| 5.4 | [Management responsibilities ](ISO_27002_2022_5.4_MoC%20Management%20responsibilities.md) | 07.2.1 |
|
| 5.4 | [Management responsibilities ](ISO_27002_2022_5.4_MoC%20Management%20responsibilities.md) | 07.2.1 |
|
||||||
|
|
|
||||||
|
|
@ -2,6 +2,6 @@
|
||||||
[[ISO_27002_2022_8.15_PE Logging\|Plain English]]
|
[[ISO_27002_2022_8.15_PE Logging\|Plain English]]
|
||||||
|
|
||||||
ISO 27002:2013:
|
ISO 27002:2013:
|
||||||
- [12.4.1](../Standards/ISO27x/archive/ISO%2027001%202013/ISO%2027001%20A%2012.4.1%20Event%20logging.md)
|
- [12.4.1](../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%2012.4.1%20Event%20logging.md)
|
||||||
- [12.4.2](../Standards/ISO27x/archive/ISO%2027001%202013/ISO%2027001%20A%2012.4.2%20Protection%20of%20log%20information.md)
|
- [12.4.2](../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%2012.4.2%20Protection%20of%20log%20information.md)
|
||||||
- [12.4.3](../Standards/ISO27x/archive/ISO%2027001%202013/ISO%2027001%20A%2012.4.3%20Administrator%20and%20operator%20logs.md)
|
- [12.4.3](../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%2012.4.3%20Administrator%20and%20operator%20logs.md)
|
||||||
|
|
@ -16,7 +16,7 @@ In the ISO 27001 framework, Top Management holds the ultimate accountability. Th
|
||||||
- **Signing Off / Approving:** They must formally approve the information security policy. Any changes to the high-level policy must also be approved by them.
|
- **Signing Off / Approving:** They must formally approve the information security policy. Any changes to the high-level policy must also be approved by them.
|
||||||
- **Resourcing:** They are responsible for ensuring the resources needed for the ISMS are available.
|
- **Resourcing:** They are responsible for ensuring the resources needed for the ISMS are available.
|
||||||
|
|
||||||
– see [C.5.1](../../MoCs/ISO_27001_2022_5.1_MoC%20Leadership%20and%20commitment.md), [A.5.1](archive/iso27DIY%20mk%20I/ISO_27002_2022_5.1_MoC%20Policies%20for%20information%20security.md)
|
– see [C.5.1](../../MoCs/ISO_27001_2022_5.1_MoC%20Leadership%20and%20commitment.md), [A.5.1](legacy/iso27DIY%20mk%20I/ISO_27002_2022_5.1_MoC%20Policies%20for%20information%20security.md)
|
||||||
### **2. Information Security Manager / Competent Personnel**
|
### **2. Information Security Manager / Competent Personnel**
|
||||||
|
|
||||||
**Primary Mandate:** _Drafting, Advising, and Reviewing._
|
**Primary Mandate:** _Drafting, Advising, and Reviewing._
|
||||||
|
|
@ -58,7 +58,7 @@ To operationalize this model, you can organize your governance activities into t
|
||||||
| **5. Communicating** | **Security Manager/HR** publishes the policy in a format accessible to all employees and relevant external parties. |
|
| **5. Communicating** | **Security Manager/HR** publishes the policy in a format accessible to all employees and relevant external parties. |
|
||||||
| **6. Acknowledging** | **All Personnel** sign or digitally acknowledge that they have read and understood the policy. |
|
| **6. Acknowledging** | **All Personnel** sign or digitally acknowledge that they have read and understood the policy. |
|
||||||
| **7. Reviewing** | **Security Manager** re-evaluates the policy at planned intervals or after significant changes (e.g., a security incident). |
|
| **7. Reviewing** | **Security Manager** re-evaluates the policy at planned intervals or after significant changes (e.g., a security incident). |
|
||||||
These can be deducted from [C.5.1](../../MoCs/ISO_27001_2022_5.1_MoC%20Leadership%20and%20commitment.md), [A.5.1](archive/iso27DIY%20mk%20I/ISO_27002_2022_5.1_MoC%20Policies%20for%20information%20security.md), C.0.1, and C.0.2
|
These can be deducted from [C.5.1](../../MoCs/ISO_27001_2022_5.1_MoC%20Leadership%20and%20commitment.md), [A.5.1](legacy/iso27DIY%20mk%20I/ISO_27002_2022_5.1_MoC%20Policies%20for%20information%20security.md), C.0.1, and C.0.2
|
||||||
|
|
||||||
### **Analogy: The Legislative Process**
|
### **Analogy: The Legislative Process**
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -6,7 +6,7 @@ De norm geeft specifieke richtlijnen over waar de verantwoordelijkheid voor de v
|
||||||
|
|
||||||
**1. Het overkoepelende Informatiebeveiligingsbeleid** Dit is het document op het hoogste niveau. De norm eist expliciet dat de verantwoordelijkheid voor het vaststellen en goedkeuren van dit beleid uitsluitend bij het **topmanagement (de directie)** ligt.
|
**1. Het overkoepelende Informatiebeveiligingsbeleid** Dit is het document op het hoogste niveau. De norm eist expliciet dat de verantwoordelijkheid voor het vaststellen en goedkeuren van dit beleid uitsluitend bij het **topmanagement (de directie)** ligt.
|
||||||
|
|
||||||
**2. Onderwerpspecifieke beleidsregels** Voor meer gedetailleerde of specifieke beleidsregels (zoals beleid voor toegangsbeveiliging, cryptografie of werken op afstand) ligt de verantwoordelijkheid voor het ontwikkelen, beoordelen en goedkeuren bij **relevant personeel op basis van een passend bevoegdheidsniveau en technische bekwaamheid**. Dit betekent dat het eigenaarschap hier doorgaans bij de systeemeigenaren, security officers of afdelingsmanagers ligt (het "passende managementniveau", zie [A.5.1](archive/iso27DIY%20mk%20I/ISO_27002_2022_5.1_MoC%20Policies%20for%20information%20security.md)).
|
**2. Onderwerpspecifieke beleidsregels** Voor meer gedetailleerde of specifieke beleidsregels (zoals beleid voor toegangsbeveiliging, cryptografie of werken op afstand) ligt de verantwoordelijkheid voor het ontwikkelen, beoordelen en goedkeuren bij **relevant personeel op basis van een passend bevoegdheidsniveau en technische bekwaamheid**. Dit betekent dat het eigenaarschap hier doorgaans bij de systeemeigenaren, security officers of afdelingsmanagers ligt (het "passende managementniveau", zie [A.5.1](legacy/iso27DIY%20mk%20I/ISO_27002_2022_5.1_MoC%20Policies%20for%20information%20security.md)).
|
||||||
|
|
||||||
**3. Gedocumenteerde bedieningsprocedures** Voor werkinstructies en bedieningsprocedures (zoals omschreven in [A.5.37](../../MoCs/ISO_27002_2022_5.37_MoC%20Documented%20operating%20procedures.md)) eist de norm dat in de documentatie zélf expliciet wordt gespecificeerd **welke personen verantwoordelijk zijn** voor de in de procedure beschreven activiteiten.
|
**3. Gedocumenteerde bedieningsprocedures** Voor werkinstructies en bedieningsprocedures (zoals omschreven in [A.5.37](../../MoCs/ISO_27002_2022_5.37_MoC%20Documented%20operating%20procedures.md)) eist de norm dat in de documentatie zélf expliciet wordt gespecificeerd **welke personen verantwoordelijk zijn** voor de in de procedure beschreven activiteiten.
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -25,7 +25,7 @@ Top management is responsible for establishing an information security policy th
|
||||||
- **Approval:** The policy must be formally approved by top management.
|
- **Approval:** The policy must be formally approved by top management.
|
||||||
- **Changes:** Any changes to the policy must be approved by top management.
|
- **Changes:** Any changes to the policy must be approved by top management.
|
||||||
|
|
||||||
This is described in [Clause 5.2](../../MoCs/ISO_27001_2022_5.2_MoC%20Policy.md) and [Control 5.1](archive/iso27DIY%20mk%20I/ISO_27002_2022_5.1_MoC%20Policies%20for%20information%20security.md).
|
This is described in [Clause 5.2](../../MoCs/ISO_27001_2022_5.2_MoC%20Policy.md) and [Control 5.1](legacy/iso27DIY%20mk%20I/ISO_27002_2022_5.1_MoC%20Policies%20for%20information%20security.md).
|
||||||
### 3. Organizational Roles and Authorities (ISO 27001)
|
### 3. Organizational Roles and Authorities (ISO 27001)
|
||||||
|
|
||||||
Top management must ensure that responsibilities and authorities for roles relevant to information security are assigned and communicated within the organization. specifically, they must assign the responsibility and authority for:
|
Top management must ensure that responsibilities and authorities for roles relevant to information security are assigned and communicated within the organization. specifically, they must assign the responsibility and authority for:
|
||||||
|
|
|
||||||
|
|
@ -44,4 +44,4 @@ Beveiligingsdomeinen is een attribuut om beheersmaatregelen te bekijken vanuit h
|
||||||
|
|
||||||
De in dit document vermelde attributen zijn gekozen op basis van het feit dat ze als generiek genoeg worden beschouwd om door verschillende soorten organisaties te worden gebruiktrganisaties kunnen ervoor kiezen een of meer van de in dit document vermelde attributen buiten beschouwing te latene kunnen ook zelf attributen (met de bijbehorende attribuutwaarden) aanmaken om hun eigen organisatieoverzichten te maken. Hoofdstuk A.2 bevat voorbeelden van dergelijke attributen.
|
De in dit document vermelde attributen zijn gekozen op basis van het feit dat ze als generiek genoeg worden beschouwd om door verschillende soorten organisaties te worden gebruiktrganisaties kunnen ervoor kiezen een of meer van de in dit document vermelde attributen buiten beschouwing te latene kunnen ook zelf attributen (met de bijbehorende attribuutwaarden) aanmaken om hun eigen organisatieoverzichten te maken. Hoofdstuk A.2 bevat voorbeelden van dergelijke attributen.
|
||||||
|
|
||||||
Zie ook: [ISO_27002_NL_Template_Attribuuttabel](../../../archive/iso27DIY%20mk%20I/📒%20Templates/ISO_27002_NL_Template_Attribuuttabel.md)
|
Zie ook: [ISO_27002_NL_Template_Attribuuttabel](../../../legacy/iso27DIY%20mk%20I/📒%20Templates/ISO_27002_NL_Template_Attribuuttabel.md)
|
||||||
|
|
@ -3,7 +3,7 @@
|
||||||
[Clause 6.2](../../../MoCs/ISO_27001_2022_6.2_MoC%20Information%20security%20objectives%20and%20planning%20to%20achieve%20them.md) demands that organizations should have information security objectives. These may be derived from the risk assessment from 6.1, from commercial objectives, from legal and regulatory compliance, or based on some other ambition or necessity.
|
[Clause 6.2](../../../MoCs/ISO_27001_2022_6.2_MoC%20Information%20security%20objectives%20and%20planning%20to%20achieve%20them.md) demands that organizations should have information security objectives. These may be derived from the risk assessment from 6.1, from commercial objectives, from legal and regulatory compliance, or based on some other ambition or necessity.
|
||||||
|
|
||||||
The information security objectives the organization identifies shall:
|
The information security objectives the organization identifies shall:
|
||||||
- be consistent with information security policy ([C5.1](../../../MoCs/ISO_27001_2022_5.1_MoC%20Leadership%20and%20commitment.md), [A5.1](../archive/iso27DIY%20mk%20I/ISO_27002_2022_5.1_MoC%20Policies%20for%20information%20security.md))
|
- be consistent with information security policy ([C5.1](../../../MoCs/ISO_27001_2022_5.1_MoC%20Leadership%20and%20commitment.md), [A5.1](../legacy/iso27DIY%20mk%20I/ISO_27002_2022_5.1_MoC%20Policies%20for%20information%20security.md))
|
||||||
- results from the risk assessment ([6.1.2](../../../MoCs/ISO_27001_2022_6.1.2_MoC%20Information%20security%20risk%20assessment.md)) and risk treatment ([6.1.3e](../../../MoCs/ISO_27001_2022_6.1.3_MoC%20Information%20security%20risk%20treatment.md))
|
- results from the risk assessment ([6.1.2](../../../MoCs/ISO_27001_2022_6.1.2_MoC%20Information%20security%20risk%20assessment.md)) and risk treatment ([6.1.3e](../../../MoCs/ISO_27001_2022_6.1.3_MoC%20Information%20security%20risk%20treatment.md))
|
||||||
- take into account applicable information security requirements ([4.2](../../../MoCs/ISO_27001_2022_4.2_MoC%20Understanding%20the%20needs%20and%20expectations%20of%20interested%20parties.md), needs and expectations of interested parties),
|
- take into account applicable information security requirements ([4.2](../../../MoCs/ISO_27001_2022_4.2_MoC%20Understanding%20the%20needs%20and%20expectations%20of%20interested%20parties.md), needs and expectations of interested parties),
|
||||||
- be measurable (if practicable, see below)
|
- be measurable (if practicable, see below)
|
||||||
|
|
|
||||||
Some files were not shown because too many files have changed in this diff Show more
Loading…
Add table
Add a link
Reference in a new issue