diff --git a/Corpus/Information security concepts MoC.md b/Corpus/Information security concepts MoC.md new file mode 100644 index 0000000..578f8cd --- /dev/null +++ b/Corpus/Information security concepts MoC.md @@ -0,0 +1,75 @@ +--- +Related: + - "[ISO\\_27002\\_OT 3 Terms, definitions and abbreviated terms](Standards/ISO27x/OST/27002/EN/a-3-Terms-definitions-and-abbreviated%20terms.md)" + - https://csiac.org/databases/acronyms/ +tags: + - type/MoC +--- +[Assets](🎇%20Sparks/Assets.md) + [NIST Asset Types](📚️%20Literature%20notes/NIST%20Asset%20Types.md) + [Asset lifecycle](📚️%20Literature%20notes/Asset%20lifecycle.md) + [Asset ownership](🎇%20Sparks/Asset%20ownership.md) + [[Asset ownership DEL]] + [Assets, Vulnerabilities, Threats, Risks](📚️%20Literature%20notes/Assets,%20Vulnerabilities,%20Threats,%20Risks.md) +[Assets, Vulnerabilities, Threats, Risks](🎇%20Sparks/Assets,%20Vulnerabilities,%20Threats,%20Risks.md) +[Attack Surface Analysis](📚️%20Literature%20notes/Attack%20Surface%20Analysis.md) +[Authentication](Standards/ISO27x/Authentication.md) + [Multi-factor authentication](🎇%20Sparks/Multi-factor%20authentication.md) (MFA) + [Passwordless Authentication](🎇%20Sparks/Passwordless%20Authentication.md) + [Risk-Based Authentication](🎇%20Sparks/Risk-Based%20Authentication.md) + [Single Sign On (SSO)](📚️%20Literature%20notes/Single%20Sign%20On%20(SSO).md) + [Tokens](🎇%20Sparks/Tokens.md) +[Authorization](Standards/ISO27x/Authorization.md) + [Access Control](🎇%20Sparks/Access%20Control.md) +[Awareness](🎇%20Sparks/Awareness.md) +[BCP_Bedrijfscontinuïteitsplanning](📚️%20Literature%20notes/BCP_Bedrijfscontinuïteitsplanning.md) + [Business Impact Analysis (BIA)](🎇%20Sparks/Business%20Impact%20Analysis%20(BIA).md) + [Disaster Recovery Planning](🎇%20Sparks/Disaster%20Recovery%20Planning.md) +[Change management MoC](MoCs/Change%20management%20MoC.md) +[Classification](🎇%20Sparks/Classification.md) +[Compliance](🎇%20Sparks/Compliance.md) +[Data Breach](💡Permanent%20ideas/Data%20Breach.md) +[Data Governance](📚️%20Literature%20notes/Data%20Governance.md) +Frameworks + [ISO 27k family](../../iso27DIY-gis/reference/Examples/ISO%2027k%20family.md) + [NIST articles list](Standards/NIST/NIST%20articles%20list.md) +[Governance](🎇%20Sparks/Governance.md) +[[Hardening]] +[Identity and Access Management (IAM)](💡Drafts%20and%20Ideas/Identity%20and%20Access%20Management%20(IAM).md) + [Identification](💡Drafts%20and%20Ideas/Identification.md) + [Authentication](Standards/ISO27x/Authentication.md) + [Authorization](Standards/ISO27x/Authorization.md) +Impact + [Change management MoC](MoCs/Change%20management%20MoC.md) + [Impact of Disruption](💡Drafts%20and%20Ideas/Impact%20of%20Disruption.md) +[Incidents](🎇%20Sparks/Incidents.md) +[Maturity Models](📚️%20Literature%20notes/Maturity%20Models.md) +[Metrics](📚️%20Literature%20notes/InfoSec%20Metrics.md) +[Operational Technology](💡Drafts%20and%20Ideas/Operational%20Technology.md) or OT Security +[Policies](📚️%20Literature%20notes/Policies.md) +[[Posture Management]] +[Ransomware](🎇%20Sparks/Ransomware.md) +[Risks](🎇%20Sparks/Risks.md) + [Risk analysis](🎇%20Sparks/Risk%20analysis.md) + [Risk appetite](💡Drafts%20and%20Ideas/Risk%20appetite.md) + [Risk inventories](🎇%20Sparks/Risk%20inventories.md) + [Risk management](🎇%20Sparks/Risk%20management.md) + [Risk ownership](🎇%20Sparks/Risk%20ownership.md) + [Risk ownership](🎇%20Sparks/Risk%20ownership.md) + [Risk prioritization](🎇%20Sparks/Risk%20prioritization.md) + [Risk tolerance](🎇%20Sparks/Risk%20tolerance.md) + [Risk treatment](🎇%20Sparks/Risk%20treatment.md) + [Risks vs Threats vs Vulnerabilities](🎇%20Sparks/Risks%20vs%20Threats%20vs%20Vulnerabilities.md) +[Roles and Responsibilities](🎇%20Sparks/Roles%20and%20Responsibilities.md) +[Threat](📚️%20Literature%20notes/Threat.md) + [Threat Intelligence](🎇%20Sparks/Threat%20Intelligence.md) + [Security Threat Modeling](📚️%20Literature%20notes/Security%20Threat%20Modeling.md) + [Privacy Threat Modeling](📚️%20Literature%20notes/Privacy%20Threat%20Modeling.md) + [AI Threat Modeling](🎇%20Sparks/AI%20Threat%20Modeling.md) + [Threat Catalogues](📚️%20Literature%20notes/Threat%20Catalogues.md) +[Vendor security MoC](🎇%20Sparks/Vendor%20security%20MoC.md) or Supply chain security +[Vulnerability](💡Drafts%20and%20Ideas/Vulnerability.md) + [Bug bounty program](🎇%20Sparks/Bug%20bounty%20program.md) +[Zero Trust](📚️%20Literature%20notes/Zero%20Trust.md) + + diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/ISO 27002_2022_EN.docx b/Corpus/Standards/ISO27x/OST/27002/EN/ISO 27002_2022_EN.docx new file mode 100644 index 0000000..3faf329 Binary files /dev/null and b/Corpus/Standards/ISO27x/OST/27002/EN/ISO 27002_2022_EN.docx differ diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-3-Terms-definitions-and-abbreviated terms.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-3-Terms-definitions-and-abbreviated-terms.md similarity index 83% rename from Corpus/Standards/ISO27x/OST/27002/EN/a-3-Terms-definitions-and-abbreviated terms.md rename to Corpus/Standards/ISO27x/OST/27002/EN/a-3-Terms-definitions-and-abbreviated-terms.md index 2b34ca2..52546db 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-3-Terms-definitions-and-abbreviated terms.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-3-Terms-definitions-and-abbreviated-terms.md @@ -1,7 +1,6 @@ + ## 3.1 Terms and definitions - - For the purposes of this document, the following terms and definitions apply. @@ -72,7 +71,7 @@ ISO Store Order: OP-582678 / Downloaded: 2022-02-17 Single user licence only, co -— organization's structure. +— organization’s structure. @@ -112,7 +111,7 @@ Note 1 to entry: Material includes information and other associated _assets_ (3. -[SOURCE: ISO/IEC 27050-1:2019, 3.1, modified — "Note 1 to entry" added] +[SOURCE: ISO/IEC 27050-1:2019, 3.1, modified — “Note 1 to entry” added] @@ -148,7 +147,7 @@ Note 2 to entry: Controls may not always exert the intended or assumed modifying **disrupti****on** -incident, whether anticipated or unanticipated, that causes an unplanned, negative deviation from the expected delivery of products and services according to an organization's objectives +incident, whether anticipated or unanticipated, that causes an unplanned, negative deviation from the expected delivery of products and services according to an organization’s objectives @@ -248,7 +247,7 @@ occurrence indicating a possible _information_ _security_ _breach_ (3.1.13) or f -[SOURCE: ISO/IEC 27035-1:2016, 3.3, modified — "breach of information security" has been replaced with "information security breach"] +[SOURCE: ISO/IEC 27035-1:2016, 3.3, modified — “breach of information security” has been replaced with “information security breach”] @@ -256,7 +255,7 @@ occurrence indicating a possible _information_ _security_ _breach_ (3.1.13) or f **information** **security incident** -one or multiple related and identified _information_ _security_ _events_ (3.1.14) that can harm an organization's _assets_ (3.1.2) or compromise its operations +one or multiple related and identified _information_ _security_ _events_ (3.1.14) that can harm an organization’s _assets_ (3.1.2) or compromise its operations @@ -306,11 +305,11 @@ ability to prove the occurrence of a claimed event or action and its originating **pers****onnel** -persons doing work under the organization's direction +persons doing work under the organization’s direction -Note 1 to entry: The concept of personnel includes the organization's members, such as the governing body, top management, employees, temporary staff, contractors and volunteers. +Note 1 to entry: The concept of personnel includes the organization’s members, such as the governing body, top management, employees, temporary staff, contractors and volunteers. @@ -348,7 +347,7 @@ any information that (a) can be used to establish a link between the information -Note 1 to entry: The "natural person" in the definition is the _PII_ _principal_ (3.1.22). To determine whether a PII principal is identifiable, account should be taken of all the means which can reasonably be used by the privacy stakeholder holding the data, or by any other party, to establish the link between the set of PII and the natural person. +Note 1 to entry: The “natural person” in the definition is the _PII_ _principal_ (3.1.22). To determine whether a PII principal is identifiable, account should be taken of all the means which can reasonably be used by the privacy stakeholder holding the data, or by any other party, to establish the link between the set of PII and the natural person. @@ -364,7 +363,7 @@ natural person to whom the _personally identifiable_ _information_ _(PII)_ (3.1. -Note 1 to entry: Depending on the jurisdiction and the particular data protection and privacy legislation, the synonym "data subject" can also be used instead of the term "PII principal". +Note 1 to entry: Depending on the jurisdiction and the particular data protection and privacy legislation, the synonym “data subject” can also be used instead of the term “PII principal”. @@ -394,7 +393,7 @@ intentions and direction of an organization, as formally expressed by its top ma **privacy** **impact** **assessment** **PIA** -overall _process_ (3.1.27) of identifying, analysing, evaluating, consulting, communicating and planning the treatment of potential privacy impacts with regard to the processing of _personally_ _identifiable_ _information_ _(PII)_ (3.1.21), framed within an organization's broader risk management framework +overall _process_ (3.1.27) of identifying, analysing, evaluating, consulting, communicating and planning the treatment of potential privacy impacts with regard to the processing of _personally_ _identifiable_ _information_ _(PII)_ (3.1.21), framed within an organization’s broader risk management framework @@ -434,11 +433,37 @@ information created, received and maintained as evidence and as an _asset_ (3.1. + + + + + + +**4** © ISO/IEC 2022 – All rights reserved + +Licensed to ISO27DIY / Richard Kranendonk (rkranendonk@mac.com) + +ISO Store Order: OP-582678 / Downloaded: 2022-02-17 Single user licence only, copying and networking prohibited. + + + + + + + +**ISO/IEC 27002:2022(E)** + + + + + + + Note 1 to entry: Legal obligations in this context include all legal, statutory, regulatory and contractual requirements. -[SOURCE: ISO 15489-1:2016, 3.14, modified— "Note 1 to entry" added.] +[SOURCE: ISO 15489-1:2016, 3.14, modified— “Note 1 to entry” added.] @@ -472,7 +497,7 @@ property of consistent intended behaviour and results **rule** -accepted principle or instruction that states the organization's expectations on what is required to be done, what is allowed or not allowed +accepted principle or instruction that states the organization’s expectations on what is required to be done, what is allowed or not allowed @@ -516,7 +541,7 @@ EXAMPLE Topic-specific policy on _access_ _control_ (3.1.1), topic-specific poli **u****ser** -_interested_ _party_ (3.1.18) with access to the organization's _information_ _systems_ (3.1.17) +_interested_ _party_ (3.1.18) with access to the organization’s _information_ _systems_ (3.1.17) @@ -524,6 +549,40 @@ EXAMPLE _Personnel_ (3.1.20), customers, suppliers. + + + + + + +© ISO/IEC 2022 – All rights reserved + + + + + + + + + + + +**5** + + + + + + + +**ISO/IEC 27002:2022(E)** + + + + + + + **3.1.37** **user** **endpoint** **device** @@ -554,90 +613,202 @@ weakness of an _asset_ (3.1.2) or _control_ (3.1.8) that can be exploited by one ABAC attribute-based access control + + ACL access control list + + BIA business impact analysis + + BYOD bring your own device + + CAPTCHA completely automated public Turing test to tell computers and humans apart + + CPU central processing unit + + DAC discretionary access control + + DNS domain name system + + GPS global positioning system + + IAM identity and access management + + ICT information and communication technology + + ID identifier + + IDE integrated development environment + + IDS intrusion detection system + + IoT internet of things + + IP internet protocol + + IPS intrusion prevention system + + IT information technology + + ISMS information security management system + + MAC mandatory access control + + NTP network time protocol + + PIA privacy impact assessment + + PII personally identifiable information + + + + + + +**6** © ISO/IEC 2022 – All rights reserved + +Licensed to ISO27DIY / Richard Kranendonk (rkranendonk@mac.com) + +ISO Store Order: OP-582678 / Downloaded: 2022-02-17 Single user licence only, copying and networking prohibited. + + + + + + + +**ISO/IEC 27002:2022(E)** + + + + + + + PIN personal identification number + + PKI public key infrastructure + + PTP precision time protocol + + RBAC role-based access control + + RPO recovery point objective + + RTO recovery time objective + + SAST static application security testing + + SD secure digital + + SDN software-defined networking + + SD-WAN software-defined wide area networking + + SIEM security information and event management + + SMS short message service + + SQL structured query language + + SSO single sign on + + SWID software identification + + UEBA user and entity behaviour analytics + + UPS uninterruptible power supply + + URL uniform resource locator + + USB universal serial bus + + VM virtual machine + + VPN virtual private network + + WiFi wireless fidelity \ No newline at end of file diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.12-Classification-of-information.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.12-Classification-of-information.md index 0ea107a..338d711 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.12-Classification-of-information.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.12-Classification-of-information.md @@ -1,5 +1,3 @@ -#iso27002/2022/EN - ## 5.12 Classification of information | Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains | diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.28-Secure-coding.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.28-Secure-coding.md index ad6e9af..6e6ba21 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.28-Secure-coding.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.28-Secure-coding.md @@ -1,8 +1,3 @@ -| Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains | -| ------------ | ----------------------------------------- | ---------------------- | -------------------------------------------------- | ---------------- | -| #Preventive | #Confidentiality #Integrity #Availability | #Protect | #Application_security #System_and_network_security | #Protection | - - ## 8.28 Secure coding #### Control diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.7-Protection-against-malware.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.7-Protection-against-malware.md index e14a23b..292a238 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.7-Protection-against-malware.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.7-Protection-against-malware.md @@ -1,4 +1,4 @@ -## 8.7  **Protection** **against** **malware** +## 8.7  Protection against malware ## Control Protection against malware should be implemented and supported by appropriate user awareness. diff --git a/Corpus/Standards/MoCs/ISO_27002_2022_8.25_MoC Secure development life cycle.md b/Corpus/Standards/MoCs/ISO_27002_2022_8.25_MoC Secure development life cycle.md deleted file mode 100644 index d29f3c8..0000000 --- a/Corpus/Standards/MoCs/ISO_27002_2022_8.25_MoC Secure development life cycle.md +++ /dev/null @@ -1,5 +0,0 @@ -[[ISO_27002_2022_8.25_OT Secure development life cycle \|Original Text]] -[[ISO_27002_2022_8.25_PE Secure development life cycle \|Plain English]] -ISO 27002:2013: 14.2.1 - -![[../../../../iso27DIY-gis/reference/examples/ci-cd-pipeline-security-best-practices.pdf]] \ No newline at end of file diff --git a/prepend_frontmatter.py b/prepend_frontmatter.py new file mode 100644 index 0000000..0827aae --- /dev/null +++ b/prepend_frontmatter.py @@ -0,0 +1,2320 @@ +#!/usr/bin/env python3 +""" +prepend_frontmatter.py + +For each ISO 27002 control note in the target folder: +- Skips files that already have YAML frontmatter (starts with ---) +- Skips a-3-Terms* +- Prepends the correct frontmatter block and writes the file back + +Run from anywhere: + python3 prepend_frontmatter.py + +Requires Python 3.6+. No dependencies. +""" + +import os + +VAULT_DIR = "/Users/rico/src/iso27diy-corp/Corpus/Standards/ISO27x/OST/27002/EN" + +FRONTMATTER = { + "a-5.1-Policies-for-information-security.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.1" +title: "Policies for information security" +theme: Organizational +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Identify] +operational_capabilities: [Governance] +security_domains: + - Governance_and_Ecosystem + - Resilience +tags: + - iso27002/2022/EN +status: active +---""", + + "a-5.2-Information-security-roles-and-responsibilities.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.2" +title: "Information security roles and responsibilities" +theme: Organizational +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Identify] +operational_capabilities: [Governance] +security_domains: + - Governance_and_Ecosystem + - Protection + - Resilience +tags: + - iso27002/2022/EN +status: active +---""", + + "a-5.3-Segregation-of-duties.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.3" +title: "Segregation of duties" +theme: Organizational +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: + - Governance + - Identity_and_access_management +security_domains: [Governance_and_Ecosystem] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-5.4-Management-responsibilities.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.4" +title: "Management responsibilities" +theme: Organizational +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Identify] +operational_capabilities: [Governance] +security_domains: [Governance_and_Ecosystem] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-5.5-Contact-with-authorities.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.5" +title: "Contact with authorities" +theme: Organizational +control_type: + - Preventive + - Corrective +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: + - Identify + - Protect + - Respond + - Recover +operational_capabilities: [Governance] +security_domains: + - Defence + - Resilience +tags: + - iso27002/2022/EN +status: active +---""", + + "a-5.6-Contact-with-special-interest-groups.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.6" +title: "Contact with special interest groups" +theme: Organizational +control_type: + - Preventive + - Corrective +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: + - Protect + - Respond + - Recover +operational_capabilities: [Governance] +security_domains: [Defence] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-5.7-Threat-intelligence.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.7" +title: "Threat intelligence" +theme: Organizational +control_type: + - Preventive + - Detective + - Corrective +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: + - Identify + - Detect + - Respond +operational_capabilities: [Threat_and_vulnerability_management] +security_domains: + - Defence + - Resilience +tags: + - iso27002/2022/EN +status: active +---""", + + "a-5.8-Information-security-in-project-management.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.8" +title: "Information security in project management" +theme: Organizational +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: + - Identify + - Protect +operational_capabilities: [Governance] +security_domains: + - Governance_and_Ecosystem + - Protection +tags: + - iso27002/2022/EN +status: active +---""", + + "a-5.9-Inventory-of-information-and-other-associated-assets.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.9" +title: "Inventory of information and other associated assets" +theme: Organizational +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Identify] +operational_capabilities: [Asset_management] +security_domains: + - Governance_and_Ecosystem + - Protection +tags: + - iso27002/2022/EN +status: active +---""", + + "a-5.10-Acceptable-use-of-information-and-other-associated-assets.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.10" +title: "Acceptable use of information and other associated assets" +theme: Organizational +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: + - Asset_management + - Information_protection +security_domains: + - Governance_and_Ecosystem + - Protection +tags: + - iso27002/2022/EN +status: active +---""", + + "a-5.11-Return-of-assets.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.11" +title: "Return of assets" +theme: Organizational +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: [Asset_management] +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-5.12-Classification-of-information.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.12" +title: "Classification of information" +theme: Organizational +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Identify] +operational_capabilities: [Information_protection] +security_domains: + - Protection + - Defence +tags: + - iso27002/2022/EN +status: active +---""", + + "a-5.13-Labelling-of-information.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.13" +title: "Labelling of information" +theme: Organizational +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: [Information_protection] +security_domains: + - Defence + - Protection +tags: + - iso27002/2022/EN +status: active +---""", + + "a-5.14-Information-transfer.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.14" +title: "Information transfer" +theme: Organizational +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: + - Asset_management + - Information_protection +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-5.15-Access-control.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.15" +title: "Access control" +theme: Organizational +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: [Identity_and_access_management] +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-5.16-Identity-management.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.16" +title: "Identity management" +theme: Organizational +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: [Identity_and_access_management] +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-5.17-Authentication-information.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.17" +title: "Authentication information" +theme: Organizational +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: [Identity_and_access_management] +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-5.18-Access-rights.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.18" +title: "Access rights" +theme: Organizational +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: [Identity_and_access_management] +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-5.19-Information-security-in-supplier-relationships.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.19" +title: "Information security in supplier relationships" +theme: Organizational +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Identify] +operational_capabilities: [Supplier_relationships_security] +security_domains: + - Governance_and_Ecosystem + - Protection +tags: + - iso27002/2022/EN +status: active +---""", + + "a-5.20-Addressing-information-security-within-supplier-agreements.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.20" +title: "Addressing information security within supplier agreements" +theme: Organizational +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Identify] +operational_capabilities: [Supplier_relationships_security] +security_domains: + - Governance_and_Ecosystem + - Protection +tags: + - iso27002/2022/EN +status: active +---""", + + "a-5.21-Managing-information-security-in-the-ICT-supply-chain.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.21" +title: "Managing information security in the ICT supply chain" +theme: Organizational +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Identify] +operational_capabilities: [Supplier_relationships_security] +security_domains: + - Governance_and_Ecosystem + - Protection +tags: + - iso27002/2022/EN +status: active +---""", + + "a-5.22-Monitoring-review-and-change-management-of-supplier-services.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.22" +title: "Monitoring, review and change management of supplier services" +theme: Organizational +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Identify] +operational_capabilities: [Supplier_relationships_security] +security_domains: + - Governance_and_Ecosystem + - Protection + - Defence + - Information_security_assurance +tags: + - iso27002/2022/EN +status: active +---""", + + "a-5.23-Information-security-for-use-of-cloud-services.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.23" +title: "Information security for use of cloud services" +theme: Organizational +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: [Supplier_relationships_security] +security_domains: + - Governance_and_Ecosystem + - Protection +tags: + - iso27002/2022/EN +status: active +---""", + + "a-5.24-Information-security-incident-management-planning-and-preparation.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.24" +title: "Information security incident management planning and preparation" +theme: Organizational +control_type: [Corrective] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: + - Respond + - Recover +operational_capabilities: + - Governance + - Information_security_event_management +security_domains: [Defence] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-5.25-Assessment-and-decision-on-information-security-events.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.25" +title: "Assessment and decision on information security events" +theme: Organizational +control_type: [Detective] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: + - Detect + - Respond +operational_capabilities: [Information_security_event_management] +security_domains: [Defence] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-5.26-Response-to-information-security-incidents.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.26" +title: "Response to information security incidents" +theme: Organizational +control_type: [Corrective] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: + - Respond + - Recover +operational_capabilities: [Information_security_event_management] +security_domains: [Defence] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-5.27-Learning-from-information-security-incidents.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.27" +title: "Learning from information security incidents" +theme: Organizational +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: + - Identify + - Protect +operational_capabilities: [Information_security_event_management] +security_domains: [Defence] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-5.28-Collection-of-evidence.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.28" +title: "Collection of evidence" +theme: Organizational +control_type: [Corrective] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: + - Detect + - Respond +operational_capabilities: [Information_security_event_management] +security_domains: [Defence] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-5.29-Information-security-during-disruption.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.29" +title: "Information security during disruption" +theme: Organizational +control_type: + - Preventive + - Corrective +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: + - Protect + - Respond +operational_capabilities: [Continuity] +security_domains: + - Protection + - Resilience +tags: + - iso27002/2022/EN +status: active +---""", + + "a-5.30-ICT-readiness-for-business-continuity.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.30" +title: "ICT readiness for business continuity" +theme: Organizational +control_type: [Corrective] +information_security_properties: [Availability] +cybersecurity_concepts: [Respond] +operational_capabilities: [Continuity] +security_domains: [Resilience] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-5.31-Legal-statutory-regulatory-and-contractual-requirements.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.31" +title: "Legal, statutory, regulatory and contractual requirements" +theme: Organizational +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Identify] +operational_capabilities: [Legal_and_compliance] +security_domains: + - Governance_and_Ecosystem + - Protection +tags: + - iso27002/2022/EN +status: active +---""", + + "a-5.32-Intellectual-property-rights.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.32" +title: "Intellectual property rights" +theme: Organizational +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Identify] +operational_capabilities: [Legal_and_compliance] +security_domains: [Governance_and_Ecosystem] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-5.33-Protection-of-records.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.33" +title: "Protection of records" +theme: Organizational +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: + - Identify + - Protect +operational_capabilities: + - Legal_and_compliance + - Asset_management + - Information_protection +security_domains: [Defence] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-5.34-Privacy-and-protection-of-PII.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.34" +title: "Privacy and protection of PII" +theme: Organizational +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: + - Identify + - Protect +operational_capabilities: + - Information_protection + - Legal_and_compliance +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-5.35-Independent-review-of-information-security.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.35" +title: "Independent review of information security" +theme: Organizational +control_type: + - Preventive + - Corrective +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: + - Identify + - Protect +operational_capabilities: [Information_security_assurance] +security_domains: [Governance_and_Ecosystem] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-5.36-Compliance-with-policies-rules-and-standards-for-information-security.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.36" +title: "Compliance with policies, rules and standards for information security" +theme: Organizational +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: + - Identify + - Protect +operational_capabilities: + - Legal_and_compliance + - Information_security_assurance +security_domains: [Governance_and_Ecosystem] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-5.37-Documented-operating-procedures.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.37" +title: "Documented operating procedures" +theme: Organizational +control_type: + - Preventive + - Corrective +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: + - Protect + - Recover +operational_capabilities: + - Asset_management + - Physical_security + - System_and_network_security + - Application_security + - Secure_configuration + - Identity_and_access_management + - Threat_and_vulnerability_management + - Continuity + - Information_security_event_management +security_domains: + - Governance_and_Ecosystem + - Protection + - Defence +tags: + - iso27002/2022/EN +status: active +---""", + + "a-6.1-Screening.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.6.1" +title: "Screening" +theme: People +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: [Human_resource_security] +security_domains: [Governance_and_Ecosystem] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-6.2-Terms-and-conditions-of-employment.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.6.2" +title: "Terms and conditions of employment" +theme: People +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: [Human_resource_security] +security_domains: [Governance_and_Ecosystem] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-6.3-Information-security-awareness-education-and-training.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.6.3" +title: "Information security awareness, education and training" +theme: People +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: [Human_resource_security] +security_domains: [Governance_and_Ecosystem] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-6.4-Disciplinary-process.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.6.4" +title: "Disciplinary process" +theme: People +control_type: + - Preventive + - Corrective +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: + - Protect + - Respond +operational_capabilities: [Human_resource_security] +security_domains: [Governance_and_Ecosystem] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-6.5-Responsibilities-after-termination-or-change-of-employment.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.6.5" +title: "Responsibilities after termination or change of employment" +theme: People +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: + - Human_resource_security + - Asset_management +security_domains: [Governance_and_Ecosystem] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-6.6-Confidentiality-or-non-disclosure-agreements.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.6.6" +title: "Confidentiality or non-disclosure agreements" +theme: People +control_type: [Preventive] +information_security_properties: [Confidentiality] +cybersecurity_concepts: [Protect] +operational_capabilities: + - Human_resource_security + - Information_protection + - Supplier_relationships_security +security_domains: [Governance_and_Ecosystem] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-6.7-Remote-working.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.6.7" +title: "Remote working" +theme: People +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: + - Asset_management + - Information_protection + - Physical_security + - System_and_network_security +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-6.8-Information-security-event-reporting.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.6.8" +title: "Information security event reporting" +theme: People +control_type: [Detective] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Detect] +operational_capabilities: [Information_security_event_management] +security_domains: [Defence] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-7.1-Physical-security-perimeters.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.7.1" +title: "Physical security perimeters" +theme: Physical +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: [Physical_security] +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-7.2-Physical-entry.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.7.2" +title: "Physical entry" +theme: Physical +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: + - Physical_security + - Identity_and_access_management +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-7.3-Securing-offices-rooms-and-facilities.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.7.3" +title: "Securing offices, rooms and facilities" +theme: Physical +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: + - Physical_security + - Asset_management +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-7.4-Physical-security-monitoring.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.7.4" +title: "Physical security monitoring" +theme: Physical +control_type: + - Preventive + - Detective +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: + - Protect + - Detect +operational_capabilities: [Physical_security] +security_domains: + - Protection + - Defence +tags: + - iso27002/2022/EN +status: active +---""", + + "a-7.5-Protecting-against-physical-and-environmental-threats.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.7.5" +title: "Protecting against physical and environmental threats" +theme: Physical +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: [Physical_security] +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-7.6-Working-in-secure-areas.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.7.6" +title: "Working in secure areas" +theme: Physical +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: [Physical_security] +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-7.7-Clear-desk-and-clear-screen.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.7.7" +title: "Clear desk and clear screen" +theme: Physical +control_type: [Preventive] +information_security_properties: [Confidentiality] +cybersecurity_concepts: [Protect] +operational_capabilities: [Physical_security] +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-7.8-Equipment-siting-and-protection.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.7.8" +title: "Equipment siting and protection" +theme: Physical +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: + - Physical_security + - Asset_management +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-7.9-Security-of-assets-off-premises.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.7.9" +title: "Security of assets off-premises" +theme: Physical +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: + - Physical_security + - Asset_management +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-7.10-Storage-media.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.7.10" +title: "Storage media" +theme: Physical +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: + - Physical_security + - Asset_management +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-7.11-Supporting-utilities.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.7.11" +title: "Supporting utilities" +theme: Physical +control_type: + - Preventive + - Detective +information_security_properties: + - Integrity + - Availability +cybersecurity_concepts: + - Protect + - Detect +operational_capabilities: [Physical_security] +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-7.12-Cabling-security.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.7.12" +title: "Cabling security" +theme: Physical +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: [Physical_security] +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-7.13-Equipment-maintenance.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.7.13" +title: "Equipment maintenance" +theme: Physical +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: + - Physical_security + - Asset_management +security_domains: + - Protection + - Resilience +tags: + - iso27002/2022/EN +status: active +---""", + + "a-7.14-Secure-disposal-or-re-use-of-equipment.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.7.14" +title: "Secure disposal or re-use of equipment" +theme: Physical +control_type: [Preventive] +information_security_properties: [Confidentiality] +cybersecurity_concepts: [Protect] +operational_capabilities: + - Physical_security + - Asset_management +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-8.1-User-endpoint-devices.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.1" +title: "User endpoint devices" +theme: Technological +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: + - Asset_management + - Information_protection +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-8.2-Privileged-access-rights.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.2" +title: "Privileged access rights" +theme: Technological +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: [Identity_and_access_management] +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-8.3-Information-access-restriction.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.3" +title: "Information access restriction" +theme: Technological +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: [Identity_and_access_management] +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-8.4-Access-to-source-code.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.4" +title: "Access to source code" +theme: Technological +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: + - Identity_and_access_management + - Application_security + - Secure_configuration +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-8.5-Secure-authentication.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.5" +title: "Secure authentication" +theme: Technological +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: [Identity_and_access_management] +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-8.6-Capacity-management.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.6" +title: "Capacity management" +theme: Technological +control_type: + - Preventive + - Detective +information_security_properties: + - Integrity + - Availability +cybersecurity_concepts: + - Identify + - Protect + - Detect +operational_capabilities: [Continuity] +security_domains: + - Governance_and_Ecosystem + - Protection +tags: + - iso27002/2022/EN +status: active +---""", + + "a-8.7-Protection-against-malware.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.7" +title: "Protection against malware" +theme: Technological +control_type: + - Preventive + - Detective + - Corrective +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: + - Protect + - Detect +operational_capabilities: + - System_and_network_security + - Information_protection +security_domains: + - Protection + - Defence +tags: + - iso27002/2022/EN +status: active +---""", + + "a-8.8-Management-of-technical-vulnerabilities.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.8" +title: "Management of technical vulnerabilities" +theme: Technological +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: + - Identify + - Protect +operational_capabilities: [Threat_and_vulnerability_management] +security_domains: + - Governance_and_Ecosystem + - Protection + - Defence +tags: + - iso27002/2022/EN +status: active +---""", + + "a-8.9-Configuration-management.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.9" +title: "Configuration management" +theme: Technological +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: [Secure_configuration] +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-8.10-Information-deletion.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.10" +title: "Information deletion" +theme: Technological +control_type: [Preventive] +information_security_properties: [Confidentiality] +cybersecurity_concepts: [Protect] +operational_capabilities: + - Information_protection + - Legal_and_compliance +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-8.11-Data-masking.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.11" +title: "Data masking" +theme: Technological +control_type: [Preventive] +information_security_properties: [Confidentiality] +cybersecurity_concepts: [Protect] +operational_capabilities: [Information_protection] +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-8.12-Data-leakage-prevention.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.12" +title: "Data leakage prevention" +theme: Technological +control_type: + - Preventive + - Detective +information_security_properties: [Confidentiality] +cybersecurity_concepts: + - Protect + - Detect +operational_capabilities: [Information_protection] +security_domains: + - Protection + - Defence +tags: + - iso27002/2022/EN +status: active +---""", + + "a-8.13-Information-backup.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.13" +title: "Information backup" +theme: Technological +control_type: [Corrective] +information_security_properties: + - Integrity + - Availability +cybersecurity_concepts: [Recover] +operational_capabilities: [Continuity] +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-8.14-Redundancy-of-information-processing-facilities.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.14" +title: "Redundancy of information processing facilities" +theme: Technological +control_type: [Preventive] +information_security_properties: [Availability] +cybersecurity_concepts: [Protect] +operational_capabilities: + - Continuity + - Asset_management +security_domains: + - Protection + - Resilience +tags: + - iso27002/2022/EN +status: active +---""", + + "a-8.15-Logging.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.15" +title: "Logging" +theme: Technological +control_type: [Detective] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Detect] +operational_capabilities: [Information_security_event_management] +security_domains: + - Protection + - Defence +tags: + - iso27002/2022/EN +status: active +---""", + + "a-8.16-Monitoring-activities.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.16" +title: "Monitoring activities" +theme: Technological +control_type: + - Detective + - Corrective +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: + - Detect + - Respond +operational_capabilities: [Information_security_event_management] +security_domains: [Defence] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-8.17-Clock-synchronization.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.17" +title: "Clock synchronization" +theme: Technological +control_type: [Detective] +information_security_properties: [Integrity] +cybersecurity_concepts: + - Protect + - Detect +operational_capabilities: [Information_security_event_management] +security_domains: + - Protection + - Defence +tags: + - iso27002/2022/EN +status: active +---""", + + "a-8.18-Use-of-privileged-utility-programs.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.18" +title: "Use of privileged utility programs" +theme: Technological +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: + - System_and_network_security + - Secure_configuration + - Application_security +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-8.19-Installation-of-software-on-operational-systems.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.19" +title: "Installation of software on operational systems" +theme: Technological +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: + - Secure_configuration + - Application_security +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-8.20-Networks-security.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.20" +title: "Networks security" +theme: Technological +control_type: + - Preventive + - Detective +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: + - Protect + - Detect +operational_capabilities: [System_and_network_security] +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-8.21-Security-of-network-services.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.21" +title: "Security of network services" +theme: Technological +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: [System_and_network_security] +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-8.22-Segregation-of-networks.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.22" +title: "Segregation of networks" +theme: Technological +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: [System_and_network_security] +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-8.23-Web-filtering.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.23" +title: "Web filtering" +theme: Technological +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: [System_and_network_security] +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-8.24-Use-of-cryptography.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.24" +title: "Use of cryptography" +theme: Technological +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: [Secure_configuration] +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-8.25-Secure-development-life-cycle.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.25" +title: "Secure development life cycle" +theme: Technological +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: + - Application_security + - System_and_network_security +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-8.26-Application-security-requirements.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.26" +title: "Application security requirements" +theme: Technological +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: + - Application_security + - System_and_network_security +security_domains: + - Protection + - Defence +tags: + - iso27002/2022/EN +status: active +---""", + + "a-8.27-Secure-system-architecture-and-engineering-principles.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.27" +title: "Secure system architecture and engineering principles" +theme: Technological +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: + - Application_security + - System_and_network_security +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-8.28-Secure-coding.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.28" +title: "Secure coding" +theme: Technological +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: + - Application_security + - System_and_network_security +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-8.29-Security-testing-in-development-and-acceptance.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.29" +title: "Security testing in development and acceptance" +theme: Technological +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Identify] +operational_capabilities: + - Application_security + - Information_security_assurance + - System_and_network_security +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-8.30-Outsourced-development.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.30" +title: "Outsourced development" +theme: Technological +control_type: + - Preventive + - Detective +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: + - Identify + - Protect + - Detect +operational_capabilities: + - System_and_network_security + - Application_security + - Supplier_relationships_security +security_domains: + - Governance_and_Ecosystem + - Protection +tags: + - iso27002/2022/EN +status: active +---""", + + "a-8.31-Separation-of-development-test-and-production-environments.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.31" +title: "Separation of development, test and production environments" +theme: Technological +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: + - Application_security + - System_and_network_security +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-8.32-Change-management.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.32" +title: "Change management" +theme: Technological +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: + - Application_security + - System_and_network_security +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-8.33-Test-information.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.33" +title: "Test information" +theme: Technological +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity +cybersecurity_concepts: [Protect] +operational_capabilities: [Information_protection] +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-8.34-Protection-of-information-systems-during-audit-testing.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.34" +title: "Protection of information systems during audit testing" +theme: Technological +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: + - System_and_network_security + - Information_protection +security_domains: + - Governance_and_Ecosystem + - Protection +tags: + - iso27002/2022/EN +status: active +---""", +} + + +def main(): + written = [] + skipped_fm = [] + skipped_missing = [] + errors = [] + + for filename, frontmatter in sorted(FRONTMATTER.items()): + filepath = os.path.join(VAULT_DIR, filename) + + if not os.path.exists(filepath): + skipped_missing.append(filename) + continue + + with open(filepath, "r", encoding="utf-8") as f: + content = f.read() + + if content.startswith("---"): + skipped_fm.append(filename) + continue + + new_content = frontmatter + "\n\n" + content + + with open(filepath, "w", encoding="utf-8") as f: + f.write(new_content) + + written.append(filename) + + print(f"Written: {len(written)}") + print(f"Already had FM: {len(skipped_fm)}") + print(f"File not found: {len(skipped_missing)}") + print(f"Errors: {len(errors)}") + + if skipped_fm: + print("\nAlready had frontmatter (skipped):") + for f in skipped_fm: + print(f" {f}") + if skipped_missing: + print("\nNot found (skipped):") + for f in skipped_missing: + print(f" {f}") + if errors: + print("\nErrors:") + for e in errors: + print(f" {e}") + + +if __name__ == "__main__": + main() \ No newline at end of file