removed emoji from filenames, Obsidian changed all relevant links
|
Before Width: | Height: | Size: 87 KiB After Width: | Height: | Size: 87 KiB |
|
Before Width: | Height: | Size: 4.3 KiB After Width: | Height: | Size: 4.3 KiB |
|
Before Width: | Height: | Size: 70 KiB After Width: | Height: | Size: 70 KiB |
|
Before Width: | Height: | Size: 54 KiB After Width: | Height: | Size: 54 KiB |
|
Before Width: | Height: | Size: 1.1 MiB After Width: | Height: | Size: 1.1 MiB |
|
Before Width: | Height: | Size: 1.9 MiB After Width: | Height: | Size: 1.9 MiB |
|
Before Width: | Height: | Size: 204 KiB After Width: | Height: | Size: 204 KiB |
|
Before Width: | Height: | Size: 256 KiB After Width: | Height: | Size: 256 KiB |
|
Before Width: | Height: | Size: 26 KiB After Width: | Height: | Size: 26 KiB |
|
Before Width: | Height: | Size: 138 KiB After Width: | Height: | Size: 138 KiB |
|
Before Width: | Height: | Size: 3.5 KiB After Width: | Height: | Size: 3.5 KiB |
|
Before Width: | Height: | Size: 38 KiB After Width: | Height: | Size: 38 KiB |
|
Before Width: | Height: | Size: 28 KiB After Width: | Height: | Size: 28 KiB |
|
Before Width: | Height: | Size: 439 KiB After Width: | Height: | Size: 439 KiB |
|
|
@ -6,7 +6,7 @@
|
|||
|
||||
## Sparks
|
||||
[The ISMS in its context](The%20ISMS%20in%20its%20context.md)
|
||||
[Context analysis](../../📚️%20Literature%20notes/Context%20analysis.md)
|
||||
[Context analysis](../../Literature%20notes/Context%20analysis.md)
|
||||
|
||||
## Mark I content
|
||||
[ISO27DIY Video A.4 Context and Scope - Internal issues](../../Standards/ISO27x/legacy/iso27DIY%20mk%20I/ISO27DIY%20Video%20A.4%20Context%20and%20Scope%20-%20Internal%20issues.md)
|
||||
|
|
@ -27,12 +27,12 @@ Functiehuis (4.1)
|
|||
Organogram (4.1)
|
||||
Bedrijfsprocessen (4.1)
|
||||
SWOT (4.1)
|
||||
- [SWOT Analyses template](../../🎇%20Sparks/SWOT%20Analyses%20template.md)
|
||||
- [SWOT Analyses template](../../Sparks/SWOT%20Analyses%20template.md)
|
||||
DESTEP (4.2)
|
||||
Stakeholder analyse (4.2)
|
||||
Wet- en regelgeving (4.2, A5.31-A5.34)
|
||||
|
||||
## Further research
|
||||
- [ ] Assets?
|
||||
- [ ] Impactbepaling uit [Dataclassificatie Humankind](../../../🏭%20Clients/Humankind/Dataclassificatie%20Humankind.md)
|
||||
- [ ] Impactbepaling uit [Dataclassificatie Humankind](../../../Clients/Humankind/Dataclassificatie%20Humankind.md)
|
||||
|
||||
|
|
@ -10,4 +10,4 @@ There's also a link here to different stakeholders with different interests. Thi
|
|||
|
||||
Related:
|
||||
- [Labeling of information in the digital domain](Labeling%20of%20information%20in%20the%20digital%20domain.md).
|
||||
- [Stakeholder Analysis](../🎇%20Sparks/Stakeholder%20Analysis.md)
|
||||
- [Stakeholder Analysis](../Sparks/Stakeholder%20Analysis.md)
|
||||
|
|
@ -11,4 +11,4 @@ See:
|
|||
- [Authentication](../Standards/ISO27x/Authentication.md) – "This is how I prove it"
|
||||
- [Authorization](../Standards/ISO27x/Authorization.md) – "... then this is what you get access to"
|
||||
- [CISSP_Domain_5_1](../Standards/CISSP/CISSP_Domain_5_1.md), [CISSP_Domain_5_2](../Standards/CISSP/CISSP_Domain_5_2.md)
|
||||
- [Roles in Identity and Access Management (IAM)](../📚️%20Literature%20notes/Roles%20in%20Identity%20and%20Access%20Management%20(IAM).md)
|
||||
- [Roles in Identity and Access Management (IAM)](../Literature%20notes/Roles%20in%20Identity%20and%20Access%20Management%20(IAM).md)
|
||||
|
|
@ -1,7 +1,7 @@
|
|||
## Impact of Disruption
|
||||
|
||||
|
||||
[](../📎%20Attachments/TLP_Impact_matrix_NL.xlsx)
|
||||
[](../Attachments/TLP_Impact_matrix_NL.xlsx)
|
||||
|
||||
[BCP_Bedrijfscontinuïteitsplanning](../📚️%20Literature%20notes/BCP_Bedrijfscontinuïteitsplanning.md)
|
||||
[Business Impact Analysis (BIA)](../🎇%20Sparks/Business%20Impact%20Analysis%20(BIA).md)
|
||||
|
|
@ -19,4 +19,4 @@ See also the ISMS Tool and Overzicht beveiliging Excel sheets created for NHC:
|
|||
|
||||
|
||||
# Audit mode
|
||||
|
||||
|
||||
|
|
@ -12,13 +12,13 @@ Doelstellingen/KPI's
|
|||
- Methode risicoanalyse en -management (RAM)
|
||||
- Risicoanalyse en -management (RAM)
|
||||
- Maatregelen
|
||||
- Implementation planning; for inspiration, see [Topical InfoSec Kanban’s](../📚️%20Literature%20notes/Topical%20InfoSec%20Kanban’s.md)
|
||||
- Implementation planning; for inspiration, see [Topical InfoSec Kanban’s](../Literature%20notes/Topical%20InfoSec%20Kanban’s.md)
|
||||
- Monitoren en meten
|
||||
|
||||
### STRUCTUUR ISMS
|
||||
- Rollen
|
||||
- ISMS planning
|
||||
- for inspiration, see [Topical InfoSec Kanban’s](../📚️%20Literature%20notes/Topical%20InfoSec%20Kanban’s.md)
|
||||
- for inspiration, see [Topical InfoSec Kanban’s](../Literature%20notes/Topical%20InfoSec%20Kanban’s.md)
|
||||
|
||||
Interne audit planning
|
||||
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
[Core concepts of Privacy](../🎇%20Sparks/Core%20concepts%20of%20Privacy.md)
|
||||
[Core concepts of Privacy](../Sparks/Core%20concepts%20of%20Privacy.md)
|
||||
[AVG GDPR resources](../Standards/AVG/AVG%20GDPR%20resources.md)
|
||||
|
||||
Privacy in ISO 27001:
|
||||
|
|
@ -10,6 +10,6 @@ Articulate the risk appetite to:
|
|||
- help guide risk and reward decision-making
|
||||
- help to embed the right risk culture
|
||||
|
||||
See [Topical InfoSec Kanban’s](../📚️%20Literature%20notes/Topical%20InfoSec%20Kanban’s.md) for inspiration.
|
||||
See [Topical InfoSec Kanban’s](../Literature%20notes/Topical%20InfoSec%20Kanban’s.md) for inspiration.
|
||||
|
||||
See also [Risk tolerance](../🎇%20Sparks/Risk%20tolerance.md)
|
||||
|
Before Width: | Height: | Size: 483 KiB After Width: | Height: | Size: 483 KiB |
|
|
@ -1,6 +1,6 @@
|
|||
The Art of Service is a company offering knowledge resources for organizations that don't want to use external consultants.
|
||||
|
||||
See their [Topical InfoSec Kanban’s](../📚️%20Literature%20notes/Topical%20InfoSec%20Kanban’s.md) for an example.
|
||||
See their [Topical InfoSec Kanban’s](../Literature%20notes/Topical%20InfoSec%20Kanban’s.md) for an example.
|
||||
|
||||
This is their [website](https://theartofservice.com).
|
||||
|
||||
|
|
@ -7,9 +7,9 @@ See also:
|
|||
- [Assets](../🎇%20Sparks/Assets.md)
|
||||
- [Risks](../🎇%20Sparks/Risks.md)
|
||||
- [Threat](../📚️%20Literature%20notes/Threat.md)
|
||||
- [Vulnerability Disclosure Policy](../🎇%20Sparks/Vulnerability%20Disclosure%20Policy.md)
|
||||
- [Vulnerability Disclosure Policy](../Sparks/Vulnerability%20Disclosure%20Policy.md)
|
||||
- [Dealing with a reported application vulnerability Log4j](Dealing%20with%20a%20reported%20application%20vulnerability%20Log4j.md)
|
||||
- [Software vulnerability databases](../📚️%20Literature%20notes/Software%20vulnerability%20databases.md)
|
||||
- [Software vulnerability databases](../Literature%20notes/Software%20vulnerability%20databases.md)
|
||||
- (https://www.google.nl/search?q=software+vulnerability+databases)
|
||||
- [API Endpoint Vulnerabilities](https://www.reblaze.com/blog/api-security/how-hackers-attack-your-mobile-apps-part-3-api-endpoint-vulnerabilities/)
|
||||
- [NSA and CISA publish hardening guides](https://www.nsa.gov/Press-Room/News-Highlights/Article/Article/2716980/nsa-cisa-release-kubernetes-hardening-guidance/utm_source/nsa-cisa-release-kubernetes-hardening-guidance/)
|
||||
|
|
@ -12,7 +12,7 @@ It is moderately suitable for distribution to them in a company setting.
|
|||
- [ISO 27001 A.14.2.1 Secure development policy](../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A.14.2.1%20Secure%20development%20policy.md)
|
||||
|
||||
Related:
|
||||
- [DevSecOps and ISO 27k](../🎇%20Sparks/DevSecOps%20and%20ISO%2027k.md)
|
||||
- [DevSecOps and ISO 27k](../Sparks/DevSecOps%20and%20ISO%2027k.md)
|
||||
|
||||
# Achieving Application Security in Agile
|
||||
Weave security thinking into the Agile process. Adding it on later will be less secure, more costly and will probably achieve not enough attention because of release deadlines.
|
||||
|
Before Width: | Height: | Size: 228 KiB After Width: | Height: | Size: 228 KiB |
|
|
@ -7,7 +7,7 @@ Producten:
|
|||
## Literatuur
|
||||
|
||||
- BCP.mindnode op iCloud > Best Practices
|
||||
- evt. [CIS Critical Security Controls](../🎇%20Sparks/CIS%20Critical%20Security%20Controls.md) als raamwerk
|
||||
- evt. [CIS Critical Security Controls](../Sparks/CIS%20Critical%20Security%20Controls.md) als raamwerk
|
||||
- ISO-22301-2019 'Business continuity management systems' en ISO-22313-2020 'Guidance on the use of ISO 22301'
|
||||
- [CISSP, Chapter 3](../Standards/CISSP/CISSP_OSG_Chapter_3.md)
|
||||
|
||||
|
|
@ -17,7 +17,7 @@ Bedrijfscontinuïteitsplanning is een continu proces, met als doel het implement
|
|||
Belangrijke onderdelen van Bedrijfscontinuïteitsplanning zijn de Bedrijfsimpact Analyse ([BIA](../🎇%20Sparks/Business%20Impact%20Analysis%20(BIA).md)) en het Herstelplan ('Disaster Recovery Plan' / [DRP](../🎇%20Sparks/Disaster%20Recovery%20Planning.md)).
|
||||
De BIA richt zich op het identificeren van de impact van verstoringen op de bedrijfsprocessen, en het Herstelplan richt zich op het herstel van de normale bedrijfsprocessen na een verstoring en de eventuele inzet van alternatieve middelen of werkwijzen .
|
||||
|
||||
Zie ook: [Het belang van een Bedrijfscontinuïteitsplan](../🎇%20Sparks/Belang%20van%20een%20BCP.md) / [The importance of having a business continuity plan](../🎇%20Sparks/Importance%20of%20a%20BCP.md).
|
||||
Zie ook: [Het belang van een Bedrijfscontinuïteitsplan](../Sparks/Belang%20van%20een%20BCP.md) / [The importance of having a business continuity plan](../Sparks/Importance%20of%20a%20BCP.md).
|
||||
|
||||
|
||||
## Aanpak
|
||||
|
|
@ -143,7 +143,7 @@ Scenario's opstellen o.b.v. risicoanalyse
|
|||
See also:
|
||||
- [Disaster Recovery Planning](../🎇%20Sparks/Disaster%20Recovery%20Planning.md)
|
||||
- [Checklist for auditing Business Continuity and Disaster Recovery](Checklists%20Gerardus%20Blokdyk/Checklist%20for%20auditing%20Business%20Continuity%20and%20Disaster%20Recovery.md)
|
||||
- [Ransomware Playbook](../🎇%20Sparks/Ransomware%20Playbook.md)
|
||||
- [Ransomware Playbook](../Sparks/Ransomware%20Playbook.md)
|
||||
|
||||
ISO controls:
|
||||
- 5.29:
|
||||
|
|
@ -12,7 +12,7 @@ All of them – just to link this note somewhere:
|
|||
|
||||
Related:
|
||||
- [Vendor security MoC](../../🎇%20Sparks/Vendor%20security%20MoC.md)
|
||||
- [ISO 27k family](../../../../iso27DIY-gis/reference/Examples/ISO%2027k%20family.md): ISO 27017, ISO 27018
|
||||
- [ISO 27k family](../../../../iso27DIY-gis/reference/examples/ISO%2027k%20family.md): ISO 27017, ISO 27018
|
||||
|
||||
## Organized By Key Themes: Security, Management, Risk, Cloud, Data, Software, Development, Technology, Network and Project:
|
||||
|
||||
|
|
@ -10,7 +10,7 @@ Relevant ISO 27001 clauses/controls:
|
|||
|
||||
Related:
|
||||
- [Operational Technology](../../💡Drafts%20and%20Ideas/Operational%20Technology.md)
|
||||
- [DevSecOps and ISO 27k](../../🎇%20Sparks/DevSecOps%20and%20ISO%2027k.md)
|
||||
- [DevSecOps and ISO 27k](../../Sparks/DevSecOps%20and%20ISO%2027k.md)
|
||||
|
||||
## DevOps IoT: Ask This;
|
||||
|
||||
|
|
@ -8,7 +8,7 @@ Relevant ISO 27001 clauses/controls:
|
|||
- [ISO 27001 A 18 Compliance](../../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%2018%20Compliance.md)
|
||||
|
||||
Related:
|
||||
[External audits](../../🎇%20Sparks/External%20audits.md)
|
||||
[External audits](../../Sparks/External%20audits.md)
|
||||
[ISO 27001 audit process](../../Standards/ISO27x/ISO%2027001%20audit%20process.md)
|
||||
|
||||
|
||||