Took copyrighted material out of the GIS repo

Corpus/Standards/ISO 27002 Themes and Attributes.md

@@ -0,0 +1,56 @@
+# ISO 27002 Themes and Attributes
+
+## Themes
+In ISO 27002, controls are categorized into four main themes:
+*   **Organizational** (Clause 5)
+*   **People** (Clause 6)
+*   **Physical** (Clause 7)
+*   **Technological** (Clause 8)
+
+## Attributes
+Every control is associated with five attributes, which allow organizations to view and categorize the controls from different perspectives. The attributes and their possible values are:
+
+**1. Control Type**
+Views controls from the perspective of when and how the control modifies risk regarding the occurrence of an information security incident.
+*   Preventive
+*   Detective
+*   Corrective
+
+**2. Information Security Properties**
+Views controls from the perspective of which characteristic of information the control contributes to preserving.
+*   Confidentiality
+*   Integrity
+*   Availability
+
+**3. Cybersecurity Concepts**
+Views controls based on their association with the cybersecurity framework concepts defined in ISO/IEC TS 27110.
+*   Identify
+*   Protect
+*   Detect
+*   Respond
+*   Recover
+
+**4. Operational Capabilities**
+Views controls from the practitioner’s perspective of information security capabilities.
+*   Governance
+*   Asset_management
+*   Information_protection
+*   Human_resource_security
+*   Physical_security
+*   System_and_network_security
+*   Application_security
+*   Secure_configuration
+*   Identity_and_access_management
+*   Threat_and_vulnerability_management
+*   Continuity
+*   Supplier_relationships_security
+*   Legal_and_compliance
+*   Information_security_event_management
+*   Information_security_assurance
+
+**5. Security Domains**
+Views controls from the perspective of four high-level information security domains.
+*   Governance_and_Ecosystem
+*   Protection
+*   Defence
+*   Resilience