richardk/iso27diy-corp
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

cleaning up Sparks

Browse source
This commit is contained in:
Richard Kranendonk 2026-05-14 16:57:06 +02:00
parent b8d1d4e02f
commit 704e6dd07f
162 changed files with 393 additions and 1041 deletions
Download patch file Download diff file Expand all files Collapse all files

14
Corpus/Standards/AVG/AVG Rechtsgronden voor verwerking.md Normal file
View file

@ -0,0 +1,14 @@
Zie ook [AVG Rechtmatigheid van de verwerking](AVG%20Rechtmatigheid%20van%20de%20verwerking.md)
Noodzakelijk voor de uitvoering van een contract, voorbeeld: naam en adres zijn nodig om de bestelde spullen te kunnen leveren. Maar let op “absoluut noodzakelijk”.
Wettelijke verplichting, voorbeeld: bewaren kopie paspoort onder de Belastingwet.
Gerechtvaardigd belang: marketing wordt met name genoemd in de AVG. Maar let op balans tussen belang van de organisatie en impact op privacy van het individu
(proportionaliteit). Kijk altijd of er alternatieven zijn die minder impact hebben (subsidiariteit).
Instemming (consent): niet de sterkste. Consent moet vrijelijk gegeven worden (dus geen machtsongelijkheid of beperking van dienstverlening) en voor een helder gecommuniceerd doel (en dan mag je de gegevens niet voor iets anders gebruiken). Kan bovendien worden ingetrokken.
Algemeen belang: bijv. verwerking van gegevens door de Belastingdienst. Niet van toepassing voor Balance.
Vitaal belang: bijv. verwerking van gegevens door ambulance diensten. Niet van toepassing voor Balance.

3
Corpus/Standards/AVG/Data Provenance.md Normal file
View file

@ -0,0 +1,3 @@
Needed because of the importance, under GDPR, of the reason and the lawful ground the data was originally collected for.
Related: [AVG Rechtsgronden voor verwerking](AVG%20Rechtsgronden%20voor%20verwerking.md)

4
Corpus/Standards/ISO27x/Authorization.md
View file

@ -2,8 +2,8 @@
Authorization is the mechanism that determines the access level(s) of the subjects to the objects.
See also:
- [Authorization vs Access Control](../../Sparks/Authorization%20vs%20Access%20Control.md)
- [Access Control Models](../../Sparks/Access%20Control%20Models.md)
- [Authorization vs Access Control](../../Sparks/ISMS/Authorization%20vs%20Access%20Control.md)
- [Access Control Models](../../Sparks/ISMS/Access%20Control%20Models.md)
- [Authentication](Authentication.md)
- [Identification](../../Sparks/Identification.md)
- [CASSM Consumer Authentication Strength Maturity Model](../../Literature%20notes/CASSM%20Consumer%20Authentication%20Strength%20Maturity%20Model.md)

BIN
Corpus/Standards/ISO27x/FAIR ISO 27005 Cookbook.pdf Normal file
View file

Binary file not shown.

2
Corpus/Standards/ISO27x/ISO 27k standards overview.md
View file

@ -26,7 +26,7 @@ NL brontekst:
See also:
- [Plain English ISO IEC 27002 2005 from Praxiom](https://www.praxiom.com/iso-17799-objectives.htm)
- [Changes in ISO 27001:2022 (table)](../../Sparks/Detailed%20comparison%20between%202017%20and%202022.md)
- [Changes in ISO 27001:2022 (table)](OST/27001/Detailed%20comparison%20between%202017%20and%202022.md)
- [[ISO 27002 2022 What's New]]
- [ISO_27001_2023_NL_Aanpassingen](OST/ISO_27001_2023_NL_Aanpassingen.md)
- [Changes in ISO 27001_2022_Advisera](../../../../iso27DIY-gis/reference/Changes%20in%20ISO%2027001_2022_Advisera.md)

2
Corpus/Standards/ISO27x/Implementation Products/BIA Workshop.md
View file

@ -7,7 +7,7 @@ Voorbeelden:
[Verbeterlijst](Verbeterlijst%20Producten.md#BIA%20Workshop)
Literature notes:
- [Business Impact Analysis (BIA)](../../../Sparks/Business%20Impact%20Analysis%20(BIA).md)
- [Business Impact Analysis (BIA)](../../../Sparks/ISMS/Business%20Impact%20Analysis%20(BIA).md)
**Doel:**

2
Corpus/Standards/ISO27x/Implementation Products/DRP Workshop.md
View file

@ -5,7 +5,7 @@ Voorbeelden:
- [BIA en DRP Sessies HK](../../../../Clients/Humankind/BIA%20en%20DRP%20Sessies%20HK.md)
Literatuur:
- [Disaster Recovery Planning](../../../Sparks/Disaster%20Recovery%20Planning.md)
- [Disaster Recovery Planning](../../../Sparks/ISMS/Disaster%20Recovery%20Planning.md)
Doelen:
- RPO Recovery Point Objective (assets) acceptable data loss; the point in time that you wish to recover to (maar wellicht ook een maat voor hoe vaak je een noodvoorziening (als een print-out van een rooster) moet verversen)

2
Corpus/Standards/ISO27x/MoC Roles and responsibilities in ISO 27001.md
View file

@ -16,4 +16,4 @@ Older:
- [Ideas on Risk Ownership](../../Sparks/Ideas%20on%20Risk%20Ownership.md)
- [Asset ownership](../../Sparks/Asset%20ownership.md)
- [Procuratieregeling](../../Various/Procuratieregeling.md)
- [Control ownership](../../Sparks/Control%20ownership.md)
- [Control ownership](../../Sparks/ISMS/Control%20ownership.md)

69
Corpus/Standards/ISO27x/OST/27001/Detailed comparison between 2017 and 2022.md Normal file
View file

@ -0,0 +1,69 @@
# Detailed comparison between 2017 and 2022
According to [Mark Bernard](https://www.linkedin.com/posts/markesbernard_the-changes-to-isoiec-27001-isms-are-not-activity-7344467878198329344-nZN7) , 28 juni 2025, "The changes to ISO/IEC 27001 ISMS are not straightforward. Some believe that the total number of controls was reduced; however, the truth is that new controls were added while existing controls were consolidated and streamlined."
![](../../../../Sparks/iso27001_changes_table.jpeg)
## New ISMS Control Objectives - ISO 27001:2022 CLAUSE 4 TO 10
| Line # | Clause | Title |
| ------ | --------- | --------------------------------------------------------------------------------------------------------------------------------------------------------- |
| 1 | 4.2(c) | Which of these requirements will be addressed through the information security management system |
| 2 | 6.1.2(e)2 | Prioritize analysed risks for risk treatment |
| 3 | 6.2(d) | Be monitored |
| 4 | 6.2(g) | Be available as documented information |
| 5 | 6.3 | When the organization determines the need for changes to the information security management system, the changes shall be carried out in a planned manner |
| 6 | 9.3.2(c) | Changes in needs and expectations of interested parties that are relevant to the information security management system |
## Deleted ISMS Control Objectives - ISO 27001:2022 CLAUSE 4 TO 10
| Line # | Clause | Title |
| ------ | ------ | ------------------------------------------------------ |
| 1 | 7.4(c) | The processes by which communication shall be affected |
## New Annex A Control Objectives - ISO 27001:2022
| Line # | Clause | Title |
| ------ | ------ | ---------------------------------------------- |
| 1 | 5.7 | Threat intelligence |
| 2 | 5.23 | Information security for use of cloud services |
| 3 | 5.30 | ICT readiness for business continuity |
| 4 | 7.4 | Physical security monitoring |
| 5 | 8.9 | Configuration management |
| 6 | 8.10 | Information deletion |
| 7 | 8.11 | Data masking |
| 8 | 8.12 | Data leakage prevention |
| 9 | 8.16 | Monitoring activities |
| 10 | 8.23 | Web filtering |
| 11 | 8.28 | Secure coding |
## Consolidated Annex A Control Objectives - ISO 27001:2022
| Line # | New Clause | Old | Redundant | Title |
| ------ | ---------- | ------ | ---------------------- | ---------------------------------------------------------------------- |
| 1 | 5.1 | 5.1.1 | 5.1.2 | Policies for information security |
| 2 | 5.8 | 6.1.5 | 14.1.1 | Information security in project management |
| 3 | 5.9 | 8.1.1 | 8.1.2 | Inventory of information and other associated assets |
| 4 | 5.10 | 8.1.3 | 8.2.3 | Acceptable use of information and other associated assets |
| 5 | 5.14 | 13.2.1 | 13.2.2, 13.2.3 | Information transfer |
| 6 | 5.15 | 9.1.1 | 9.1.2 | Access control |
| 7 | 5.17 | 9.2.4 | 9.3.1, 9.4.3 | Authentication information |
| 8 | 5.18 | 9.2.2 | 9.2.5, 9.2.6 | Access rights |
| 9 | 5.22 | 15.2.1 | 15.2.2 | Monitoring, review and change management of supplier services |
| 10 | 5.29 | 17.1.1 | 17.121, 17.1.3 | Information security during disruption |
| 11 | 5.31 | 18.1.1 | 18.1.5 | Legal, statutory, regulatory and contractual requirements |
| 12 | 5.36 | 18.2.2 | 18.2.3 | Compliance with policies, rules and standards for information security |
| 13 | 6.8 | 16.1.2 | 16.1.3 | Information security event reporting |
| 14 | 7.2 | 11.1.2 | 11.1.6 | Physical entry |
| 15 | 7.10 | 8.3.1 | 8.3.2, 8.3.3, 11.2.5 | Storage media |
| 16 | 8.1 | 6.2.1 | 11.2.8 | User endpoint devices |
| 17 | 8.8 | 12.6.1 | 18.2.3 | Management of technical vulnerabilities |
| 18 | 8.15 | 12.4.1 | 12.4.2, 12.4.3 | Logging |
| 19 | 8.19 | 12.5.1 | 12.6.2 | Installation of software on operational systems |
| 20 | 8.24 | 10.1.1 | 10.1.2 | Use of cryptography |
| 21 | 8.25 | 14.1.2 | 14.1.3 | Application security requirements |
| 22 | 8.29 | 14.2.8 | 14.2.9 | Security testing in development and acceptance |
| 23 | 8.31 | 12.1.4 | 14.2.6 | Seporation of development, test and production environments |
| 24 | 8.32 | 12.1.2 | 14.2.2, 14.2.3, 14.2.4 | Change management |

2
Corpus/Standards/ISO27x/legacy/iso27DIY mk I/ISO 27001 benefits.md
View file

@ -2,7 +2,7 @@
- Easier sales
- Accelerates your customers Purchase Decision Process ("Sell with Confidence. Worldwide.")
- Certification for this standard is increasingly becoming a knock-out criterium for [Examples of vendor selection questionnaires](../../../../Sparks/Examples%20of%20vendor%20selection%20questionnaires.md).
- Certification for this standard is increasingly becoming a knock-out criterium for [Examples of vendor selection questionnaires](../../../../Sparks/Information%20Security/Examples%20of%20vendor%20selection%20questionnaires.md).
- Raises your infosec maturity level
- Raise your [Maturity Models](../../../../📚️%20Literature%20notes/Maturity%20Models.md) from incident driven to improvement focussed
- Continual improvement of security

2
Corpus/Standards/ISO27x/legacy/iso27DIY mk I/ISO27DIY Business drivers.md
View file

@ -1,3 +1,3 @@
- [Perverse prikkels in de normindustrie](../../../../Sparks/Perverse%20prikkels%20in%20de%20normindustrie.md)
- [GRC software is geschreven voor domeindeskundigen](../../../../Sparks/GRC%20software%20is%20geschreven%20voor%20domeindeskundigen.md)
- [GRC software is geschreven voor domeindeskundigen](../../../../../Content%20Factory/Scratch%20file/GRC%20software%20is%20geschreven%20voor%20domeindeskundigen.md)
- [Problems solved 1](../../../../Sparks/Problems%20solved%201.md)