richardk/iso27diy-corp
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Took copyrighted material out of the GIS repo

Browse source
This commit is contained in:
Richard Kranendonk 2026-04-19 19:05:10 +02:00
parent f53af4b9e0
commit 3ea4d4fbb0
345 changed files with 12578 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

113
Corpus/Standards/MoCs/ISO_27001_2022_00_MoC Index EXT.md Normal file
View file

@ -0,0 +1,113 @@
#iso27002/2022/EN
# ISO 27002:2022 EN Index
| 2022 ID | Control title | 2013 |
| ------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------ |
| **F** | **[[ISO_27002_OT_F Foreword \|Foreword]]** | |
| **0** | **[[ISO_27002_OT_0 Introduction \|Introduction]]** | |
| **1** | **[[ISO_27002_OT_1 Scope \|Scope]]** | |
| **2** | **[[ISO_27002_OT_2 Normative references\|Normative references]]** | |
| **3** | **Terms, definitions and abbreviated terms** | |
| 3.1 | **[[ISO_27002_OT_3.1 Terms and definitions\|Terms and definitions]]** | |
| 3.2 | **[[ISO_27002_OT_3.2 Abbreviated terms\|Abbreviated terms]]** | |
| **4** | **Structure of this document** | |
| 4.1 | [[ISO_27002_OT_4.1 Clauses \| Clauses ]] | |
| 4.2 | [[ISO_27002_OT_4.2 Themes and attributes \| Themes and attributes ]] | |
| 4.3 | [[ISO_27002_OT_4.3 Control layout \| Control layout ]] | |
| **5** | **Organizational controls** | |
| 5.1 | [[ISO_27002_2022_5.1_MoC Policies for information security \|Policies for information security ]] | 05.1.1, 05.1.2 |
| 5.2 | [[ISO_27002_2022_5.2_MoC Information security roles and responsibilities \|Information security roles and responsibilities ]] | 06.1.1 |
| 5.3 | [[ISO_27002_2022_5.3_MoC Segregation of duties \|Segregation of duties ]] | 06.1.2 |
| 5.4 | [[ISO_27002_2022_5.4_MoC Management responsibilities \|Management responsibilities ]] | 07.2.1 |
| 5.5 | [[ISO_27002_2022_5.5_MoC Contact with authorities \|Contact with authorities ]] | 06.1.3 |
| 5.6 | [[ISO_27002_2022_5.6_MoC Contact with special interest groups \|Contact with special interest groups ]] | 06.1.4 |
| 5.7 | [[ISO_27002_2022_5.7_MoC Threat intelligence \|Threat intelligence ]] | New |
| 5.8 | [[ISO_27002_2022_5.8_MoC Information security in project management \|Information security in project management ]] | 06.1.5, 14.1.1 |
| 5.9 | [[ISO_27002_2022_5.9_MoC Inventory of information and other associated assets \|Inventory of information and other associated assets ]] | 08.1.1, 08.1.2 |
| 5.10 | [[ISO_27002_2022_5.10_MoC Acceptable use of information and other associated assets \|Acceptable use of information and other associated assets ]] | 08.1.3, 08.2.3 |
| 5.11 | [[ISO_27002_2022_5.11_MoC Return of assets \|Return of assets ]] | 08.1.4 |
| 5.12 | [[ISO_27002_2022_5.12_MoC Classification of information \|Classification of information ]] | 08.2.1 |
| 5.13 | [[ISO_27002_2022_5.13_MoC Labelling of information \|Labelling of information ]] | 08.2.2 |
| 5.14 | [[ISO_27002_2022_5.14_MoC Information transfer \|Information transfer ]] | 13.2.1, 13.2.2, 13.2.3 |
| 5.15 | [[ISO_27002_2022_5.15_MoC Access control \|Access control ]] | 09.1.1, 09.1.2 |
| 5.16 | [[ISO_27002_2022_5.16_MoC Identity management \|Identity management ]] | 09.2.1 |
| 5.17 | [[ISO_27002_2022_5.17_MoC Authentication information \|Authentication information ]] | 09.2.4, 09.3.1, 09.4.3 |
| 5.18 | [[ISO_27002_2022_5.18_MoC Access rights \|Access rights ]] | 09.2.2, 09.2.5, 09.2.6 |
| 5.19 | [[ISO_27002_2022_5.19_MoC Information security in supplier relationships \|Information security in supplier relationships ]] | 15.1.1 |
| 5.20 | [[ISO_27002_2022_5.20_MoC Addressing information security within supplier agreements \|Addressing information security within supplier agreements ]] | 15.1.2 |
| 5.21 | [[ISO_27002_2022_5.21_MoC Managing information security in the ICT supply chain \|Managing information security in the ICT supply chain ]] | 15.1.3 |
| 5.22 | [[ISO_27002_2022_5.22_MoC Monitoring, review and change management of supplier services \|Monitoring, review and change management of supplier services ]] | 15.2.1, 15.2.2 |
| 5.23 | [[ISO_27002_2022_5.23_MoC Information security for use of cloud services \|Information security for use of cloud services ]] | New |
| 5.24 | [[ISO_27002_2022_5.24_MoC Information security incident management planning and preparation \|Information security incident management planning and preparation ]] | 16.1.1 |
| 5.25 | [[ISO_27002_2022_5.25_MoC Assessment and decision on information security events \|Assessment and decision on information security events ]] | 16.1.4 |
| 5.26 | [[ISO_27002_2022_5.26_MoC Response to information security incidents \|Response to information security incidents ]] | 16.1.5 |
| 5.27 | [[ISO_27002_2022_5.27_MoC Learning from information security incidents \|Learning from information security incidents ]] | 16.1.6 |
| 5.28 | [[ISO_27002_2022_5.28_MoC Collection of evidence \|Collection of evidence ]] | 16.1.7 |
| 5.29 | [[ISO_27002_2022_5.29_MoC Information security during disruption \|Information security during disruption ]] | 17.1.1, 17.1.2, 17.1.3 |
| 5.30 | [[ISO_27002_2022_5.30_MoC ICT readiness for business continuity \|ICT readiness for business continuity ]] | New |
| 5.31 | [[ISO_27002_2022_5.31_MoC Legal, statutory, regulatory and contractual requirements \|Legal, statutory, regulatory and contractual requirements ]] | 18.1.1, 18.1.5 |
| 5.32 | [[ISO_27002_2022_5.32_MoC Intellectual property rights \|Intellectual property rights ]] | 18.1.2 |
| 5.33 | [[ISO_27002_2022_5.33_MoC Protection of records \|Protection of records ]] | 18.1.3 |
| 5.34 | [[ISO_27002_2022_5.34_MoC Privacy and protection of PII \|Privacy and protection of PII ]] | 18.1.4 |
| 5.35 | [[ISO_27002_2022_5.35_MoC Independent review of information security \|Independent review of information security ]] | 18.2.1 |
| 5.36 | [[ISO_27002_2022_5.36_MoC Compliance with policies, rules and standards for information security \|Compliance with policies, rules and standards for information security]] | 18.2.2, 18.2.3 |
| 5.37 | [[ISO_27002_2022_5.37_MoC Documented operating procedures \|Documented operating procedures ]] | 12.1.1 |
| **6** | **People controls** | |
| 6.1 | [[ISO_27002_2022_6.1_MoC Screening \|Screening ]] | 07.1.1 |
| 6.2 | [[ISO_27002_2022_6.2_MoC Terms and conditions of employment \|Terms and conditions of employment ]] | 07.1.2 |
| 6.3 | [[ISO_27002_2022_6.3_MoC Information security awareness, education and training \|Information security awareness, education and training ]] | 07.2.2 |
| 6.4 | [[ISO_27002_2022_6.4_MoC Disciplinary process \|Disciplinary process ]] | 07.2.3 |
| 6.5 | [[ISO_27002_2022_6.5_MoC Responsibilities after termination or change of employment \|Responsibilities after termination or change of employment ]] | 07.3.1 |
| 6.6 | [[ISO_27002_2022_6.6_MoC Confidentiality or non-disclosure agreements \|Confidentiality or non-disclosure agreements ]] | 13.2.4 |
| 6.7 | [[ISO_27002_2022_6.7_MoC Remote working \|Remote working ]] | 06.2.2 |
| 6.8 | [[ISO_27002_2022_6.8_MoC Information security event reporting \|Information security event reporting ]] | 16.1.2, 16.1.3 |
| **7** | **Physical controls** | |
| 7.1 | [[ISO_27002_2022_7.1_MoC Physical security perimeters \|Physical security perimeters ]] | 11.1.1 |
| 7.2 | [[ISO_27002_2022_7.2_MoC Physical entry \|Physical entry ]] | 11.1.2, 11.1.6 |
| 7.3 | [[ISO_27002_2022_7.3_MoC Securing offices, rooms and facilities \|Securing offices, rooms and facilities ]] | 11.1.3 |
| 7.4 | [[ISO_27002_2022_7.4_MoC Physical security monitoring \|Physical security monitoring ]] | New |
| 7.5 | [[ISO_27002_2022_7.5_MoC Protecting against physical and environmental threats \|Protecting against physical and environmental threats ]] | 11.1.4 |
| 7.6 | [[ISO_27002_2022_7.6_MoC Working in secure areas \|Working in secure areas ]] | 11.1.5 |
| 7.7 | [[ISO_27002_2022_7.7_MoC Clear desk and clear screen \|Clear desk and clear screen ]] | 11.2.9 |
| 7.8 | [[ISO_27002_2022_7.8_MoC Equipment siting and protection \|Equipment siting and protection ]] | 11.2.1 |
| 7.9 | [[ISO_27002_2022_7.9_MoC Security of assets off-premises \|Security of assets off-premises ]] | 11.2.6 |
| 7.10 | [[ISO_27002_2022_7.10_MoC Storage media \|Storage media ]] | 08.3.1, 08.3.2, 08.3.3, 11.2.5 |
| 7.11 | [[ISO_27002_2022_7.11_MoC Supporting utilities \|Supporting utilities ]] | 11.2.2 |
| 7.12 | [[ISO_27002_2022_7.12_MoC Cabling security \|Cabling security ]] | 11.2.3 |
| 7.13 | [[ISO_27002_2022_7.13_MoC Equipment maintenance \|Equipment maintenance ]] | 11.2.4 |
| 7.14 | [[ISO_27002_2022_7.14_MoC Secure disposal or re-use of equipment \|Secure disposal or re-use of equipment ]] | 11.2.7 |
| **8** | **Technological controls** | |
| 8.1 | [[ISO_27002_2022_8.1_MoC User endpoint devices \|User endpoint devices ]] | 06.2.1, 11.2.8 |
| 8.2 | [[ISO_27002_2022_8.2_MoC Privileged access rights \|Privileged access rights ]] | 09.2.3 |
| 8.3 | [[ISO_27002_2022_8.3_MoC Information access restriction \|Information access restriction ]] | 09.4.1 |
| 8.4 | [[ISO_27002_2022_8.4_MoC Access to source code \|Access to source code ]] | 09.4.5 |
| 8.5 | [[ISO_27002_2022_8.5_MoC Secure authentication \|Secure authentication ]] | 09.4.2 |
| 8.6 | [[ISO_27002_2022_8.6_MoC Capacity management \|Capacity management ]] | 12.1.3 |
| 8.7 | [[ISO_27002_2022_8.7_MoC Protection against malware \|Protection against malware ]] | 12.2.1 |
| 8.8 | [[ISO_27002_2022_8.8_MoC Management of technical vulnerabilities \|Management of technical vulnerabilities ]] | 12.6.1, 18.2.3 |
| 8.9 | [[ISO_27002_2022_8.9_MoC Configuration management \|Configuration management ]] | New |
| 8.10 | [[ISO_27002_2022_8.10_MoC Information deletion \|Information deletion ]] | New |
| 8.11 | [[ISO_27002_2022_8.11_MoC Data masking \|Data masking ]] | New |
| 8.12 | [[ISO_27002_2022_8.12_MoC Data leakage prevention \|Data leakage prevention ]] | New |
| 8.13 | [[ISO_27002_2022_8.13_MoC Information backup \|Information backup ]] | 12.3.1 |
| 8.14 | [[ISO_27002_2022_8.14_MoC Redundancy of information processing facilities \|Redundancy of information processing facilities ]] | 17.2.1 |
| 8.15 | [[ISO_27002_2022_8.15_MoC Logging \|Logging ]] | 12.4.1, 12.4.2, 12.4.3 |
| 8.16 | [[ISO_27002_2022_8.16_MoC Monitoring activities \|Monitoring activities ]] | New |
| 8.17 | [[ISO_27002_2022_8.17_MoC Clock synchronization \|Clock synchronization ]] | 12.4.4 |
| 8.18 | [[ISO_27002_2022_8.18_MoC Use of privileged utility programs \|Use of privileged utility programs ]] | 09.4.4 |
| 8.19 | [[ISO_27002_2022_8.19_MoC Installation of software on operational systems \|Installation of software on operational systems ]] | 12.5.1, 12.6.2 |
| 8.20 | [[ISO_27002_2022_8.20_MoC Networks security \|Networks security ]] | 13.1.1 |
| 8.21 | [[ISO_27002_2022_8.21_MoC Security of network services \|Security of network services ]] | 13.1.2 |
| 8.22 | [[ISO_27002_2022_8.22_MoC Segregation of networks \|Segregation of networks ]] | 13.1.3 |
| 8.23 | [[ISO_27002_2022_8.23_MoC Web filtering \|Web filtering ]] | New |
| 8.24 | [[ISO_27002_2022_8.24_MoC Use of cryptography \|Use of cryptography ]] | 10.1.1, 10.1.2 |
| 8.25 | [[ISO_27002_2022_8.25_MoC Secure development life cycle \|Secure development life cycle ]] | 14.2.1 |
| 8.26 | [[ISO_27002_2022_8.26_MoC Application security requirements \|Application security requirements ]] | 14.1.2, 14.1.3 |
| 8.27 | [[ISO_27002_2022_8.27_MoC Secure system architecture and engineering principles \|Secure system architecture and engineering principles ]] | 14.2.5 |
| 8.28 | [[ISO_27002_2022_8.28_MoC Secure coding \|Secure coding ]] | New |
| 8.29 | [[ISO_27002_2022_8.29_MoC Security testing in development and acceptance \|Security testing in development and acceptance ]] | 14.2.8, 14.2.9 |
| 8.30 | [[ISO_27002_2022_8.30_MoC Outsourced development \|Outsourced development ]] | 14.2.7 |
| 8.31 | [[ISO_27002_2022_8.31_MoC Separation of development, test and production environments \|Separation of development, test and production environments ]] | 12.1.4, 14.2.6 |
| 8.32 | [[ISO_27002_2022_8.32_MoC Change management \|Change management ]] | 12.1.2, 14.2.2, 14.2.3, 14.2.4 |
| 8.33 | [[ISO_27002_2022_8.33_MoC Test information \|Test information ]] | 14.3.1 |
| 8.34 | [[ISO_27002_2022_8.34_MoC Protection of information systems during audit testing \|Protection of information systems during audit testing ]] | 12.7.1 |

52
Corpus/Standards/MoCs/ISO_27001_2022_00_MoC Index.md Normal file
View file

@ -0,0 +1,52 @@
#iso27001/2022/EN
# ISO 27001:2022 EN Index
| Clause | Title |
| ---------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| **F** | **[[ISO_27001_OT F Foreword\|Foreword]]** |
| **0** | **[[ISO_27001_2022_OT 0 Introduction\|Introduction]]** |
| **1** | **[[ISO_27001_2022_OT 1 Scope\|Scope]]** |
| **2** | **[[ISO_27001_2022_OT 2 Normative references\|Normative references]]** |
| **3** | **[[ISO_27001_OT Terms and definitions\|Terms and definitions]]** |
| **4** | **[[ISO_27001_2022_4_MoC Context of the organization\|Context of the organization]]** |
| 4.1 | [[ISO_27001_2022_4.1_MoC Understanding the organization and its context \|Understanding the organization and its context ]] |
| 4.2 | [[ISO_27001_2022_4.2_MoC Understanding the needs and expectations of interested parties \|Understanding the needs and expectations of interested parties ]] |
| 4.3 | [[ISO_27001_2022_4.3_MoC Determining the scope of the information security management system \|Determining the scope of the information security management system ]] |
| 4.4 | [[ISO_27001_2022_4.4_MoC Information security management system \|Information security management system ]] |
| **5** | **[[ISO_27001_2022_5_MoC Leadership\|Leadership]]** |
| 5.1 | [[ISO_27001_2022_5.1_MoC Leadership and commitment \|Leadership and commitment ]] |
| 5.2 | [[ISO_27001_2022_5.2_MoC Policy \|Policy ]] |
| 5.3 | [[ISO_27001_2022_5.3_MoC Organizational roles, responsibilities and authorities \|Organizational roles, responsibilities and authorities ]] |
| **6** | **[[ISO_27001_2022_6_MoC Planning\|Planning]]** |
| 6.1 | [[ISO_27001_2022_6.1_MoC Actions to address risks and opportunities \|Actions to address risks and opportunities ]] |
| 6.1.1 | [[ISO_27001_2022_6.1.1_MoC General\|General ]] |
| 6.1.2 | [[ISO_27001_2022_6.1.2_MoC Information security risk assessment\|Information security risk assessment ]] |
| 6.1.3 | [[ISO_27001_2022_6.1.3_MoC Information security risk treatment\|Information security risk treatment ]] |
| 6.2 | [[ISO_27001_2022_6.2_MoC Information security objectives and planning to achieve them \|Information security objectives and planning to achieve them ]] |
| 6.3 | [[ISO_27001_2022_6.3_MoC Planning of changes \|Planning of changes ]] |
| **7** | **[[ISO_27001_2022_7_MoC Support\|Support]]** |
| 7.1 | [[ISO_27001_2022_7.1_MoC Resources \| Resources ]] |
| 7.2 | [[ISO_27001_2022_7.2_MoC Competence \| Competence ]] |
| 7.3 | [[ISO_27001_2022_7.3_MoC Awareness \| Awareness ]] |
| 7.4 | [[ISO_27001_2022_7.4_MoC Communication \| Communication ]] |
| 7.5 | [[ISO_27001_2022_7.5_MoC Documented information \| Documented information ]] |
| 7.5.1 | General ↑ |
| 7.5.2 | Creating and updating ↑ |
| 7.5.3 | Control of documented information ↑ |
| **8** | **[[ISO_27001_2022_8_MoC Operation\|Operation]]** |
| 8.1 | [[ISO_27001_2022_8.1_MoC Operational planning and control \|Operational planning and control ]] |
| 8.2 | [[ISO_27001_2022_8.2_MoC Information security risk assessment \|Information security risk assessment ]] |
| 8.3 | [[ISO_27001_2022_8.3_MoC Information security risk treatment \|Information security risk treatment ]] |
| **9** | **[[ISO_27001_2022_9_MoC Performance evaluation\|Performance evaluation]]** |
| 9.1 | [[ISO_27001_2022_9.1_MoC Monitoring, measurement, analysis and evaluation \|Monitoring, measurement, analysis and evaluation ]] |
| 9.2 | [[ISO_27001_2022_9.2_MoC Internal audit \|Internal audit ]] |
| 9.2.1 | General ↑ |
| 9.2.2 | Internal audit programme ↑ |
| 9.3 | [[ISO_27001_2022_9.3_MoC Management review \|Management review ]] |
| 9.3.1 | General ↑ |
| 9.3.2 | Management review inputs ↑ |
| 9.3.3 | Management review results ↑ |
| **10** | **[[ISO_27001_2022_10_MoC Improvement\|Improvement]]** |
| 10.1 | [[ISO_27001_2022_10.1_MoC Continual improvement \|Continual improvement ]] |
| 10.2 | [[ISO_27001_2022_10.2_MoC Nonconformity and corrective action \|Nonconformity and corrective action ]] |
| **[[ISO_27001_2022_00_MoC Index EXT\|Annex A]]** | **Information security controls reference** |

3
Corpus/Standards/MoCs/ISO_27001_2022_10.1_MoC Continual improvement.md Normal file
View file

@ -0,0 +1,3 @@
[[ISO_27001_OT 10.1 Continual improvement\|Original Text]]
[[ISO_27001_PE 10.1 Continual improvement\|Plain English]]

3
Corpus/Standards/MoCs/ISO_27001_2022_10.2_MoC Nonconformity and corrective action.md Normal file
View file

@ -0,0 +1,3 @@
[[ISO_27001_OT 10.2 Nonconformity and corrective action\|Original Text]]
[[ISO_27001_PE 10.2 Nonconformity and corrective action\|Plain English]]

6
Corpus/Standards/MoCs/ISO_27001_2022_10_MoC Improvement.md Normal file
View file

@ -0,0 +1,6 @@
# Chapter 10: Improvement
| **10** | **[[ISO_27001_2022_10_MoC Improvement\|Improvement]]** |
| ----------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| 10.1 | [[ISO_27001_2022_10.1_MoC Continual improvement \|Continual improvement ]] |
| 10.2 | [[ISO_27001_2022_10.2_MoC Nonconformity and corrective action \|Nonconformity and corrective action ]] |

20
Corpus/Standards/MoCs/ISO_27001_2022_4.1_MoC Understanding the organization and its context.md Normal file
View file

@ -0,0 +1,20 @@
# About C4.1: Understanding the organization and its context
From ISO 27001:2022
[[ISO_27001_2022_OT 4.1 Understanding the organization and its context\|Original Text]]
[[ISO_27001_2022_PE 4.1 Understanding the organization and its context\|Plain English]] translation

8
Corpus/Standards/MoCs/ISO_27001_2022_4.2_MoC Understanding the needs and expectations of interested parties.md Normal file
View file

@ -0,0 +1,8 @@
# About C4.2: Understanding the needs and expectations of interested parties
[[ISO_27001_2022_OT 4.2 Understanding the needs and expectations of interested parties\|Original Text]]
[[ISO_27001_PE 4.2 Understanding the needs and expectations of interested parties\|Plain English]]
[[PECB 27001 LA S05 E01a - Context of the organization|PECB Auditor training: Context of the organization]]

9
Corpus/Standards/MoCs/ISO_27001_2022_4.3_MoC Determining the scope of the information security management system.md Normal file
View file

@ -0,0 +1,9 @@
# About C4.3 Determining the scope of the information security management system
[[ISO_27001_2022_OT 4.3 Determining the scope of the information security management system\|Original Text]]
[[ISO_27001_PE 4.3 Determining the scope of the information security management system\|Plain English]]
[[About the Statement of Applicability]]
[[PECB 27001 LA S05 E01a - Context of the organization|PECB Auditor training: Context of the organization]]

7
Corpus/Standards/MoCs/ISO_27001_2022_4.4_MoC Information security management system.md Normal file
View file

@ -0,0 +1,7 @@
# About C4.4: Information security management system
[[ISO_27001_2022_OT 4.4 Information security management system\|Original Text]]
[[ISO_27001_PE 4.4 Information security management system\|Plain English]]
[[PECB 27001 LA S05 E01a - Context of the organization|PECB Auditor training: Context of the organization]]

8
Corpus/Standards/MoCs/ISO_27001_2022_4_MoC Context of the organization.md Normal file
View file

@ -0,0 +1,8 @@
# Chapter 4: Context of the organization
| **4** | **Context of the organization** |
| ----- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| 4.1 | [[ISO_27001_2022_4.1_MoC Understanding the organization and its context \|Understanding the organization and its context ]] |
| 4.2 | [[ISO_27001_2022_4.2_MoC Understanding the needs and expectations of interested parties \|Understanding the needs and expectations of interested parties ]] |
| 4.3 | [[ISO_27001_2022_4.3_MoC Determining the scope of the information security management system \|Determining the scope of the information security management system ]] |
| 4.4 | [[ISO_27001_2022_4.4_MoC Information security management system \|Information security management system ]] |

10
Corpus/Standards/MoCs/ISO_27001_2022_5.1_MoC Leadership and commitment.md Normal file
View file

@ -0,0 +1,10 @@
# About Clause 5.1: Leadership and commitment
Describes the responsibilities of 'Top management' with regards to the ISMS.
[[ISO_27001_2022_OT 5.1 Leadership and commitment\|Original Text]]
[[ISO_27001_PE 5.1 Leadership and commitment\|Plain English]]
Related:
- [[ISO_27001_2022_9.3_MoC Management review|Clause 9.3]], Management review

10
Corpus/Standards/MoCs/ISO_27001_2022_5.2_MoC Policy.md Normal file
View file

@ -0,0 +1,10 @@
# About Clause 5.2: Policy
The information security policy as established by top management
[[ISO_27001_2022_OT 5.2 Policy\|Original Text]]
[[ISO_27001_PE 5.2 Policy\|Plain English]]
[[PECB 27001 LA S05 E01b - Leadership|PECB Auditor training: Leadership]]

15
Corpus/Standards/MoCs/ISO_27001_2022_5.3_MoC Organizational roles, responsibilities and authorities.md Normal file
View file

@ -0,0 +1,15 @@
# About Clause 5.3: Organizational roles, responsibilities and authorities
Top management must make sure that responsibilities and authorities for information security roles are assigned and communicated within the organization.
Top management specifically needs to assign responsibility and authority for ensuring the ISMS's compliance with the standard, and for reporting[^1] on it's performance (apparently, assigning *other* responsibilities and authorities need *not* be a top management concern).
[[ISO_27001_2022_OT 5.3 Organizational roles, responsibilities and authorities\|Original Text]]
[[ISO_27001_PE 5.3 Organizational roles, responsibilities and authorities\|Plain English]]
[[PECB 27001 LA S05 E01b - Leadership|PECB Auditor training: Leadership]]
[^1]: Note that 'reporting' (5.3b) means carrying responsibility and being accountable (for the performance of the ISMS), not just giving information.

11
Corpus/Standards/MoCs/ISO_27001_2022_5_MoC Leadership.md Normal file
View file

@ -0,0 +1,11 @@
# Chapter 5: Leadership
| **5** | **[[ISO_27001_2022_5_MoC Leadership\|Leadership]]** |
| ----------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| 5.1 | [[ISO_27001_2022_5.1_MoC Leadership and commitment \|Leadership and commitment ]] |
| 5.2 | [[ISO_27001_2022_5.2_MoC Policy \|Policy ]] |
| 5.3 | [[ISO_27001_2022_5.3_MoC Organizational roles, responsibilities and authorities \|Organizational roles, responsibilities and authorities ]] |
[[PECB 27001 LA S05 E01a - Context of the organization|Context of the organization]] from the PECB Auditor training
[[PECB 27001 LA S05 E01b - Leadership|Leadership]] from the PECB Auditor training

4
Corpus/Standards/MoCs/ISO_27001_2022_6.1.1_MoC General.md Normal file
View file

@ -0,0 +1,4 @@
### 6.1.1 General
- [[ISO_27001_OT 6.1.1 General\|Original Text]]
- [[ISO_27001_PE 6.1.1 General\|Plain English]]

42
Corpus/Standards/MoCs/ISO_27001_2022_6.1.2_MoC Information security risk assessment.md Normal file
View file

@ -0,0 +1,42 @@
# About Clause 6.1.2: I| **6** | **[[ISO_27001_2022_6_MoC Planning\|Planning]]** |
| ----- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| 6.1 | [[ISO_27001_2022_6.1_MoC Actions to address risks and opportunities \|Actions to address risks and opportunities ]] |
| 6.1.1 | [[ISO_27001_2022_6.1.1_MoC General\|General ]] |
| 6.1.2 | [[ISO_27001_2022_6.1.2_MoC Information security risk assessment\|Information security risk assessment ]] |
| 6.1.3 | [[ISO_27001_2022_6.1.3_MoC Information security risk treatment\|Information security risk treatment ]] |
| 6.2 | [[ISO_27001_2022_6.2_MoC Information security objectives and planning to achieve them \|Information security objectives and planning to achieve them ]] |
| 6.3 | [[ISO_27001_2022_6.3_MoC Planning of changes \|Planning of changes ]] |rity investments will deliver the most value. This is in line with the ISO 31000 standard for Risk Management #research title? , which recommends categorizing risks based on your organizations context and objectives.
Different organizations worry about different kinds of risks, based on their mission, industry, and stakeholder expectations. An engineering firm may worry about their designs being stolen (protection of intellectual property) and construction errors due to incorrect data or calculations (integrity of information). A hospital will worry about continuity (availability of information) and patient confidentiality. A social media advertising platform, may care less about compliance with privacy regulations, but place great emphasis on uptime of systems.
To help in this dialogue about risks and risk tolerance, we can use the concept of 'Impact Categories'.
## Impact Categories
Impact Categories are the types of business consequences that matter most to an organization's leadership, because they affect the organization's ability to achieve its objectives.
Below is a list of examples of Impact Categories:
- **Operational**: Disruption of day-to-day processes, workforce capability, system functionality, and the organization's ability to deliver products or services
- **Financial**: Direct financial losses, increased costs, reduced revenue, market value decline, or threats to financial stability
- **Strategic**: Inability to achieve long-level organizational goals, loss of competitive position, or forced changes to business direction
- **Compliance**: Legal penalties, regulatory sanctions, loss of licenses or certifications, or mandatory remediation costs
- **Reputational**: Loss of customer trust, damage to brand value, negative media attention, or erosion of stakeholder confidence
- **Health and Safety**: Physical harm to employees, customers, or the public, or creation of unsafe conditions
- **Environmental**: Environmental damage, pollution incidents, or failure to meet sustainability commitments
- **Competitive Advantage**: Loss of proprietary knowledge, patents, trade secrets, or strategic business intelligence
- **National Security**: Consequences for critical infrastructure, public safety, or national interests
You can expand and adapt this list as you see fit. Engage your management in a dialogue about areas of impact, and aim to establish the categories that are most important to them. This will help in weighing priorities later on.
## qualifying or quantifying risks?
**Qualifying risks** (qualitative risk assessment) involves describing and categorizing risks using descriptive scales or labels—such as rating likelihood as "low, medium, high" and impact as "minor, moderate, severe"—focusing on understanding the nature and relative severity of risks without precise numerical values.
**Quantifying risks** (quantitative risk assessment) involves measuring risks using specific numerical values—such as calculating the probability as a percentage (e.g., 15% chance per year) and impact in monetary terms (e.g., €50,000 loss)—providing precise, measurable data that can be used for detailed cost-benefit analysis and statistical modeling.
Clause 6.1.2 writes we should "assess the potential consequences" and "realistic likelihood" of risks occurring, but the standard doesn't say anything about *how* these should be established (just that that the chosen method must produce "consistent, valid and comparable results").
The core _requirements_ in ISO/IEC 27001 remain method-agnostic as long as the steps above are met and results are consistent and comparable.
The organization must set its own criteria for determining risk levels and risk acceptance criteria. The organization defines these elements based on its specific needs, size, structure, objectives, and risks.
The standard does not say anything about if qualitative or quantitative risk assessment should be applied.

6
Corpus/Standards/MoCs/ISO_27001_2022_6.1.3_MoC Information security risk treatment.md Normal file
View file

@ -0,0 +1,6 @@
# 6.1.3 Information security risk treatment
- [[ISO_27001_OT 6.1.3 Information security risk treatment\|Original Text]]
- [[ISO_27001_PE 6.1.3 Information security risk treatment\|Plain English]]
[[About the Statement of Applicability]]

7
Corpus/Standards/MoCs/ISO_27001_2022_6.1_MoC Actions to address risks and opportunities.md Normal file
View file

@ -0,0 +1,7 @@
## 6.1 Actions to address risks and opportunities
- [[ISO_27001_2022_6.1.1_MoC General|6.1.1 General]]
- [[ISO_27001_2022_6.1.2_MoC Information security risk assessment|6.1.2 Information security risk assessment]]
- [[ISO_27001_2022_6.1.3_MoC Information security risk treatment|6.1.3 Information security risk treatment]]

4
Corpus/Standards/MoCs/ISO_27001_2022_6.2_MoC Information security objectives and planning to achieve them.md Normal file
View file

@ -0,0 +1,4 @@
# About Chapter 6.2: Information security objectives and planning to achieve them
[[ISO_27001_OT 6.2 Information security objectives and planning to achieve them\|Original Text]]
[[ISO_27001_PE 6.2 Information security objectives and planning to achieve them\|Plain English]]

3
Corpus/Standards/MoCs/ISO_27001_2022_6.3_MoC Planning of changes.md Normal file
View file

@ -0,0 +1,3 @@
[[ISO_27001_OT 6.3 Planning of changes\|Original Text]]
[[ISO_27001_PE 6.3 Planning of changes\|Plain English]]

10
Corpus/Standards/MoCs/ISO_27001_2022_6_MoC Planning.md Normal file
View file

@ -0,0 +1,10 @@
# Chapter 6: Planning
| **6** | **[[ISO_27001_2022_6_MoC Planning\|Planning]]** |
| ----- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| 6.1 | [[ISO_27001_2022_6.1_MoC Actions to address risks and opportunities \|Actions to address risks and opportunities ]] |
| 6.1.1 | [[ISO_27001_2022_6.1.1_MoC General\|General ]] |
| 6.1.2 | [[ISO_27001_2022_6.1.2_MoC Information security risk assessment\|Information security risk assessment ]] |
| 6.1.3 | [[ISO_27001_2022_6.1.3_MoC Information security risk treatment\|Information security risk treatment ]] |
| 6.2 | [[ISO_27001_2022_6.2_MoC Information security objectives and planning to achieve them \|Information security objectives and planning to achieve them ]] |
| 6.3 | [[ISO_27001_2022_6.3_MoC Planning of changes \|Planning of changes ]] |

3
Corpus/Standards/MoCs/ISO_27001_2022_7.1_MoC Resources.md Normal file
View file

@ -0,0 +1,3 @@
[[ISO_27001_OT 7.1 Resources\|Original Text]]
[[ISO_27001_PE 7.1 Resources\|Plain English]]

3
Corpus/Standards/MoCs/ISO_27001_2022_7.2_MoC Competence.md Normal file
View file

@ -0,0 +1,3 @@
[[ISO_27001_OT 7.2 Competence\|Original Text]]
[[ISO_27001_PE 7.2 Competence\|Plain English]]

3
Corpus/Standards/MoCs/ISO_27001_2022_7.3_MoC Awareness.md Normal file
View file

@ -0,0 +1,3 @@
[[ISO_27001_OT 7.3 Awareness\|Original Text]]
[[ISO_27001_PE 7.3 Awareness\|Plain English]]

3
Corpus/Standards/MoCs/ISO_27001_2022_7.4_MoC Communication.md Normal file
View file

@ -0,0 +1,3 @@
[[ISO_27001_OT 7.4 Communication\|Original Text]]
[[ISO_27001_PE 7.4 Communication\|Plain English]]

13
Corpus/Standards/MoCs/ISO_27001_2022_7.5.1_MoC General.md Normal file
View file

@ -0,0 +1,13 @@
### 7.5.1 General
The organization's information security management system shall include:
a\) documented information required by this document; and
b\) documented information determined by the organization as being necessary for the effectiveness of the information security management system.
NOTE The extent of documented information for an information security management system can differ from one organization to another due to:
1\) the size of organization and its type of activities, processes, products and services;
2\) the complexity of processes and their interactions; and
3\) the competence of persons.

10
Corpus/Standards/MoCs/ISO_27001_2022_7.5.2_MoC Creating and updating.md Normal file
View file

@ -0,0 +1,10 @@
### 7.5.2 Creating and updating
When creating and updating documented information the organization shall ensure appropriate:
a\) identification and description (e.g. a title, date, author, or reference number);
b\) format (e.g. language, software version, graphics) and media (e.g. paper, electronic); and
c\) review and approval for suitability and adequacy.

21
Corpus/Standards/MoCs/ISO_27001_2022_7.5.3_MoC Control of documented information.md Normal file
View file

@ -0,0 +1,21 @@
### 7.5.3 Control of documented information
Documented information required by the information security management system and by this document shall be controlled to ensure:
a\) it is available and suitable for use, where and when it is needed; and
b\) it is adequately protected (e.g. from loss of confidentiality, improper use, or loss of integrity).
For the control of documented information, the organization shall address the following activities, as applicable:
c\) distribution, access, retrieval and use;
d\) storage and preservation, including the preservation of legibility;
e\) control of changes (e.g. version control); and
f\) retention and disposition.
Documented information of external origin, determined by the organization to be necessary for the planning and operation of the information security management system, shall be identified as appropriate, and controlled.
NOTE Access can imply a decision regarding the permission to view the documented information only, or the permission and authority to view and change the documented information, etc.

7
Corpus/Standards/MoCs/ISO_27001_2022_7.5_MoC Documented information.md Normal file
View file

@ -0,0 +1,7 @@
[[ISO_27001_OT 7.5 Documented information\|Original Text]]
[[ISO_27001_PE 7.5 Documented information\|Plain English]]
- [[ISO_27001_2022_7.5.1_MoC General|7.5.1 General]]
- [[ISO_27001_2022_7.5.2_MoC Creating and updating|7.5.2 Creating and updating]]
- [[ISO_27001_2022_7.5.3_MoC Control of documented information|7.5.3 Control of documented information]]

12
Corpus/Standards/MoCs/ISO_27001_2022_7_MoC Support.md Normal file
View file

@ -0,0 +1,12 @@
# Chapter 7: Support
| **7** | **[[ISO_27001_2022_7_MoC Support\|Support]]** |
| ----- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| 7.1 | [[ISO_27001_2022_7.1_MoC Resources \| Resources ]] |
| 7.2 | [[ISO_27001_2022_7.2_MoC Competence \| Competence ]] |
| 7.3 | [[ISO_27001_2022_7.3_MoC Awareness \| Awareness ]] |
| 7.4 | [[ISO_27001_2022_7.4_MoC Communication \| Communication ]] |
| 7.5 | [[ISO_27001_2022_7.5_MoC Documented information \| Documented information ]] |
| 7.5.1 | General ↑ |
| 7.5.2 | Creating and updating ↑ |
| 7.5.3 | Control of documented information ↑ |

3
Corpus/Standards/MoCs/ISO_27001_2022_8.1_MoC Operational planning and control.md Normal file
View file

@ -0,0 +1,3 @@
[[ISO_27001_OT 8.1 Operational planning and control\|Original Text]]
[[ISO_27001_PE 8.1 Operational planning and control\|Plain English]]

6
Corpus/Standards/MoCs/ISO_27001_2022_8.2_MoC Information security risk assessment.md Normal file
View file

@ -0,0 +1,6 @@
# About Clause 8.2: Information security risk assessment
[[ISO_27001_OT 8.2 Information security risk assessment\|Original Text]]
[[ISO_27001_PE 8.2 Information security risk assessment\|Plain English]]

5
Corpus/Standards/MoCs/ISO_27001_2022_8.3_MoC Information security risk treatment.md Normal file
View file

@ -0,0 +1,5 @@
# About Clause 8.3: Information security risk treatment
[[ISO_27001_OT 8.3 Information security risk treatment\|Original Text]]
[[ISO_27001_PE 8.3 Information security risk treatment\|Plain English]]

7
Corpus/Standards/MoCs/ISO_27001_2022_8_MoC Operation.md Normal file
View file

@ -0,0 +1,7 @@
# Chapter 8: Operation
| **8** | **[[ISO_27001_2022_8_MoC Operation\|Operation]]** |
| ----------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| 8.1 | [[ISO_27001_2022_8.1_MoC Operational planning and control \|Operational planning and control ]] |
| 8.2 | [[ISO_27001_2022_8.2_MoC Information security risk assessment \|Information security risk assessment ]] |
| 8.3 | [[ISO_27001_2022_8.3_MoC Information security risk treatment \|Information security risk treatment ]] |

3
Corpus/Standards/MoCs/ISO_27001_2022_9.1_MoC Monitoring, measurement, analysis and evaluation.md Normal file
View file

@ -0,0 +1,3 @@
[[ISO_27001_OT 9.1 Monitoring, measurement, analysis and evaluation\|Original Text]]
[[ISO_27001_PE 9.1 Monitoring, measurement, analysis and evaluation\|Plain English]]

5
Corpus/Standards/MoCs/ISO_27001_2022_9.2_MoC Internal audit.md Normal file
View file

@ -0,0 +1,5 @@
# About Clause 9.2: Internal audit
[[ISO_27001_OT 9.2 Internal audit\|Original Text]]
[[ISO_27001_PE 9.2 Internal audit\|Plain English]]

5
Corpus/Standards/MoCs/ISO_27001_2022_9.3_MoC Management review.md Normal file
View file

@ -0,0 +1,5 @@
# 9.3 Management review
[[ISO_27001_OT 9.3 Management review\|Original Text]]
[[ISO_27001_PE 9.3 Management review\|Plain English]]

12
Corpus/Standards/MoCs/ISO_27001_2022_9_MoC Performance evaluation.md Normal file
View file

@ -0,0 +1,12 @@
# Chapter 9: Performance evaluation
| **9** | **[[ISO_27001_2022_9_MoC Performance evaluation\|Performance evaluation]]** |
| ----- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| 9.1 | [[ISO_27001_2022_9.1_MoC Monitoring, measurement, analysis and evaluation \|Monitoring, measurement, analysis and evaluation ]] |
| 9.2 | [[ISO_27001_2022_9.2_MoC Internal audit \|Internal audit ]] |
| 9.2.1 | General ↑ |
| 9.2.2 | Internal audit programme ↑ |
| 9.3 | [[ISO_27001_2022_9.3_MoC Management review \|Management review ]] |
| 9.3.1 | General ↑ |
| 9.3.2 | Management review inputs ↑ |
| 9.3.3 | Management review results ↑ |

94
Corpus/Standards/MoCs/ISO_27002_2022_00_Controls_enumeration_list.md Normal file
View file

@ -0,0 +1,94 @@
#iso27002/2022/EN
5.1  Policies for information security
5.2  Information security roles and responsibilities
5.3  Segregation of duties
5.4  Management responsibilities
5.5  Contact with authorities
5.6  Contact with special interest groups
5.7  Threat intelligence
5.8  Information security in project management
5.9  Inventory of information and other associated assets
5.10  Acceptable use of information and other associated assets
5.11  Return of assets
5.12  Classification of information
5.13  Labelling of information
5.14  Information transfer
5.15  Access control
5.16  Identity management
5.17  Authentication information
5.18  Access rights
5.19  Information security in supplier relationships
5.20  Addressing information security within supplier agreements
5.21  Managing information security in the ICT supply chain
5.22  Monitoring, review and change management of supplier services
5.23  Information security for use of cloud services
5.24  Information security incident management planning and preparation
5.25  Assessment and decision on information security events
5.26  Response to information security incidents
5.27  Learning from information security incidents
5.28  Collection of evidence
5.29  Information security during disruption
5.30  ICT readiness for business continuity
5.31  Legal, statutory, regulatory and contractual requirements
5.32  Intellectual property rights
5.33  Protection of records
5.34  Privacy and protection of PII
5.35  Independent review of information security
5.36  Compliance with policies, rules and standards for information security
5.37  Documented operating procedures
6.1  Screening
6.2  Terms and conditions of employment
6.3  Information security awareness, education and training
6.4  Disciplinary process
6.5  Responsibilities after termination or change of employment
6.6  Confidentiality or non-disclosure agreements
6.7  Remote working
6.8  Information security event reporting
7.1  Physical security perimeters
7.2  Physical entry
7.3  Securing offices, rooms and facilities
7.4  Physical security monitoring
7.5  Protecting against physical and environmental threats
7.6  Working in secure areas
7.7  Clear desk and clear screen
7.8  Equipment siting and protection
7.9  Security of assets off-premises
7.10  Storage media
7.11  Supporting utilities
7.12  Cabling security
7.13  Equipment maintenance
7.14  Secure disposal or re-use of equipment
8.1  User endpoint devices
8.2  Privileged access rights
8.3  Information access restriction
8.4  Access to source code
8.5  Secure authentication
8.6  Capacity management
8.7  Protection against malware
8.8  Management of technical vulnerabilities
8.9  Configuration management
8.10  Information deletion
8.11  Data masking
8.12  Data leakage prevention
8.13  Information backup
8.14  Redundancy of information processing facilities
8.15  Logging
8.16  Monitoring activities
8.17  Clock synchronization
8.18  Use of privileged utility programs
8.19  Installation of software on operational systems
8.20  Networks security
8.21  Security of network services
8.22  Segregation of networks
8.23  Web filtering
8.24  Use of cryptography
8.25  Secure development life cycle
8.26  Application security requirements
8.27  Secure system architecture and engineering principles
8.28  Secure coding
8.29  Security testing in development and acceptance
8.30  Outsourced development
8.31  Separation of development, test and production environments
8.32  Change management
8.33  Test information
8.34  Protection of information systems during audit testing

5
Corpus/Standards/MoCs/ISO_27002_2022_5.10_MoC Acceptable use of information and other associated assets.md Normal file
View file

@ -0,0 +1,5 @@
[[ISO_27002_2022_5.10_OT Acceptable use of information and other associated assets \|Original Text]]
[[ISO_27002_2022_5.10_PE Acceptable use of information and other associated assets \|Plain English]]
ISO 27002:2013: 08.1.3, 08.2.3
[[ISO_27002_2022_NL_5.10_BT Aanvaardbaar gebruik van informatie en andere gerelateerde bedrijfsmiddelen \|Brontekst]]

5
Corpus/Standards/MoCs/ISO_27002_2022_5.11_MoC Return of assets.md Normal file
View file

@ -0,0 +1,5 @@
[[ISO_27002_2022_5.11_OT Return of assets \|Original Text]]
[[ISO_27002_2022_5.11_PE Return of assets \|Plain English]]
ISO 27002:2013: 08.1.4
[[ISO_27002_2022_NL_5.11_BT Retourneren van bedrijfsmiddelen \|Brontekst]]

5
Corpus/Standards/MoCs/ISO_27002_2022_5.12_MoC Classification of information.md Normal file
View file

@ -0,0 +1,5 @@
[[ISO_27002_2022_5.12_OT Classification of information \|Original Text]]
[[ISO_27002_2022_5.12_PE Classification of information \|Plain English]]
ISO 27002:2013: 08.2.1
[[ISO_27002_2022_NL_5.12_BT Classificeren van informatie \|Brontekst]]

5
Corpus/Standards/MoCs/ISO_27002_2022_5.13_MoC Labelling of information.md Normal file
View file

@ -0,0 +1,5 @@
[[ISO_27002_2022_5.13_OT Labelling of information \|Original Text]]
[[ISO_27002_2022_5.13_PE Labelling of information \|Plain English]]
ISO 27002:2013: 08.2.2
[[ISO_27002_2022_NL_5.13_BT Labelen van informatie \|Brontekst]]

5
Corpus/Standards/MoCs/ISO_27002_2022_5.14_MoC Information transfer.md Normal file
View file

@ -0,0 +1,5 @@
[[ISO_27002_2022_5.14_OT Information transfer \|Original Text]]
[[ISO_27002_2022_5.14_PE Information transfer \|Plain English]]
ISO 27002:2013: 13.2.1, 13.2.2, 13.2.3
[[ISO_27002_2022_NL_5.14_BT Overdragen van informatie \|Brontekst]]

7
Corpus/Standards/MoCs/ISO_27002_2022_5.15_MoC Access control.md Normal file
View file

@ -0,0 +1,7 @@
# About Control 5.15: Access control
Foundational rules and principles to control access to information assets, in line with business and information security requirements.
[[ISO_27002_2022_5.15_OT Access control \|Original Text]]
[[ISO_27002_2022_5.15_PE Access control \|Plain English]]
ISO 27002:2013: 09.1.1, 09.1.2

9
Corpus/Standards/MoCs/ISO_27002_2022_5.16_MoC Identity management.md Normal file
View file

@ -0,0 +1,9 @@
# About Control 5.16: Identity management
Identity life cycle management.
[[ISO_27002_2022_5.16_OT Identity management \|Original Text]]
[[ISO_27002_2022_5.16_PE Identity management \|Plain English]]
ISO 27002:2013: 09.2.1
[[ISO_27002_2022_NL_5.16_BT Identiteitsbeheer \|Brontekst]]

22
Corpus/Standards/MoCs/ISO_27002_2022_5.17_MoC Authentication information.md Normal file
View file

@ -0,0 +1,22 @@
# About Control 5.17: Authentication information
Managing authentication information, including advising personnel on how to handle authentication information.
[[ISO_27002_2022_5.17_OT Authentication information \|Original Text]]
[[ISO_27002_2022_5.17_PE Authentication information \|Plain English]]
ISO 27002:2013: 09.2.4, 09.3.1, 09.4.3
[[ISO_27002_2022_NL_5.17_BT Beheren van authenticatie-informatie \|Brontekst]]
[[ISO_27002_2022_NL_5.17_NN Beheren van authenticatie-informatie \|Normaal Nederlands]]
[[Sterke wachtwoorden in 2024]]
**NCSC over authenticeren**
- [Authenticatie als onderdeel van Digitale Weerbaarheid](https://www.ncsc.nl/wat-kun-je-zelf-doen/weerbaarheid/beschermen/authenticatie)
- [[NCSC Infosheet Volwassen Authenticeren]]
- [[NCSC_Factsheet_Volwassen_Authenticeren]]
- [[NCSC Factsheet Gebruik Tweefactorauthenticatie]]
- [Choosing the right type](https://www.ncsc.gov.uk/guidance/authentication-methods-choosing-the-right-type)

9
Corpus/Standards/MoCs/ISO_27002_2022_5.18_MoC Access rights.md Normal file
View file

@ -0,0 +1,9 @@
# About Control 5.18: Access rights
Access rights management procedures (provisioning, review, modification and removal) in line with business rules for access control (from [[ISO_27002_2022_5.15_MoC Access control|A5.15]]).
[[ISO_27002_2022_5.18_OT Access rights \|Original Text]]
[[ISO_27002_2022_5.18_PE Access rights \|Plain English]]
ISO 27002:2013: 09.2.2, 09.2.5, 09.2.6
[[ISO_27002_2022_NL_5.18_BT Toegangsrechten \|Brontekst]]

5
Corpus/Standards/MoCs/ISO_27002_2022_5.19_MoC Information security in supplier relationships.md Normal file
View file

@ -0,0 +1,5 @@
[[ISO_27002_2022_5.19_OT Information security in supplier relationships \|Original Text]]
[[ISO_27002_2022_5.19_PE Information security in supplier relationships \|Plain English]]
ISO 27002:2013: 15.1.1
[[ISO_27002_2022_NL_5.19_BT Informatiebeveiliging in leveranciersrelaties \|Brontekst]]

5
Corpus/Standards/MoCs/ISO_27002_2022_5.20_MoC Addressing information security within supplier agreements.md Normal file
View file

@ -0,0 +1,5 @@
[[ISO_27002_2022_5.20_OT Addressing information security within supplier agreements \|Original Text]]
[[ISO_27002_2022_5.20_PE Addressing information security within supplier agreements \|Plain English]]
ISO 27002:2013: 15.1.2
[[ISO_27002_2022_NL_5.20_BT Adresseren van informatiebeveiliging in leveranciersovereenkomsten \|Brontekst]]

5
Corpus/Standards/MoCs/ISO_27002_2022_5.21_MoC Managing information security in the ICT supply chain.md Normal file
View file

@ -0,0 +1,5 @@
[[ISO_27002_2022_5.21_OT Managing information security in the ICT supply chain \|Original Text]]
[[ISO_27002_2022_5.21_PE Managing information security in the ICT supply chain \|Plain English]]
ISO 27002:2013: 15.1.3
[[ISO_27002_2022_NL_5.21_BT Beheren van informatiebeveiliging in de ICT-keten \|Brontekst]]

5
Corpus/Standards/MoCs/ISO_27002_2022_5.22_MoC Monitoring, review and change management of supplier services.md Normal file
View file

@ -0,0 +1,5 @@
[[ISO_27002_2022_5.22_OT Monitoring, review and change management of supplier services \|Original Text]]
[[ISO_27002_2022_5.22_PE Monitoring, review and change management of supplier services \|Plain English]]
ISO 27002:2013: 15.2.1, 15.2.2
[[ISO_27002_2022_NL_5.22_BT Monitoren, beoordelen en het beheren van wijzigingen van leveranciersdiensten \|Brontekst]]

5
Corpus/Standards/MoCs/ISO_27002_2022_5.23_MoC Information security for use of cloud services.md Normal file
View file

@ -0,0 +1,5 @@
[[ISO_27002_2022_5.23_OT Information security for use of cloud services \|Original Text]]
[[ISO_27002_2022_5.23_PE Information security for use of cloud services \|Plain English]]
ISO 27002:2013: n/a
[[ISO_27002_2022_NL_5.23_BT Informatiebeveiliging voor het gebruik van clouddiensten \|Brontekst]]

5
Corpus/Standards/MoCs/ISO_27002_2022_5.24_MoC Information security incident management planning and preparation.md Normal file
View file

@ -0,0 +1,5 @@
# About Control 5.24: Information security incident management planning and preparation
[[ISO_27002_2022_5.24_OT Information security incident management planning and preparation \|Original Text]]
[[ISO_27002_2022_5.24_PE Information security incident management planning and preparation \|Plain English]]
ISO 27002:2013: 16.1.1

5
Corpus/Standards/MoCs/ISO_27002_2022_5.25_MoC Assessment and decision on information security events.md Normal file
View file

@ -0,0 +1,5 @@
# About Control 5.25: Assessment and decision on information security events
[[ISO_27002_2022_5.25_OT Assessment and decision on information security events |Original Text]]
[[ISO_27002_2022_5.25_PE Assessment and decision on information security events \|Plain English]]
ISO 27002:2013: 16.1.4

5
Corpus/Standards/MoCs/ISO_27002_2022_5.26_MoC Response to information security incidents.md Normal file
View file

@ -0,0 +1,5 @@
# About Control 5.26: Response to information security incidents
[[ISO_27002_2022_5.26_OT Response to information security incidents \|Original Text]]
[[ISO_27002_2022_5.26_PE Response to information security incidents \|Plain English]]
ISO 27002:2013: 16.1.5

5
Corpus/Standards/MoCs/ISO_27002_2022_5.27_MoC Learning from information security incidents.md Normal file
View file

@ -0,0 +1,5 @@
# About Control 5.27: Learning from information security incidents
[[ISO_27002_2022_5.27_OT Learning from information security incidents \|Original Text]]
[[ISO_27002_2022_5.27_PE Learning from information security incidents \|Plain English]]
ISO 27002:2013: 16.1.6

6
Corpus/Standards/MoCs/ISO_27002_2022_5.28_MoC Collection of evidence.md Normal file
View file

@ -0,0 +1,6 @@
# About Control 5.28: Collection of evidence
[[ISO_27002_2022_5.28_OT Collection of evidence \|Original Text]]
[[ISO_27002_2022_5.28_PE Collection of evidence \|Plain English]]
ISO 27002:2013: 16.1.7

8
Corpus/Standards/MoCs/ISO_27002_2022_5.29_MoC Information security during disruption.md Normal file
View file

@ -0,0 +1,8 @@
# About Control 5.29: Information security during disruption
[[ISO_27002_2022_5.29_OT Information security during disruption \|Original Text]]
[[ISO_27002_2022_5.29_PE Information security during disruption \|Plain English]]
ISO 27002:2013: 17.1.1, 17.1.2, 17.1.3
[[Business Impact Analysis (BIA)]]

5
Corpus/Standards/MoCs/ISO_27002_2022_5.2_MoC Information security roles and responsibilities.md Normal file
View file

@ -0,0 +1,5 @@
[[ISO_27002_2022_5.2_OT Information security roles and responsibilities \|Original Text]]
[[ISO_27002_2022_5.2_PE Information security roles and responsibilities \|Plain English]]
ISO 27002:2013: 06.1.1
[[ISO_27002_2022_NL_5.2_BT Rollen en verantwoordelijkheden bij informatiebeveiliging \|Brontekst]]

12
Corpus/Standards/MoCs/ISO_27002_2022_5.30_MoC ICT readiness for business continuity.md Normal file
View file

@ -0,0 +1,12 @@
[[ISO_27002_2022_5.30_OT ICT readiness for business continuity \|Original Text]]
[[ISO_27002_2022_5.30_PE ICT readiness for business continuity \|Plain English]]
ISO 27002:2013: n/a
[[ISO_27002_2022_NL_5.30_BT ICT-gereedheid voor bedrijfscontinuïteit \|Brontekst]]
See also:
- [[BCP_Bedrijfscontinuïteitsplanning]]
- [[Business Impact Analysis (BIA)]]
- [[Disaster Recovery Planning]]

3
Corpus/Standards/MoCs/ISO_27002_2022_5.31_MoC Legal, statutory, regulatory and contractual requirements.md Normal file
View file

@ -0,0 +1,3 @@
[[ISO_27002_2022_5.31_OT Legal, statutory, regulatory and contractual requirements \|Original Text]]
[[ISO_27002_2022_5.31_PE Legal, statutory, regulatory and contractual requirements \|Plain English]]
ISO 27002:2013: 18.1.1, 18.1.5

3
Corpus/Standards/MoCs/ISO_27002_2022_5.32_MoC Intellectual property rights.md Normal file
View file

@ -0,0 +1,3 @@
[[ISO_27002_2022_5.32_OT Intellectual property rights \|Original Text]]
[[ISO_27002_2022_5.32_PE Intellectual property rights \|Plain English]]
ISO 27002:2013: 18.1.2

9
Corpus/Standards/MoCs/ISO_27002_2022_5.33_MoC Protection of records.md Normal file
View file

@ -0,0 +1,9 @@
# About 5.33: Protection of records
This Control is about the **control, purpose, and guidance for managing and protecting organizational records** to ensure their authenticity, integrity, availability, and compliance with various requirements over time.
I would say: record keeping procedures, in line with legal and other requirements.
[[ISO_27002_2022_5.33_OT Protection of records \|Original Text]]
[[ISO_27002_2022_5.33_PE Protection of records \|Plain English]]
ISO 27002:2013: 18.1.3

4
Corpus/Standards/MoCs/ISO_27002_2022_5.34_MoC Privacy and protection of PII.md Normal file
View file

@ -0,0 +1,4 @@
[[ISO_27002_2022_5.34_OT Privacy and protection of PII \|Original Text]]
[[ISO_27002_2022_5.34_PE Privacy and protection of PII \|Plain English]]
ISO 27002:2013: 18.1.4

6
Corpus/Standards/MoCs/ISO_27002_2022_5.35_MoC Independent review of information security.md Normal file
View file

@ -0,0 +1,6 @@
# About Control 5.35: Independent review of information security
[[ISO_27002_2022_5.35_OT Independent review of information security \|Original Text]]
[[ISO_27002_2022_5.35_PE Independent review of information security \|Plain English]]
ISO 27002:2013: 18.2.1

5
Corpus/Standards/MoCs/ISO_27002_2022_5.36_MoC Compliance with policies, rules and standards for information security.md Normal file
View file

@ -0,0 +1,5 @@
# About Control 5.36: Compliance with policies, rules and standards for information security
[[ISO_27002_2022_5.36_OT Compliance with policies, rules and standards for information security \|Original Text]]
[[ISO_27002_2022_5.36_PE Compliance with policies, rules and standards for information security \|Plain English]]
ISO 27002:2013: 18.2.2, 18.2.3

6
Corpus/Standards/MoCs/ISO_27002_2022_5.37_MoC Documented operating procedures.md Normal file
View file

@ -0,0 +1,6 @@
[[ISO_27002_2022_5.37_OT Documented operating procedures \|Original Text]]
 
[[ISO_27002_2022_5.37_PE Documented operating procedures \|Plain English]]
ISO 27002:2013: 12.1.1

7
Corpus/Standards/MoCs/ISO_27002_2022_5.3_MoC Segregation of duties.md Normal file
View file

@ -0,0 +1,7 @@
# About Control 5.3: Segregation of duties
[[ISO_27002_2022_5.3_OT Segregation of duties \|Original Text]]
[[ISO_27002_2022_5.3_PE Segregation of duties \|Plain English]]
ISO 27002:2013: 06.1.2
[[ISO_27002_2022_NL_5.3_BT Functiescheiding \|Brontekst]]

7
Corpus/Standards/MoCs/ISO_27002_2022_5.4_MoC Management responsibilities.md Normal file
View file

@ -0,0 +1,7 @@
# About Control 5.4: Management responsibilities
[[ISO_27002_2022_5.4_OT Management responsibilities \|Original Text]]
[[ISO_27002_2022_5.4_PE Management responsibilities \|Plain English]]
ISO 27002:2013: 07.2.1
[[ISO_27002_2022_NL_5.4_BT Managementverantwoordelijkheden \|Brontekst]]

7
Corpus/Standards/MoCs/ISO_27002_2022_5.5_MoC Contact with authorities.md Normal file
View file

@ -0,0 +1,7 @@
# About Control 5.5: Contact with authorities
[[ISO_27002_2022_5.5_OT Contact with authorities \|Original Text]]
[[ISO_27002_2022_5.5_PE Contact with authorities \|Plain English]]
ISO 27002:2013: 06.1.3
[[ISO_27002_2022_NL_5.5_BT Contact met overheidsinstanties \|Brontekst]]

7
Corpus/Standards/MoCs/ISO_27002_2022_5.6_MoC Contact with special interest groups.md Normal file
View file

@ -0,0 +1,7 @@
# About Control 5.6: Contact with special interest groups
[[ISO_27002_2022_5.6_OT Contact with special interest groups \|Original Text]]
[[ISO_27002_2022_5.6_PE Contact with special interest groups \|Plain English]]
ISO 27002:2013: 6.1.4
[[ISO_27002_2022_NL_5.6_BT Contact met speciale belangengroepen \|Brontekst]]

8
Corpus/Standards/MoCs/ISO_27002_2022_5.7_MoC Threat intelligence.md Normal file
View file

@ -0,0 +1,8 @@
# About control 5.7: Threat intelligence
[[ISO_27002_2022_5.7_OT Threat intelligence \|Original Text]]
[[ISO_27002_2022_5.7_PE Threat intelligence \|Plain English]]
ISO 27002:2013: n/a
[[ISO_27002_2022_NL_5.7_BT Informatie en analyses over dreigingen \|NL Brontekst]]

5
Corpus/Standards/MoCs/ISO_27002_2022_5.8_MoC Information security in project management.md Normal file
View file

@ -0,0 +1,5 @@
[[ISO_27002_2022_5.8_OT Information security in project management \|Original Text]]
[[ISO_27002_2022_5.8_PE Information security in project management \|Plain English]]
ISO 27002:2013: 06.1.5, 14.1.1
[[ISO_27002_2022_NL_5.8_BT Informatiebeveiliging in projectmanagement \|Brontekst]]

10
Corpus/Standards/MoCs/ISO_27002_2022_5.9_MoC Inventory of information and other associated assets.md Normal file
View file

@ -0,0 +1,10 @@
# Control 5.9 Inventory of information and other associated assets
[[ISO_27002_2022_5.9_OT Inventory of information and other associated assets \|Original Text]]
[[ISO_27002_2022_5.9_PE Inventory of information and other associated assets \|Plain English]]
ISO 27002:2013: 08.1.1, 08.1.2
[[ISO_27002_2022_NL_5.9_BT Inventarisatie van informatie en andere gerelateerde bedrijfsmiddelen \|Brontekst]]
The inventory serves as input for the [[Business Impact Analysis (BIA)]]
[[ISO_27001_2022_00_MoC Index EXT]]

6
Corpus/Standards/MoCs/ISO_27002_2022_6.1_MoC Screening.md Normal file
View file

@ -0,0 +1,6 @@
[[ISO_27002_2022_6.1_OT Screening \|Original Text]]
 
[[ISO_27002_2022_6.1_PE Screening \|Plain English]]
ISO 27002:2013: 07.1.1

6
Corpus/Standards/MoCs/ISO_27002_2022_6.2_MoC Terms and conditions of employment.md Normal file
View file

@ -0,0 +1,6 @@
[[ISO_27002_2022_6.2_OT Terms and conditions of employment \|Original Text]]
 
[[ISO_27002_2022_6.2_PE Terms and conditions of employment \|Plain English]]
ISO 27002:2013: 07.1.2

6
Corpus/Standards/MoCs/ISO_27002_2022_6.3_MoC Information security awareness, education and training.md Normal file
View file

@ -0,0 +1,6 @@
[[ISO_27002_2022_6.3_OT Information security awareness, education and training \|Original Text]]
 
[[ISO_27002_2022_6.3_PE Information security awareness, education and training \|Plain English]]
ISO 27002:2013: 07.2.2

3
Corpus/Standards/MoCs/ISO_27002_2022_6.4_MoC Disciplinary process.md Normal file
View file

@ -0,0 +1,3 @@
[[ISO_27002_2022_6.4_OT Disciplinary process \|Original Text]]
[[ISO_27002_2022_6.4_PE Disciplinary process \|Plain English]]
ISO 27002:2013: 07.2.3

3
Corpus/Standards/MoCs/ISO_27002_2022_6.5_MoC Responsibilities after termination or change of employment.md Normal file
View file

@ -0,0 +1,3 @@
[[ISO_27002_2022_6.5_OT Responsibilities after termination or change of employment \|Original Text]]
[[ISO_27002_2022_6.5_PE Responsibilities after termination or change of employment \|Plain English]]
ISO 27002:2013: 07.3.1

3
Corpus/Standards/MoCs/ISO_27002_2022_6.6_MoC Confidentiality or non-disclosure agreements.md Normal file
View file

@ -0,0 +1,3 @@
[[ISO_27002_2022_6.6_OT Confidentiality or non-disclosure agreements \|Original Text]]
[[ISO_27002_2022_6.6_PE Confidentiality or non-disclosure agreements \|Plain English]]
ISO 27002:2013: 13.2.4

3
Corpus/Standards/MoCs/ISO_27002_2022_6.7_MoC Remote working.md Normal file
View file

@ -0,0 +1,3 @@
[[ISO_27002_2022_6.7_OT Remote working \|Original Text]]
[[ISO_27002_2022_6.7_PE Remote working \|Plain English]]
ISO 27002:2013: 06.2.2

6
Corpus/Standards/MoCs/ISO_27002_2022_6.8_MoC Information security event reporting.md Normal file
View file

@ -0,0 +1,6 @@
[[ISO_27002_2022_6.8_OT Information security event reporting \|Original Text]]
 
[[ISO_27002_2022_6.8_PE Information security event reporting \|Plain English]]
ISO 27002:2013: 16.1.2, 16.1.3

3
Corpus/Standards/MoCs/ISO_27002_2022_7.10_MoC Storage media.md Normal file
View file

@ -0,0 +1,3 @@
[[ISO_27002_2022_7.10_OT Storage media \|Original Text]]
[[ISO_27002_2022_7.10_PE Storage media \|Plain English]]
ISO 27002:2013: 08.3.1, 08.3.2, 08.3.3, 11.2.5

7
Corpus/Standards/MoCs/ISO_27002_2022_7.11_MoC Supporting utilities.md Normal file
View file

@ -0,0 +1,7 @@
# About Control 7.11: Supporting utilities
Protecting information processing facilities from power failures and other utilities disruptions.
[[ISO_27002_2022_7.11_OT Supporting utilities \|Original Text]]
[[ISO_27002_2022_7.11_PE Supporting utilities \|Plain English]]
ISO 27002:2013: 11.2.2

3
Corpus/Standards/MoCs/ISO_27002_2022_7.12_MoC Cabling security.md Normal file
View file

@ -0,0 +1,3 @@
[[ISO_27002_2022_7.12_OT Cabling security \|Original Text]]
[[ISO_27002_2022_7.12_PE Cabling security \|Plain English]]
ISO 27002:2013: 11.2.3

3
Corpus/Standards/MoCs/ISO_27002_2022_7.13_MoC Equipment maintenance.md Normal file
View file

@ -0,0 +1,3 @@
[[ISO_27002_2022_7.13_OT Equipment maintenance \|Original Text]]
[[ISO_27002_2022_7.13_PE Equipment maintenance \|Plain English]]
ISO 27002:2013: 11.2.4

3
Corpus/Standards/MoCs/ISO_27002_2022_7.14_MoC Secure disposal or re-use of equipment.md Normal file
View file

@ -0,0 +1,3 @@
[[ISO_27002_2022_7.14_OT Secure disposal or re-use of equipment \|Original Text]]
[[ISO_27002_2022_7.14_PE Secure disposal or re-use of equipment \|Plain English]]
ISO 27002:2013: 11.2.7

7
Corpus/Standards/MoCs/ISO_27002_2022_7.1_MoC Physical security perimeters.md Normal file
View file

@ -0,0 +1,7 @@
# About control 7.1: Physical security perimeters
[[ISO_27002_2022_7.1_OT Physical security perimeters \|Original Text]]
[[ISO_27002_2022_7.1_PE Physical security perimeters \|Plain English]]
ISO 27002:2013: 11.1.1
[[Physical security in ISO 27001]]

3
Corpus/Standards/MoCs/ISO_27002_2022_7.2_MoC Physical entry.md Normal file
View file

@ -0,0 +1,3 @@
[[ISO_27002_2022_7.2_OT Physical entry \|Original Text]]
[[ISO_27002_2022_7.2_PE Physical entry \|Plain English]]
ISO 27002:2013: 11.1.2, 11.1.6

3
Corpus/Standards/MoCs/ISO_27002_2022_7.3_MoC Securing offices, rooms and facilities.md Normal file
View file

@ -0,0 +1,3 @@
[[ISO_27002_2022_7.3_OT Securing offices, rooms and facilities \|Original Text]]
[[ISO_27002_2022_7.3_PE Securing offices, rooms and facilities \|Plain English]]
ISO 27002:2013: 11.1.3

3
Corpus/Standards/MoCs/ISO_27002_2022_7.4_MoC Physical security monitoring.md Normal file
View file

@ -0,0 +1,3 @@
[[ISO_27002_2022_7.4_OT Physical security monitoring \|Original Text]]
[[ISO_27002_2022_7.4_PE Physical security monitoring \|Plain English]]
ISO 27002:2013: n/a

3
Corpus/Standards/MoCs/ISO_27002_2022_7.5_MoC Protecting against physical and environmental threats.md Normal file
View file

@ -0,0 +1,3 @@
[[ISO_27002_2022_7.5_OT Protecting against physical and environmental threats \|Original Text]]
[[ISO_27002_2022_7.5_PE Protecting against physical and environmental threats \|Plain English]]
ISO 27002:2013: 11.1.4

3
Corpus/Standards/MoCs/ISO_27002_2022_7.6_MoC Working in secure areas.md Normal file
View file

@ -0,0 +1,3 @@
[[ISO_27002_2022_7.6_OT Working in secure areas \|Original Text]]
[[ISO_27002_2022_7.6_PE Working in secure areas \|Plain English]]
ISO 27002:2013: 11.1.5

3
Corpus/Standards/MoCs/ISO_27002_2022_7.7_MoC Clear desk and clear screen.md Normal file
View file

@ -0,0 +1,3 @@
[[ISO_27002_2022_7.7_OT Clear desk and clear screen \|Original Text]]
[[ISO_27002_2022_7.7_PE Clear desk and clear screen \|Plain English]]
ISO 27002:2013: 11.2.9

3
Corpus/Standards/MoCs/ISO_27002_2022_7.8_MoC Equipment siting and protection.md Normal file
View file

@ -0,0 +1,3 @@
[[ISO_27002_2022_7.8_OT Equipment siting and protection \|Original Text]]
[[ISO_27002_2022_7.8_PE Equipment siting and protection \|Plain English]]
ISO 27002:2013: 11.2.1

3
Corpus/Standards/MoCs/ISO_27002_2022_7.9_MoC Security of assets off-premises.md Normal file
View file

@ -0,0 +1,3 @@
[[ISO_27002_2022_7.9_OT Security of assets off-premises \|Original Text]]
[[ISO_27002_2022_7.9_PE Security of assets off-premises \|Plain English]]
ISO 27002:2013: 11.2.6

3
Corpus/Standards/MoCs/ISO_27002_2022_8.10_MoC Information deletion.md Normal file
View file

@ -0,0 +1,3 @@
[[ISO_27002_2022_8.10_OT Information deletion \|Original Text]]
[[ISO_27002_2022_8.10_PE Information deletion \|Plain English]]
ISO 27002:2013: n/a

3
Corpus/Standards/MoCs/ISO_27002_2022_8.11_MoC Data masking.md Normal file
View file

@ -0,0 +1,3 @@
[[ISO_27002_2022_8.11_OT Data masking \|Original Text]]
[[ISO_27002_2022_8.11_PE Data masking \|Plain English]]
ISO 27002:2013: n/a

3
Corpus/Standards/MoCs/ISO_27002_2022_8.12_MoC Data leakage prevention.md Normal file
View file

@ -0,0 +1,3 @@
[[ISO_27002_2022_8.12_OT Data leakage prevention \|Original Text]]
[[ISO_27002_2022_8.12_PE Data leakage prevention \|Plain English]]
ISO 27002:2013: n/a

Some files were not shown because too many files have changed in this diff Show more