removed emoji from filenames, Obsidian changed all relevant links
This commit is contained in:
parent
d316285a74
commit
68f1c38681
638 changed files with 710 additions and 3176 deletions
|
|
@ -74,7 +74,7 @@ Zie ook [AVG lijst artikelnummers](AVG%20lijst%20artikelnummers.md)
|
|||
|
||||
- [Artikel 37 Aanwijzing van de functionaris voor gegevensbescherming](AVG-OST/AVG2018-Art-37.md)
|
||||
- [Artikel 38 Positie van de functionaris voor gegevensbescherming](AVG-OST/AVG2018-Art-38.md)
|
||||
- [Artikel 39 Taken van de functionaris voor gegevensbescherming](../../🎇%20Sparks/Artikel%2039%20Taken%20van%20de%20functionaris%20voor%20gegevensbescherming.md)
|
||||
- [Artikel 39 Taken van de functionaris voor gegevensbescherming](../../Sparks/Artikel%2039%20Taken%20van%20de%20functionaris%20voor%20gegevensbescherming.md)
|
||||
|
||||
## Afdeling 5 - Gedragscodes en certificering
|
||||
|
||||
|
|
|
|||
|
|
@ -38,7 +38,7 @@ Zie ook [AVG lijst artikelen](AVG%20lijst%20artikelen.md)
|
|||
[Art. 36](AVG-OST/AVG2018-Art-36.md)
|
||||
[Art. 37](AVG-OST/AVG2018-Art-37.md)
|
||||
[Art. 38](AVG-OST/AVG2018-Art-38.md)
|
||||
[Art. 39](../../🎇%20Sparks/Artikel%2039%20Taken%20van%20de%20functionaris%20voor%20gegevensbescherming.md)
|
||||
[Art. 39](../../Sparks/Artikel%2039%20Taken%20van%20de%20functionaris%20voor%20gegevensbescherming.md)
|
||||
[Art. 40](AVG-OST/AVG2018-Art-40.md)
|
||||
[Art. 41](AVG-OST/AVG2018-Art-41.md)
|
||||
[Art. 42](AVG-OST/AVG2018-Art-42.md)
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@ Bron: [Advisera](https://advisera.com/eugdpracademy/knowledgebase/list-of-mandat
|
|||
| Register Datalekken | [33](AVG-OST/AVG2018-Art-33.md) |
|
||||
| Meldingsformulier AP – op website AP | [33](AVG-OST/AVG2018-Art-33.md) |
|
||||
| Meldingsformulier betrokkenen | [34](AVG-OST/AVG2018-Art-34.md) |
|
||||
| Functiebeschrijving Functionaris Gegevensbescherming | [37](AVG-OST/AVG2018-Art-37.md), [38](AVG-OST/AVG2018-Art-38.md), [39](../../🎇%20Sparks/Artikel%2039%20Taken%20van%20de%20functionaris%20voor%20gegevensbescherming.md) |
|
||||
| Functiebeschrijving Functionaris Gegevensbescherming | [37](AVG-OST/AVG2018-Art-37.md), [38](AVG-OST/AVG2018-Art-38.md), [39](../../Sparks/Artikel%2039%20Taken%20van%20de%20functionaris%20voor%20gegevensbescherming.md) |
|
||||
| Verwerkingsregister | [30](AVG-OST/AVG2018-Art-30.md) |
|
||||
| Standard Contractual Clauses for the Transfer of Personal Data to Controllers ([^1]) | [46](AVG-OST/AVG2018-Art-46.md) |
|
||||
| Standard Contractual Clauses for the Transfer of Personal Data to Processors ([^1]) | [46](AVG-OST/AVG2018-Art-46.md) |
|
||||
|
|
@ -44,4 +44,4 @@ Bron: [Advisera](https://advisera.com/eugdpracademy/knowledgebase/list-of-mandat
|
|||
|
||||
|
||||
## Voorbeelden
|
||||
[Example introduction for an Internal Privacy Policy](../../📚️%20Literature%20notes/Example%20introduction%20for%20an%20Internal%20Privacy%20Policy.md)
|
||||
[Example introduction for an Internal Privacy Policy](../../Literature%20notes/Example%20introduction%20for%20an%20Internal%20Privacy%20Policy.md)
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ Version: "2022"
|
|||
Sheets in de cursusmap behandelen:
|
||||
- samenstelling leidende coalitie (p.2)
|
||||
- impact op de organisatie (p.2)
|
||||
- veranderen / [Theory of planned behavior](../../📚️%20Literature%20notes/Theory%20of%20planned%20behavior.md) [^1] (p.3)
|
||||
- veranderen / [Theory of planned behavior](../../Literature%20notes/Theory%20of%20planned%20behavior.md) [^1] (p.3)
|
||||
- borging in de organisatie (p.4)
|
||||
|
||||
[^1]: Icek Ajzen
|
||||
|
|
|
|||
|
|
@ -31,7 +31,7 @@ Trike is also a risk based threat modeling methodology.
|
|||
Visual, Agile, and Simple Threat (VAST) modeling is based on Agile principles. The goal is to integrate threat and risk management into an Agile programming environment.
|
||||
|
||||
### OCTAVE
|
||||
see Defensive Security Handbook [Chapter 1: Risk Management](../../📚️%20Literature%20notes/Def_Sec_Handbook_Chapter_1.md#Chapter%201%20Risk%20Management)
|
||||
see Defensive Security Handbook [Chapter 1: Risk Management](../../Literature%20notes/Def_Sec_Handbook_Chapter_1.md#Chapter%201%20Risk%20Management)
|
||||
## Diagramming Potential Attacks
|
||||
See pp 35-36
|
||||
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@ Authentication is the proof of identity that is achieved through providing crede
|
|||
|
||||
See also:
|
||||
- [a-8.5-Secure-authentication](OST/27002/EN/a-8.5-Secure-authentication.md)
|
||||
- [Authentication Methods Used for Network Security](../../📚️%20Literature%20notes/Authentication%20Methods%20Used%20for%20Network%20Security.md)
|
||||
- [Authentication Methods Used for Network Security](../../Literature%20notes/Authentication%20Methods%20Used%20for%20Network%20Security.md)
|
||||
- [Identity and Access Management (IAM)](../../💡Drafts%20and%20Ideas/Identity%20and%20Access%20Management%20(IAM).md)
|
||||
- [Authorization](Authorization.md)
|
||||
- [Identification](../../💡Drafts%20and%20Ideas/Identification.md)
|
||||
|
|
|
|||
|
|
@ -2,11 +2,11 @@
|
|||
Authorization is the mechanism that determines the access level(s) of the subjects to the objects.
|
||||
|
||||
See also:
|
||||
- [Authorization vs Access Control](../../🎇%20Sparks/Authorization%20vs%20Access%20Control.md)
|
||||
- [Access Control Models](../../🎇%20Sparks/Access%20Control%20Models.md)
|
||||
- [Authorization vs Access Control](../../Sparks/Authorization%20vs%20Access%20Control.md)
|
||||
- [Access Control Models](../../Sparks/Access%20Control%20Models.md)
|
||||
- [Authentication](Authentication.md)
|
||||
- [Identification](../../💡Drafts%20and%20Ideas/Identification.md)
|
||||
- [CASSM Consumer Authentication Strength Maturity Model](../../📚️%20Literature%20notes/CASSM%20Consumer%20Authentication%20Strength%20Maturity%20Model.md)
|
||||
- [CASSM Consumer Authentication Strength Maturity Model](../../Literature%20notes/CASSM%20Consumer%20Authentication%20Strength%20Maturity%20Model.md)
|
||||
- [Identity and Access Management (IAM)](../../💡Drafts%20and%20Ideas/Identity%20and%20Access%20Management%20(IAM).md)
|
||||
- [a-5.15-Access-control](OST/27002/EN/a-5.15-Access-control.md) ???
|
||||
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
Based on ISO 27001 and ISO 27002, a governance model for your ISMS should be structured around **Top Management's accountability** while delegating the **tactical execution** to specific information security roles.
|
||||
|
||||
*See [Basic ISMS governance model](../../💡Drafts%20and%20Ideas/ISMS/Basic%20ISMS%20governance%20model.md) for a compacted version*
|
||||
*See [Basic ISMS governance model](../../Drafts%20and%20Ideas/ISMS/Basic%20ISMS%20governance%20model.md) for a compacted version*
|
||||
## Related to the Policies Lifecycle
|
||||
|
||||
Here is a suggested governance model mapping the lifecycle of security policies (commissioning, drafting, approving, etc.) to the specific roles mandated by the standards.
|
||||
|
|
|
|||
|
|
@ -26,14 +26,14 @@ NL brontekst:
|
|||
|
||||
See also:
|
||||
- [Plain English ISO IEC 27002 2005 from Praxiom](https://www.praxiom.com/iso-17799-objectives.htm)
|
||||
- [Changes in ISO 27001:2022 (table)](../../🎇%20Sparks/Detailed%20comparison%20between%202017%20and%202022.md)
|
||||
- [Changes in ISO 27001:2022 (table)](../../Sparks/Detailed%20comparison%20between%202017%20and%202022.md)
|
||||
- [[ISO 27002 2022 What's New]]
|
||||
- [ISO_27001_2023_NL_Aanpassingen](OST/ISO_27001_2023_NL_Aanpassingen.md)
|
||||
- [Changes in ISO 27001_2022_Advisera](../../../../iso27DIY-gis/reference/Changes%20in%20ISO%2027001_2022_Advisera.md)
|
||||
- [IBB op hoofdlijnen](OST/IBB%20op%20hoofdlijnen.md)
|
||||
- [ISO 27001 2023 Processen en Artefacten](OST/ISO%2027001%202023%20Processen%20en%20Artefacten.md)
|
||||
- [Advised Documents for ISO 27001](../../../../iso27DIY-gis/reference/Advised%20Documents%20for%20ISO%2027001.md)
|
||||
- [Types of Controls](../../🎇%20Sparks/Types%20of%20Controls.md)
|
||||
- [Types of Controls](../../Sparks/Types%20of%20Controls.md)
|
||||
|
||||
Depreciated:
|
||||
[ISO_27001_2013_EN_Index](legacy/ISO%2027001%202013/ISO_27001_2013_EN_Index.md)
|
||||
|
|
|
|||
|
|
@ -1,8 +1,8 @@
|
|||
# Workshop Business Impact Analyse
|
||||
|
||||
Voorbeelden:
|
||||
- [BIA Workshop DAK](../../../../🏭%20Clients/DAK/BIA%20Workshop%20DAK.md)
|
||||
- [BIA en DRP Sessies HK](../../../../🏭%20Clients/Humankind/BIA%20en%20DRP%20Sessies%20HK.md)
|
||||
- [BIA Workshop DAK](../../../../Clients/DAK/BIA%20Workshop%20DAK.md)
|
||||
- [BIA en DRP Sessies HK](../../../../Clients/Humankind/BIA%20en%20DRP%20Sessies%20HK.md)
|
||||
|
||||
[Verbeterlijst](Verbeterlijst%20Producten.md#BIA%20Workshop)
|
||||
|
||||
|
|
@ -29,7 +29,7 @@ Voorbereiding:
|
|||
|
||||
3. Impact:
|
||||
- hoe lang kan mag een systeem of bepaalde informatie niet beschikbaar zijn, voordat we ernstige schade oplopen?
|
||||
- Wat is 'ernstige schade'? -> - [TLP impact matrix](../../../📚️%20Literature%20notes/Traffic%20Light%20Protocol%20TLP.md)
|
||||
- Wat is 'ernstige schade'? -> - [TLP impact matrix](../../../Literature%20notes/Traffic%20Light%20Protocol%20TLP.md)
|
||||
- MTPD – Maximum tolerable period of disruption (business process): uur / dag / week / maand
|
||||
- MTD – Maximum Tolerable Downtime (assets) – uit de lucht zijn
|
||||
|
||||
|
|
|
|||
|
|
@ -1,8 +1,8 @@
|
|||
# Workshop Disaster Recovery Planning
|
||||
|
||||
Voorbeelden:
|
||||
- [IRP Workshop DAK](../../../../🏭%20Clients/DAK/IRP%20Workshop%20DAK.md)
|
||||
- [BIA en DRP Sessies HK](../../../../🏭%20Clients/Humankind/BIA%20en%20DRP%20Sessies%20HK.md)
|
||||
- [IRP Workshop DAK](../../../../Clients/DAK/IRP%20Workshop%20DAK.md)
|
||||
- [BIA en DRP Sessies HK](../../../../Clients/Humankind/BIA%20en%20DRP%20Sessies%20HK.md)
|
||||
|
||||
Literatuur:
|
||||
- [Disaster Recovery Planning](../../../🎇%20Sparks/Disaster%20Recovery%20Planning.md)
|
||||
|
|
|
|||
|
|
@ -1,11 +1,11 @@
|
|||
# Product: dataclassificatie volgens TLP
|
||||
|
||||
Template: [](../../../📎%20Attachments/TLP_Impact_matrix_NL.xlsx)
|
||||
Toegepast voor Humankind: [Dataclassificatie Humankind](../../../../🏭%20Clients/Humankind/Dataclassificatie%20Humankind.md)
|
||||
Template: [](../../../Attachments/TLP_Impact_matrix_NL.xlsx)
|
||||
Toegepast voor Humankind: [Dataclassificatie Humankind](../../../../Clients/Humankind/Dataclassificatie%20Humankind.md)
|
||||
|
||||
## Flow
|
||||
|
||||
1. Vaststellen risicobereidheid ([impactgebieden](../../../🎇%20Sparks/impactgebieden.md) en [TLP-niveaus](../../../📚️%20Literature%20notes/Traffic%20Light%20Protocol%20TLP.md))
|
||||
1. Vaststellen risicobereidheid ([impactgebieden](../../../Sparks/impactgebieden.md) en [TLP-niveaus](../../../Literature%20notes/Traffic%20Light%20Protocol%20TLP.md))
|
||||
- Beschikbaarheid evt. te kwantificering door omzetverlies per dag (financiën)
|
||||
2. Identificeren en Classificeren van informatie-assets
|
||||
- Op de as Beschikbaarheid: te bepalen door de Operatie, m.b.v. de BIA
|
||||
|
|
@ -14,5 +14,5 @@ Toegepast voor Humankind: [Dataclassificatie Humankind](../../../../🏭%20Clien
|
|||
- verzamelen wat al 'in place' is met IT
|
||||
|
||||
Aanvullen met:
|
||||
- [Aanpak voor beleidsmatig toegangsbeheer DAK](../../../../🏭%20Clients/DAK/Inventarisatie%20beheer%20SaaS%20applicaties%20DAK.md#Voorgestelde%20aanpak%20voor%20beleidsmatig%20toegangsbeheer)
|
||||
- [Dataclassificatie Humankind](../../../../🏭%20Clients/Humankind/Dataclassificatie%20Humankind.md)
|
||||
- [Aanpak voor beleidsmatig toegangsbeheer DAK](../../../../Clients/DAK/Inventarisatie%20beheer%20SaaS%20applicaties%20DAK.md#Voorgestelde%20aanpak%20voor%20beleidsmatig%20toegangsbeheer)
|
||||
- [Dataclassificatie Humankind](../../../../Clients/Humankind/Dataclassificatie%20Humankind.md)
|
||||
|
|
|
|||
|
|
@ -9,4 +9,4 @@
|
|||
- klimaat
|
||||
- supplies
|
||||
|
||||
[Hulplijst systemen voor DAK kindercentra](../../../../../🏭%20Clients/DAK/Hulplijst%20systemen%20voor%20DAK%20kindercentra.md)
|
||||
[Hulplijst systemen voor DAK kindercentra](../../../../../Clients/DAK/Hulplijst%20systemen%20voor%20DAK%20kindercentra.md)
|
||||
|
|
@ -1,6 +1,6 @@
|
|||
Voorbeelden:
|
||||
- [Pentest DAK](../../../../🏭%20Clients/DAK/Pentest%20DAK.md)
|
||||
- [Pentest Humankind](../../../../🏭%20Clients/Humankind/Pentest%20Humankind.md)
|
||||
- [Pentest DAK](../../../../Clients/DAK/Pentest%20DAK.md)
|
||||
- [Pentest Humankind](../../../../Clients/Humankind/Pentest%20Humankind.md)
|
||||
|
||||
[Verbeterlijst](Verbeterlijst%20Producten.md#Uitvraag%20Pentest)
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
# Verbeterlijst producten
|
||||
## [Selectie en implementatie van Technologie bij Humankind](../../../../🏭%20Clients/Humankind/Selectie%20en%20implementatie%20van%20Technologie%20bij%20Humankind.md)
|
||||
## [Selectie en implementatie van Technologie bij Humankind](../../../../Clients/Humankind/Selectie%20en%20implementatie%20van%20Technologie%20bij%20Humankind.md)
|
||||
|
||||
Toevoegen bij Projectfase:
|
||||
- bij de installatie van software en systemen moet altijd direct de standaard authenticatie-informatie worden gewijzigd – dit geldt ook voor bijv. wachtwoorden die door verkopers/consultants verstrekt worden;
|
||||
|
|
@ -13,20 +13,20 @@ Toevoegen bij Projectfase:
|
|||
- Criteria OWASP voor SaaS applicaties kunnen een referentie zijn om de systemen van SaaS leveranciers te testen
|
||||
|
||||
## Risico inventarisatie
|
||||
[Risico-inventarisatie DAK](../../../../🏭%20Clients/DAK/Risico-inventarisatie%20DAK.md), [Rapportage Risico inventarisatie Humankind](../../../../🏭%20Clients/Humankind/Rapportage%20Risico%20inventarisatie%20Humankind.md)
|
||||
[Risico-inventarisatie DAK](../../../../Clients/DAK/Risico-inventarisatie%20DAK.md), [Rapportage Risico inventarisatie Humankind](../../../../Clients/Humankind/Rapportage%20Risico%20inventarisatie%20Humankind.md)
|
||||
- Maak een datagraph van de risico's en aanbevelingen, die zijn grotendeels gelijk voor vergelijkbare organisaties
|
||||
- Doe dit evt ook voor de TrustBound smart hub
|
||||
|
||||
## [BIA Workshop](BIA%20Workshop.md)
|
||||
|
||||
Uit de [BIA Workshop DAK](../../../../🏭%20Clients/DAK/BIA%20Workshop%20DAK.md):
|
||||
Uit de [BIA Workshop DAK](../../../../Clients/DAK/BIA%20Workshop%20DAK.md):
|
||||
- Leon vond de nadruk teveel liggen op de continuïteit van kantoorprocessen, en teveel op financiële impact. 'Reputatie is vele malen belangrijker voor een kinderopvang organisatie dan dat de facturen er per einde maand uitgaan.' Eigen conclusie: beter eerst de belangrijkste impactgebieden bepalen, bijv. met de [Dataclassificatie volgens TLP](Dataclassificatie%20volgens%20TLP.md).
|
||||
|
||||
## Data classificatie
|
||||
met de [Dataclassificatie volgens TLP](Dataclassificatie%20volgens%20TLP.md).
|
||||
|
||||
Proces
|
||||
1. Bepalen belangrijkste [impactgebieden](../../../🎇%20Sparks/impactgebieden.md)
|
||||
1. Bepalen belangrijkste [impactgebieden](../../../Sparks/impactgebieden.md)
|
||||
2. Kwalificeren / kwantificeren niveaus
|
||||
3. Bepalen bijbehorende maatregelen 'at rest, in transit, in use'
|
||||
4. Definiëren informatietypen binnen de niveaus
|
||||
|
|
|
|||
|
|
@ -7,13 +7,13 @@ Recent:
|
|||
- [ISO 27001 Leadership Responsibilities](ISO%2027001%20Leadership%20Responsibilities.md)
|
||||
- [ISO 27001 Top Management responsibilities](ISO%2027001%20Top%20Management%20responsibilities.md)
|
||||
- [Governance model for Policies and Controls](Governance%20model%20for%20Policies%20and%20Controls.md)
|
||||
- [Basic ISMS governance model](../../💡Drafts%20and%20Ideas/ISMS/Basic%20ISMS%20governance%20model.md)
|
||||
- [Basic ISMS governance model](../../Drafts%20and%20Ideas/ISMS/Basic%20ISMS%20governance%20model.md)
|
||||
- [m400-more-governance](../../../../iso27DIY-gis/guide/m400/m400-more-governance.md)
|
||||
|
||||
Older:
|
||||
- [Roles and Responsibilities](../../🎇%20Sparks/Roles%20and%20Responsibilities.md)
|
||||
- [Risk ownership](../../🎇%20Sparks/Risk%20ownership.md)
|
||||
- [Ideas on Risk Ownership](../../🎇%20Sparks/Ideas%20on%20Risk%20Ownership.md)
|
||||
- [Ideas on Risk Ownership](../../Sparks/Ideas%20on%20Risk%20Ownership.md)
|
||||
- [Asset ownership](../../🎇%20Sparks/Asset%20ownership.md)
|
||||
- [Procuratieregeling](../../Various/Procuratieregeling.md)
|
||||
- [Control ownership](../../🎇%20Sparks/Control%20ownership.md)
|
||||
- [Control ownership](../../Sparks/Control%20ownership.md)
|
||||
|
|
|
|||
|
|
@ -50,4 +50,4 @@ The controls in Annex A are often described in just one or two sentences. You mu
|
|||
## Footnotes
|
||||
|
||||
[^1]: There's also a [Clause 8.3](../../../MoCs/ISO_27001_2022_8.3_MoC%20Information%20security%20risk%20treatment.md) Information security risk treatment in ISO 27001. It's very short: The organization shall implement the information security risk treatment plan, and it shall retain documented information on the treatments' results.
|
||||
[^2]: See also [About the Statement of Applicability](../../../💡Drafts%20and%20Ideas/ISMS/About%20the%20Statement%20of%20Applicability.md).
|
||||
[^2]: See also [About the Statement of Applicability](../../../Drafts%20and%20Ideas/ISMS/About%20the%20Statement%20of%20Applicability.md).
|
||||
|
|
@ -27,6 +27,6 @@ Related ISO clauses and controls:
|
|||
Related ideas:
|
||||
- [ISO27DIY Recipe for Policy Cards](iso27DIY%20mk%20I/ISO27DIY%20Recipe%20for%20Policy%20Cards.md)
|
||||
- [BC5701_Training_Tab_03_MS](../../BC%205701/BC5701_Training_Tab_03_MS.md#Beleid)
|
||||
- [Modules, Screens and Content](../../../💡Drafts%20and%20Ideas/Modules,%20Screens%20and%20Content.md)
|
||||
- [Modules, Screens and Content](../../../Drafts%20and%20Ideas/Modules,%20Screens%20and%20Content.md)
|
||||
- [🧰 Resource portal](iso27DIY%20mk%20I/🧰%20Resource%20portal.md)
|
||||
- [Topical InfoSec Kanban’s](../../../📚️%20Literature%20notes/Topical%20InfoSec%20Kanban’s.md)
|
||||
- [Topical InfoSec Kanban’s](../../../Literature%20notes/Topical%20InfoSec%20Kanban’s.md)
|
||||
|
|
|
|||
|
|
@ -3,4 +3,4 @@
|
|||
An appropriate set of procedures for information labelling shall be developed and implemented in accordance with the information classification scheme adopted by the organization.
|
||||
|
||||
Related:
|
||||
- [Labeling of information in the digital domain](../../../../💡Drafts%20and%20Ideas/Labeling%20of%20information%20in%20the%20digital%20domain.md)
|
||||
- [Labeling of information in the digital domain](../../../../Drafts%20and%20Ideas/Labeling%20of%20information%20in%20the%20digital%20domain.md)
|
||||
|
|
@ -2,14 +2,14 @@
|
|||
|
||||
- Easier sales
|
||||
- Accelerates your customer’s Purchase Decision Process ("Sell with Confidence. Worldwide.")
|
||||
- Certification for this standard is increasingly becoming a knock-out criterium for [Examples of vendor selection questionnaires](../../../../🎇%20Sparks/Examples%20of%20vendor%20selection%20questionnaires.md).
|
||||
- Certification for this standard is increasingly becoming a knock-out criterium for [Examples of vendor selection questionnaires](../../../../Sparks/Examples%20of%20vendor%20selection%20questionnaires.md).
|
||||
- Raises your infosec maturity level
|
||||
- Raise your [Maturity Models](../../../../📚️%20Literature%20notes/Maturity%20Models.md) from incident driven to improvement focussed
|
||||
- Continual improvement of security
|
||||
- Increased resilience
|
||||
- be prepared for events that threaten your business continuity
|
||||
- Accountability / responsibility
|
||||
- [Corporate social responsibility](../../../../📚️%20Literature%20notes/Corporate%20social%20responsibility.md)
|
||||
- [Corporate social responsibility](../../../../Literature%20notes/Corporate%20social%20responsibility.md)
|
||||
- Voorkómen maatschappelijke ontwrichting (voorbeeld: een massale cyberaanval legt de Rotterdamse havens stil)
|
||||
- Encourage transparency. "We believe that transparency, such as having a permissive vulnerability disclosure policy (VDP) that encourages security research, is a key characteristic of a good, mature security program".
|
||||
- https://www.maastrichtuniversity.nl/data-protection-corporate-social-responsibility
|
||||
|
|
@ -1,6 +1,6 @@
|
|||
The following picture is actually about a more general 'IT Service Managment system' but can be adapted to clarify the structure of [ISO 27001 A.13.2 Information transfer](../ISO%2027001%202013/ISO%2027001%20A.13.2%20Information%20transfer.md).
|
||||
|
||||
|
||||
|
||||
|
||||
Source: https://theartofservice.com/wp-content/uploads/2021/07/Picture-1.png
|
||||
|
||||
|
|
|
|||
|
|
@ -19,5 +19,5 @@ There's a [Things project](things:///show?id=WrsCKrKd86aYAUxCoo7KhC) for creatin
|
|||
### Related notes
|
||||
- [ISO27DIY membership tiers](ISO27DIY%20membership%20tiers.md)
|
||||
- For identifying and creating further additional resources, see the [Working back from the Annex A dashboard](Working%20back%20from%20the%20Annex%20A%20dashboard.md) note.
|
||||
- [Blurbs](../../../../🎇%20Sparks/Blurbs.md)
|
||||
- [Blurbs](../../../../Sparks/Blurbs.md)
|
||||
|
||||
|
|
|
|||
|
|
@ -1,3 +1,3 @@
|
|||
- [Perverse prikkels in de normindustrie](../../../../💡Drafts%20and%20Ideas/Perverse%20prikkels%20in%20de%20normindustrie.md)
|
||||
- [GRC software is geschreven voor domeindeskundigen](../../../../💡Drafts%20and%20Ideas/GRC%20software%20is%20geschreven%20voor%20domeindeskundigen.md)
|
||||
- [Problems solved](../../../../💡Drafts%20and%20Ideas/Problems%20solved.md)
|
||||
- [Perverse prikkels in de normindustrie](../../../../Drafts%20and%20Ideas/Perverse%20prikkels%20in%20de%20normindustrie.md)
|
||||
- [GRC software is geschreven voor domeindeskundigen](../../../../Drafts%20and%20Ideas/GRC%20software%20is%20geschreven%20voor%20domeindeskundigen.md)
|
||||
- [Problems solved](../../../../Drafts%20and%20Ideas/Problems%20solved.md)
|
||||
|
|
|
|||
|
|
@ -1,15 +1,15 @@
|
|||
Child notes:
|
||||
- [Blurbs](../../../../🎇%20Sparks/Blurbs.md)
|
||||
- [Toegevoegde waarde van ISO27DIY](../../../../💡Drafts%20and%20Ideas/Toegevoegde%20waarde%20van%20ISO27DIY.md)
|
||||
- [Blurbs](../../../../Sparks/Blurbs.md)
|
||||
- [Toegevoegde waarde van ISO27DIY](../../../../Drafts%20and%20Ideas/Toegevoegde%20waarde%20van%20ISO27DIY.md)
|
||||
- [Friendly targets](../../../../../../💡Permanent%20ideas/Friendly%20targets.md)
|
||||
- [Possible Colabs](../../../../🎇%20Sparks/Possible%20Colabs.md)
|
||||
- [List of possible partners](../../../../💡Drafts%20and%20Ideas/List%20of%20possible%20partners.md)
|
||||
- [Possible Colabs](../../../../Sparks/Possible%20Colabs.md)
|
||||
- [List of possible partners](../../../../Drafts%20and%20Ideas/List%20of%20possible%20partners.md)
|
||||
- [ISO27DIY Business drivers](ISO27DIY%20Business%20drivers.md)
|
||||
- [AuditGlue Business model](../AuditGlue%20Business%20model.md)
|
||||
- [[### Related notes
|
||||
- [ISO27DIY membership tiers](ISO27DIY%20membership%20tiers.md)
|
||||
- For identifying and creating further additional resources, see the [Working back from the Annex A dashboard](Working%20back%20from%20the%20Annex%20A%20dashboard.md) note.
|
||||
- [Blurbs](../../../../🎇%20Sparks/Blurbs.md)
|
||||
- [Blurbs](../../../../Sparks/Blurbs.md)
|
||||
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -6,4 +6,4 @@ Examples / templates may be offered as a (freebee) resource - see [🧰 Resource
|
|||
|
||||
Related:
|
||||
- [Working back from the Annex A dashboard](Working%20back%20from%20the%20Annex%20A%20dashboard.md)
|
||||
- See [Topical InfoSec Kanban’s](../../../../📚️%20Literature%20notes/Topical%20InfoSec%20Kanban’s.md) for inspiration.
|
||||
- See [Topical InfoSec Kanban’s](../../../../Literature%20notes/Topical%20InfoSec%20Kanban’s.md) for inspiration.
|
||||
|
|
@ -12,7 +12,7 @@ In this video you'll learn how to create a stakeholder analysis, identifying the
|
|||
|
||||
> Examine "external stakeholders’ relationships, perceptions, values, needs and expectations"
|
||||
|
||||
- [ ] See also [Stakeholder Analysis](../../../../🎇%20Sparks/Stakeholder%20Analysis.md)
|
||||
- [ ] See also [Stakeholder Analysis](../../../../Sparks/Stakeholder%20Analysis.md)
|
||||
- [ ] And [this](https://www.pmi.org/learning/library/stakeholder-analysis-pivotal-practice-projects-8905) from the Project Management Institute
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -24,7 +24,7 @@ Facilities and materials needed for this workshop:
|
|||
- Z
|
||||
|
||||
## Video
|
||||
|
||||
|
||||
|
||||
Length of workshop video: .. minutes
|
||||
Estimated workshop duration: .. minutes
|
||||
|
|
|
|||
|
|
@ -25,7 +25,7 @@ Facilities and materials needed for this workshop:
|
|||
|
||||
|
||||
## Workshop video
|
||||
|
||||
|
||||
|
||||
Length of workshop video: .. minutes
|
||||
Estimated workshop duration: .. minutes
|
||||
|
|
|
|||
|
|
@ -10,4 +10,4 @@ At the end of of this session, ask people to share their results because it help
|
|||
|
||||
|
||||
Related
|
||||
[External audits](../../../../🎇%20Sparks/External%20audits.md)
|
||||
[External audits](../../../../Sparks/External%20audits.md)
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
Start with the [](../../../../📎%20Attachments/ISO%2027001%20Implementatie%20dashboard%20Annex%20A.xlsx) as a framework.
|
||||
Start with the [](../../../../Attachments/ISO%2027001%20Implementatie%20dashboard%20Annex%20A.xlsx) as a framework.
|
||||
Every cell gets one or more corresponding [ISO27DIY Kanban board](ISO27DIY%20Kanban%20board.md) items. So they are all linked to at least one of the ISO 27001 controls or ISO 27001 clauses.
|
||||
|
||||
Note that in this approach all [About ISO27DIY Policy Cards](../About%20ISO27DIY%20Policy%20Cards.md), [Advised Documents for ISO 27001](../../../../../../iso27DIY-gis/reference/Advised%20Documents%20for%20ISO%2027001.md), and identified risks and controls will appear on the Kanban board, directly or indirectly.
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
Skeleton project plan contents:
|
||||
- [ISO 27001 benefits](../ISO%2027001%20benefits.md)
|
||||
- [ISO27DIY benefits](../../../../../🎇%20Sparks/ISO27DIY%20benefits.md)
|
||||
- [ISO27DIY benefits](../../../../../Sparks/ISO27DIY%20benefits.md)
|
||||
|
||||
|
||||
## Benefits
|
||||
|
|
|
|||
|
|
@ -6,5 +6,5 @@
|
|||
|
||||
## Related:
|
||||
- [ISO 27001 benefits](../ISO%2027001%20benefits.md)
|
||||
- [ISO27DIY benefits](../../../../../🎇%20Sparks/ISO27DIY%20benefits.md)
|
||||
- [ISO27DIY benefits](../../../../../Sparks/ISO27DIY%20benefits.md)
|
||||
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
TOM: "What does running an ISO compliant ISMS look like, organization wise?"
|
||||
|
||||
See: [Target Operational Model](../../../../../📚️%20Literature%20notes/Target%20Operational%20Model.md)
|
||||
See: [Target Operational Model](../../../../../Literature%20notes/Target%20Operational%20Model.md)
|
||||
|
||||
- What's expected of senior management on board:
|
||||
- Show leadership and commitment
|
||||
|
|
@ -9,6 +9,6 @@ See: [Target Operational Model](../../../../../📚️%20Literature%20notes/Targ
|
|||
- Define roles and responsibilities
|
||||
- Provide resources and support
|
||||
- Consider requesting certification
|
||||
- [Organizing Cybersecurity](../../../../../🎇%20Sparks/Organizing%20Cybersecurity.md)
|
||||
- [Organizing Cybersecurity](../../../../../Sparks/Organizing%20Cybersecurity.md)
|
||||
|
||||
- [Target Operational Model](../../../../../📚️%20Literature%20notes/Target%20Operational%20Model.md)
|
||||
- [Target Operational Model](../../../../../Literature%20notes/Target%20Operational%20Model.md)
|
||||
|
|
@ -1,6 +1,6 @@
|
|||
The purpose of the Implementation Dashboard is to get an overview of progress and gaps and make auditing easier.
|
||||
|
||||
See this:
|
||||
- [example Excel sheet (NL version)](../../../../../📎%20Attachments/ISO%2027001%20Implementatie%20dashboard%20Annex%20A.xlsx)
|
||||
- [example Excel sheet (NL version)](../../../../../Attachments/ISO%2027001%20Implementatie%20dashboard%20Annex%20A.xlsx)
|
||||
- [example Excel sheet (EN version)](ISO%2027001-2013%20Implementation%20Dashboard.xlsx)
|
||||
|
||||
|
|
|
|||
|
|
@ -4,9 +4,9 @@ Pivoting away from 'guided implementation management' to:
|
|||
|
||||
|
||||
Related:
|
||||
- [Three user modes for AuditGlue](../../../../💡Drafts%20and%20Ideas/Three%20user%20modes%20for%20AuditGlue.md)
|
||||
- [Three user modes for AuditGlue](../../../../Drafts%20and%20Ideas/Three%20user%20modes%20for%20AuditGlue.md)
|
||||
- [Distributed usage of AuditGlue](../../../../../../💡Permanent%20ideas/Distributed%20usage%20of%20AuditGlue.md)
|
||||
- [Modules, Screens and Content](../../../../💡Drafts%20and%20Ideas/Modules,%20Screens%20and%20Content.md)
|
||||
- [Modules, Screens and Content](../../../../Drafts%20and%20Ideas/Modules,%20Screens%20and%20Content.md)
|
||||
- [AuditGlue ERD](../AuditGlue%20ERD.md)
|
||||
- [AuditGlue Business model](../AuditGlue%20Business%20model.md)
|
||||
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
[Source text](../../../../../🎇%20Sparks/Source%20text.md)
|
||||
[Source text](../../../../../Sparks/Source%20text.md)
|
||||
|
||||
## Control ID + Title
|
||||
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ Related to:
|
|||
The Document Owner is responsible for development and implementation of the policy.
|
||||
|
||||
- [ ] Check Standard on documentation and ownership
|
||||
- [ ] Check 'responsible' vs. 'accountable' / [Responsibility assignment matrices](../../../../../📚️%20Literature%20notes/Responsibility%20assignment%20matrices.md)
|
||||
- [ ] Check 'responsible' vs. 'accountable' / [Responsibility assignment matrices](../../../../../Literature%20notes/Responsibility%20assignment%20matrices.md)
|
||||
|
||||
## Policy subject
|
||||
|
||||
|
|
|
|||
|
|
@ -31,7 +31,7 @@ Needed for this workshop:
|
|||
> Existing documentation
|
||||
|
||||
## Workshop video
|
||||
|
||||
|
||||
|
||||
Length of workshop video: .. minutes
|
||||
Estimated workshop duration: .. minutes
|
||||
|
|
|
|||
|
|
@ -27,7 +27,7 @@ Needed for this workshop:
|
|||
> Existing documentation
|
||||
|
||||
## Workshop video
|
||||
|
||||
|
||||
|
||||
Length of workshop video: .. minutes
|
||||
Estimated workshop duration: .. minutes
|
||||
|
|
|
|||
|
|
@ -2,4 +2,4 @@
|
|||
|
||||
Relevant articles of the NIS 2 are linked to clauses and controls of the ISO 27001:2022
|
||||
|
||||
|
||||
|
||||
|
|
@ -2,13 +2,13 @@
|
|||
|
||||
[NIS 2 in Vlaanderen](NIS%202%20in%20Vlaanderen.md)
|
||||
[NIS 2 Cyberfundamentals Framework](NIS%202%20Cyberfundamentals%20Framework.md) (Vlaanderen)
|
||||
[NIS 2 voor Humankind](../../../🏭%20Clients/Humankind/NIS%202%20voor%20Humankind.md)
|
||||
[NIS 2 voor Humankind](../../../Clients/Humankind/NIS%202%20voor%20Humankind.md)
|
||||
|
||||
[NIS2 Explained](FortMesa%20NIS2%20Explained.md) for FortMesa webinar June 2025: "The State of EU Cyber Compliance: NIS2 Explained"
|
||||
|
||||
[NIS 2 maatregelen en ISO 27002/BIO](https://www.digitaleoverheid.nl/overzicht-van-alle-onderwerpen/nis2-richtlijn/mapping-nis2-maatregelen/) – Digitale overheid
|
||||
|
||||
[PDF](../../📎%20Attachments/NIS_2_and_ISO_27001_2022.pdf): NIS 2 Directive and ISO 27001 – Andrey Prozorov
|
||||
[PDF](../../Attachments/NIS_2_and_ISO_27001_2022.pdf): NIS 2 Directive and ISO 27001 – Andrey Prozorov
|
||||
[PDF](NIS2_EN.pdf): NIS 2 Original Text EN
|
||||
[PDF](NIS2_NL.pdf): NIS 2 Brontekst
|
||||
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@
|
|||
[NIST CSF 2.0 Incident Response](NIST%20CSF%202.0%20Incident%20Response.md)
|
||||
[](NIST%20CSF%202.0%20incident%20life%20cycle.png)
|
||||
[NIST Cybersecurity Framework's five Functions](NIST%20Cybersecurity%20Framework's%20five%20Functions.md) - is this 2.0?
|
||||
[Mapping NIST Controls to ISO Standards](../../📚️%20Literature%20notes/Mapping%20NIST%20Controls%20to%20ISO%20Standards.md) - is this 2.0?
|
||||
[Mapping NIST Controls to ISO Standards](../../Literature%20notes/Mapping%20NIST%20Controls%20to%20ISO%20Standards.md) - is this 2.0?
|
||||
[CSF Tools for NIST CSF and PF](../other/CSF%20Tools%20for%20NIST%20CSF%20and%20PF.md) - is this 2.0?
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@ Retrieved: November 28, 2022
|
|||
|
||||
Related:
|
||||
- [ISO 27002 5.24 Information security incident management planning and preparation](../ISO27x/OST/27002/EN/a-5.24-Information-security-incident-management-planning-and-preparation.md)
|
||||
- [Ransomware Playbook](../../🎇%20Sparks/Ransomware%20Playbook.md)
|
||||
- [Ransomware Playbook](../../Sparks/Ransomware%20Playbook.md)
|
||||
|
||||
Six steps:
|
||||
|
||||
|
|
|
|||
|
|
@ -2,9 +2,9 @@
|
|||
[BC_5701_Hoofstukken_Normtekst](../BC%205701/BC_5701_Hoofstukken_Normtekst.md)
|
||||
[NIST Privacy Framework (PF)](../NIST/NIST%20Privacy%20Framework%20(PF).md)
|
||||
|
||||
[Privacy in ISO 27k](../../📚️%20Literature%20notes/Privacy%20in%20ISO%2027k.md)
|
||||
[Privacy in ISO 27k](../../Literature%20notes/Privacy%20in%20ISO%2027k.md)
|
||||
|
||||
Related:
|
||||
- [Privacy protection in Databases](../../🎇%20Sparks/Privacy%20protection%20in%20Databases.md)
|
||||
- [Privacy protection in Databases](../../Sparks/Privacy%20protection%20in%20Databases.md)
|
||||
- [ISO 27001 A.18.1.4 Privacy and protection of personally identifiable information](../ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A.18.1.4%20Privacy%20and%20protection%20of%20personally%20identifiable%20information.md)
|
||||
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ More detail in Security & Privacy Risk Management Model (SP-RMM) Overview
|
|||
|
||||
|
||||
Related:
|
||||
- [Secure Controls Framework](../../📚️%20Literature%20notes/Secure%20Controls%20Framework.md)
|
||||
- [Secure Controls Framework](../../Literature%20notes/Secure%20Controls%20Framework.md)
|
||||
- [Risk analysis](../../🎇%20Sparks/Risk%20analysis.md)
|
||||
- [Risk inventories](../../🎇%20Sparks/Risk%20inventories.md)
|
||||
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@ https://securecontrolsframework.com/risk-management-model/
|
|||
|
||||
|
||||
Related:
|
||||
- [Secure Controls Framework](../../📚️%20Literature%20notes/Secure%20Controls%20Framework.md)
|
||||
- [Secure Controls Framework](../../Literature%20notes/Secure%20Controls%20Framework.md)
|
||||
- [Threat Intelligence](../../🎇%20Sparks/Threat%20Intelligence.md)
|
||||
- [Assets, Vulnerabilities, Threats, Risks](../../🎇%20Sparks/Assets,%20Vulnerabilities,%20Threats,%20Risks.md)
|
||||
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
## Security & Privacy: SP-CMM
|
||||
|
||||
The Security & Privacy Capability Maturity Model (SP-CMM) from the [Secure Controls Framework](../../📚️%20Literature%20notes/Secure%20Controls%20Framework.md) takes the organizations size into consideration by having different requirements for small, medium and large organizations.
|
||||
The Security & Privacy Capability Maturity Model (SP-CMM) from the [Secure Controls Framework](../../Literature%20notes/Secure%20Controls%20Framework.md) takes the organizations size into consideration by having different requirements for small, medium and large organizations.
|
||||
|
||||
Detailed on page 21 of Secure Controls Framework Overview & Instructions, version 2022.1. ([download link](https://scf.securecontrolsframework.com/SCF_Overview_Recommended_Practices.pdf))
|
||||
|
||||
|
|
|
|||
|
|
@ -23,7 +23,7 @@ Not really a standard or regulation, but excellent nonetheless, the UK's [NCSC
|
|||
The NCSC’s Board Toolkit helps boards to ensure that cyber resilience and risk management are embedded throughout an organisation, including its people, systems, processes and technologies.
|
||||
|
||||
## Cross references
|
||||
- [Secure Controls Framework](../../📚️%20Literature%20notes/Secure%20Controls%20Framework.md) brings a lot of those together, see their Secure Controls Framework (SCF) - 2022.1 matrix.xslx.
|
||||
- [Mapping NIST Controls to ISO Standards](../../📚️%20Literature%20notes/Mapping%20NIST%20Controls%20to%20ISO%20Standards.md)
|
||||
- [Secure Controls Framework](../../Literature%20notes/Secure%20Controls%20Framework.md) brings a lot of those together, see their Secure Controls Framework (SCF) - 2022.1 matrix.xslx.
|
||||
- [Mapping NIST Controls to ISO Standards](../../Literature%20notes/Mapping%20NIST%20Controls%20to%20ISO%20Standards.md)
|
||||
|
||||
[CSA Cloud Controls Matrix](CSA%20Cloud%20Controls%20Matrix.md)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue