Merge enrich-27002 changes into 27002-metadata

2026-05-01 17:45:30 +02:00 · 2026-05-01 17:45:30 +02:00 · 4dc34352a1
commit 4dc34352a1
parent 873b5eaee3
8 changed files with 2582 additions and 28 deletions
--- a/Corpus/Information
+++ b/Corpus/Information
@ -0,0 +1,75 @@
 ---
 Related:
  - "[ISO\\_27002\\_OT 3 Terms, definitions and abbreviated terms](Standards/ISO27x/OST/27002/EN/a-3-Terms-definitions-and-abbreviated%20terms.md)"
  - https://csiac.org/databases/acronyms/
 tags:
  - type/MoC
 ---
 [Assets](🎇%20Sparks/Assets.md)
 	[NIST Asset Types](📚️%20Literature%20notes/NIST%20Asset%20Types.md)
 	[Asset lifecycle](📚️%20Literature%20notes/Asset%20lifecycle.md)
 	[Asset ownership](🎇%20Sparks/Asset%20ownership.md)
 	[[Asset ownership DEL]]
 	[Assets, Vulnerabilities, Threats, Risks](📚️%20Literature%20notes/Assets,%20Vulnerabilities,%20Threats,%20Risks.md)
 [Assets, Vulnerabilities, Threats, Risks](🎇%20Sparks/Assets,%20Vulnerabilities,%20Threats,%20Risks.md)
 [Attack Surface Analysis](📚️%20Literature%20notes/Attack%20Surface%20Analysis.md)
 [Authentication](Standards/ISO27x/Authentication.md)
 	[Multi-factor authentication](🎇%20Sparks/Multi-factor%20authentication.md) (MFA)
 	[Passwordless Authentication](🎇%20Sparks/Passwordless%20Authentication.md)
 	[Risk-Based Authentication](🎇%20Sparks/Risk-Based%20Authentication.md)
 	[Single Sign On (SSO)](📚️%20Literature%20notes/Single%20Sign%20On%20(SSO).md)
 	[Tokens](🎇%20Sparks/Tokens.md)
 [Authorization](Standards/ISO27x/Authorization.md)
 	[Access Control](🎇%20Sparks/Access%20Control.md)
 [Awareness](🎇%20Sparks/Awareness.md)
 [BCP_Bedrijfscontinuïteitsplanning](📚️%20Literature%20notes/BCP_Bedrijfscontinuïteitsplanning.md)
 	[Business Impact Analysis (BIA)](🎇%20Sparks/Business%20Impact%20Analysis%20(BIA).md)
 	[Disaster Recovery Planning](🎇%20Sparks/Disaster%20Recovery%20Planning.md)
 [Change management MoC](MoCs/Change%20management%20MoC.md)
 [Classification](🎇%20Sparks/Classification.md)
 [Compliance](🎇%20Sparks/Compliance.md)
 [Data Breach](💡Permanent%20ideas/Data%20Breach.md)
 [Data Governance](📚️%20Literature%20notes/Data%20Governance.md)
 Frameworks
 	[ISO 27k family](../../iso27DIY-gis/reference/Examples/ISO%2027k%20family.md)
 	[NIST articles list](Standards/NIST/NIST%20articles%20list.md)
 [Governance](🎇%20Sparks/Governance.md)
 [[Hardening]]
 [Identity and Access Management (IAM)](💡Drafts%20and%20Ideas/Identity%20and%20Access%20Management%20(IAM).md)
 	[Identification](💡Drafts%20and%20Ideas/Identification.md)
 	[Authentication](Standards/ISO27x/Authentication.md)
 	[Authorization](Standards/ISO27x/Authorization.md)
 Impact
 	[Change management MoC](MoCs/Change%20management%20MoC.md)
 	[Impact of Disruption](💡Drafts%20and%20Ideas/Impact%20of%20Disruption.md)
 [Incidents](🎇%20Sparks/Incidents.md)
 [Maturity Models](📚️%20Literature%20notes/Maturity%20Models.md)
 [Metrics](📚️%20Literature%20notes/InfoSec%20Metrics.md)
 [Operational Technology](💡Drafts%20and%20Ideas/Operational%20Technology.md) or OT Security
 [Policies](📚️%20Literature%20notes/Policies.md)
 [[Posture Management]]
 [Ransomware](🎇%20Sparks/Ransomware.md)
 [Risks](🎇%20Sparks/Risks.md)
 	[Risk analysis](🎇%20Sparks/Risk%20analysis.md)
 	[Risk appetite](💡Drafts%20and%20Ideas/Risk%20appetite.md)
 	[Risk inventories](🎇%20Sparks/Risk%20inventories.md)
 	[Risk management](🎇%20Sparks/Risk%20management.md)
 	[Risk ownership](🎇%20Sparks/Risk%20ownership.md)
 	[Risk ownership](🎇%20Sparks/Risk%20ownership.md)
 	[Risk prioritization](🎇%20Sparks/Risk%20prioritization.md)
 	[Risk tolerance](🎇%20Sparks/Risk%20tolerance.md)
 	[Risk treatment](🎇%20Sparks/Risk%20treatment.md)
 	[Risks vs Threats vs Vulnerabilities](🎇%20Sparks/Risks%20vs%20Threats%20vs%20Vulnerabilities.md)
 [Roles and Responsibilities](🎇%20Sparks/Roles%20and%20Responsibilities.md)
 [Threat](📚️%20Literature%20notes/Threat.md)
 	[Threat Intelligence](🎇%20Sparks/Threat%20Intelligence.md)
 	[Security Threat Modeling](📚️%20Literature%20notes/Security%20Threat%20Modeling.md)
 	[Privacy Threat Modeling](📚️%20Literature%20notes/Privacy%20Threat%20Modeling.md)
 	[AI Threat Modeling](🎇%20Sparks/AI%20Threat%20Modeling.md)
 	[Threat Catalogues](📚️%20Literature%20notes/Threat%20Catalogues.md)
 [Vendor security MoC](🎇%20Sparks/Vendor%20security%20MoC.md) or Supply chain security
 [Vulnerability](💡Drafts%20and%20Ideas/Vulnerability.md)
 	[Bug bounty program](🎇%20Sparks/Bug%20bounty%20program.md)
 [Zero Trust](📚️%20Literature%20notes/Zero%20Trust.md)
--- a/Corpus/Standards/ISO27x/OST/27002/EN/ISO
+++ b/Corpus/Standards/ISO27x/OST/27002/EN/ISO
--- a/Corpus/Standards/ISO27x/OST/27002/EN/a-3-Terms-definitions-and-abbreviated-terms.md
+++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-3-Terms-definitions-and-abbreviated-terms.md
@ -1,7 +1,6 @@
 ## 3.1 Terms and definitions
 For the purposes of this document, the following terms and definitions apply.
@ -72,7 +71,7 @@ ISO Store Order: OP-582678 / Downloaded: 2022-02-17 Single user licence only, co
-— organization's structure.
+— organization’s structure.
@ -112,7 +111,7 @@ Note 1 to entry: Material includes information and other associated _assets_ (3.
-[SOURCE: ISO/IEC 27050-1:2019, 3.1, modified — "Note 1 to entry" added]
+[SOURCE: ISO/IEC 27050-1:2019, 3.1, modified — “Note 1 to entry” added]
@ -148,7 +147,7 @@ Note 2 to entry: Controls may not always exert the intended or assumed modifying
 **disrupti****on**
-incident, whether anticipated or unanticipated, that causes an unplanned, negative deviation from the expected delivery of products and services according to an organization's objectives
+incident, whether anticipated or unanticipated, that causes an unplanned, negative deviation from the expected delivery of products and services according to an organization’s objectives
@ -248,7 +247,7 @@ occurrence indicating a possible _information_ _security_ _breach_ (3.1.13) or f
-[SOURCE: ISO/IEC 27035-1:2016, 3.3, modified — "breach of information security" has been replaced with "information security breach"]
+[SOURCE: ISO/IEC 27035-1:2016, 3.3, modified — “breach of information security” has been replaced with “information security breach”]
@ -256,7 +255,7 @@ occurrence indicating a possible _information_ _security_ _breach_ (3.1.13) or f
 **information** **security incident**
-one or multiple related and identified _information_ _security_ _events_ (3.1.14) that can harm an organization's _assets_ (3.1.2) or compromise its operations
+one or multiple related and identified _information_ _security_ _events_ (3.1.14) that can harm an organization’s _assets_ (3.1.2) or compromise its operations
@ -306,11 +305,11 @@ ability to prove the occurrence of a claimed event or action and its originating
 **pers****onnel**
-persons doing work under the organization's direction
+persons doing work under the organization’s direction
-Note 1 to entry: The concept of personnel includes the organization's members, such as the governing body, top management, employees, temporary staff, contractors and volunteers.
+Note 1 to entry: The concept of personnel includes the organization’s members, such as the governing body, top management, employees, temporary staff, contractors and volunteers.
@ -348,7 +347,7 @@ any information that (a) can be used to establish a link between the information
-Note 1 to entry: The "natural person" in the definition is the _PII_ _principal_ (3.1.22). To determine whether a PII principal is identifiable, account should be taken of all the means which can reasonably be used by the privacy stakeholder holding the data, or by any other party, to establish the link between the set of PII and the natural person.
+Note 1 to entry: The “natural person” in the definition is the _PII_ _principal_ (3.1.22). To determine whether a PII principal is identifiable, account should be taken of all the means which can reasonably be used by the privacy stakeholder holding the data, or by any other party, to establish the link between the set of PII and the natural person.
@ -364,7 +363,7 @@ natural person to whom the _personally identifiable_ _information_ _(PII)_ (3.1.
-Note 1 to entry: Depending on the jurisdiction and the particular data protection and privacy legislation, the synonym "data subject" can also be used instead of the term "PII principal".
+Note 1 to entry: Depending on the jurisdiction and the particular data protection and privacy legislation, the synonym “data subject” can also be used instead of the term “PII principal”.
@ -394,7 +393,7 @@ intentions and direction of an organization, as formally expressed by its top ma
 **privacy** **impact** **assessment** **PIA**
-overall _process_ (3.1.27) of identifying, analysing, evaluating, consulting, communicating and planning the treatment of potential privacy impacts with regard to the processing of _personally_ _identifiable_ _information_ _(PII)_ (3.1.21), framed within an organization's broader risk management framework
+overall _process_ (3.1.27) of identifying, analysing, evaluating, consulting, communicating and planning the treatment of potential privacy impacts with regard to the processing of _personally_ _identifiable_ _information_ _(PII)_ (3.1.21), framed within an organization’s broader risk management framework
@ -434,11 +433,37 @@ information created, received and maintained as evidence and as an _asset_ (3.1.
 **4** © ISO/IEC 2022 – All rights reserved
 Licensed to ISO27DIY / Richard Kranendonk (rkranendonk@mac.com)
 ISO Store Order: OP-582678 / Downloaded: 2022-02-17 Single user licence only, copying and networking prohibited.
 **ISO/IEC 27002:2022(E)**
 Note 1 to entry: Legal obligations in this context include all legal, statutory, regulatory and contractual requirements.
-[SOURCE: ISO 15489-1:2016, 3.14, modified— "Note 1 to entry" added.]
+[SOURCE: ISO 15489-1:2016, 3.14, modified— “Note 1 to entry” added.]
@ -472,7 +497,7 @@ property of consistent intended behaviour and results
 **rule**
-accepted principle or instruction that states the organization's expectations on what is required to be done, what is allowed or not allowed
+accepted principle or instruction that states the organization’s expectations on what is required to be done, what is allowed or not allowed
@ -516,7 +541,7 @@ EXAMPLE Topic-specific policy on _access_ _control_ (3.1.1), topic-specific poli
 **u****ser**
-_interested_ _party_ (3.1.18) with access to the organization's _information_ _systems_ (3.1.17)
+_interested_ _party_ (3.1.18) with access to the organization’s _information_ _systems_ (3.1.17)
@ -524,6 +549,40 @@ EXAMPLE _Personnel_ (3.1.20), customers, suppliers.
 © ISO/IEC 2022 – All rights reserved
 **5**
 **ISO/IEC 27002:2022(E)**
 **3.1.37**
 **user** **endpoint** **device**
@ -554,90 +613,202 @@ weakness of an _asset_ (3.1.2) or _control_ (3.1.8) that can be exploited by one
 ABAC attribute-based access control
 ACL access control list
 BIA business impact analysis
 BYOD bring your own device
 CAPTCHA completely automated public Turing test to tell computers and humans apart
 CPU central processing unit
 DAC discretionary access control
 DNS domain name system
 GPS global positioning system
 IAM identity and access management
 ICT information and communication technology
 ID identifier
 IDE integrated development environment
 IDS intrusion detection system
 IoT internet of things
 IP internet protocol
 IPS intrusion prevention system
 IT information technology
 ISMS information security management system
 MAC mandatory access control
 NTP network time protocol
 PIA privacy impact assessment
 PII personally identifiable information
 **6** © ISO/IEC 2022 – All rights reserved
 Licensed to ISO27DIY / Richard Kranendonk (rkranendonk@mac.com)
 ISO Store Order: OP-582678 / Downloaded: 2022-02-17 Single user licence only, copying and networking prohibited.
 **ISO/IEC 27002:2022(E)**
 PIN personal identification number
 PKI public key infrastructure
 PTP precision time protocol
 RBAC role-based access control
 RPO recovery point objective
 RTO recovery time objective
 SAST static application security testing
 SD secure digital
 SDN software-defined networking
 SD-WAN software-defined wide area networking
 SIEM security information and event management
 SMS short message service
 SQL structured query language
 SSO single sign on
 SWID software identification
 UEBA user and entity behaviour analytics
 UPS uninterruptible power supply
 URL uniform resource locator
 USB universal serial bus
 VM virtual machine
 VPN virtual private network
 WiFi wireless fidelity
--- a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.12-Classification-of-information.md
+++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.12-Classification-of-information.md
@ -1,5 +1,3 @@
 #iso27002/2022/EN
 ## 5.12 Classification of information
 | Control type | Information security properties           | Cybersecurity concepts | Operational capabilities | Security domains     |
--- a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.28-Secure-coding.md
+++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.28-Secure-coding.md
@ -1,8 +1,3 @@
 | Control type | Information security properties           | Cybersecurity concepts | Operational capabilities                           | Security domains |
 | ------------ | ----------------------------------------- | ---------------------- | -------------------------------------------------- | ---------------- |
 | #Preventive  | #Confidentiality #Integrity #Availability | #Protect               | #Application_security #System_and_network_security | #Protection      |
 ## 8.28 Secure coding
 #### Control
--- a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.7-Protection-against-malware.md
+++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.7-Protection-against-malware.md
@ -1,4 +1,4 @@
-## 8.7  **Protection** **against** **malware**
+## 8.7  Protection against malware
 ## Control 
 Protection against malware should be implemented and supported by appropriate user awareness. 
--- a/Corpus/Standards/MoCs/ISO_27002_2022_8.25_MoC
+++ b/Corpus/Standards/MoCs/ISO_27002_2022_8.25_MoC
@ -1,5 +0,0 @@
 [[ISO_27002_2022_8.25_OT Secure development life cycle \|Original Text]]
 [[ISO_27002_2022_8.25_PE Secure development life cycle \|Plain English]]
 ISO 27002:2013: 14.2.1
 ![[../../../../iso27DIY-gis/reference/examples/ci-cd-pipeline-security-best-practices.pdf]]
--- a/prepend_frontmatter.py
+++ b/prepend_frontmatter.py