cleaning up Sparks
This commit is contained in:
parent
b8d1d4e02f
commit
704e6dd07f
162 changed files with 393 additions and 1041 deletions
|
|
@ -2,8 +2,8 @@
|
|||
Authorization is the mechanism that determines the access level(s) of the subjects to the objects.
|
||||
|
||||
See also:
|
||||
- [Authorization vs Access Control](../../Sparks/Authorization%20vs%20Access%20Control.md)
|
||||
- [Access Control Models](../../Sparks/Access%20Control%20Models.md)
|
||||
- [Authorization vs Access Control](../../Sparks/ISMS/Authorization%20vs%20Access%20Control.md)
|
||||
- [Access Control Models](../../Sparks/ISMS/Access%20Control%20Models.md)
|
||||
- [Authentication](Authentication.md)
|
||||
- [Identification](../../Sparks/Identification.md)
|
||||
- [CASSM Consumer Authentication Strength Maturity Model](../../Literature%20notes/CASSM%20Consumer%20Authentication%20Strength%20Maturity%20Model.md)
|
||||
|
|
|
|||
BIN
Corpus/Standards/ISO27x/FAIR ISO 27005 Cookbook.pdf
Normal file
BIN
Corpus/Standards/ISO27x/FAIR ISO 27005 Cookbook.pdf
Normal file
Binary file not shown.
|
|
@ -26,7 +26,7 @@ NL brontekst:
|
|||
|
||||
See also:
|
||||
- [Plain English ISO IEC 27002 2005 from Praxiom](https://www.praxiom.com/iso-17799-objectives.htm)
|
||||
- [Changes in ISO 27001:2022 (table)](../../Sparks/Detailed%20comparison%20between%202017%20and%202022.md)
|
||||
- [Changes in ISO 27001:2022 (table)](OST/27001/Detailed%20comparison%20between%202017%20and%202022.md)
|
||||
- [[ISO 27002 2022 What's New]]
|
||||
- [ISO_27001_2023_NL_Aanpassingen](OST/ISO_27001_2023_NL_Aanpassingen.md)
|
||||
- [Changes in ISO 27001_2022_Advisera](../../../../iso27DIY-gis/reference/Changes%20in%20ISO%2027001_2022_Advisera.md)
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ Voorbeelden:
|
|||
[Verbeterlijst](Verbeterlijst%20Producten.md#BIA%20Workshop)
|
||||
|
||||
Literature notes:
|
||||
- [Business Impact Analysis (BIA)](../../../Sparks/Business%20Impact%20Analysis%20(BIA).md)
|
||||
- [Business Impact Analysis (BIA)](../../../Sparks/ISMS/Business%20Impact%20Analysis%20(BIA).md)
|
||||
|
||||
|
||||
**Doel:**
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@ Voorbeelden:
|
|||
- [BIA en DRP Sessies HK](../../../../Clients/Humankind/BIA%20en%20DRP%20Sessies%20HK.md)
|
||||
|
||||
Literatuur:
|
||||
- [Disaster Recovery Planning](../../../Sparks/Disaster%20Recovery%20Planning.md)
|
||||
- [Disaster Recovery Planning](../../../Sparks/ISMS/Disaster%20Recovery%20Planning.md)
|
||||
|
||||
Doelen:
|
||||
- RPO – Recovery Point Objective (assets) – acceptable data loss; the point in time that you wish to recover to (maar wellicht ook een maat voor hoe vaak je een noodvoorziening (als een print-out van een rooster) moet verversen)
|
||||
|
|
|
|||
|
|
@ -16,4 +16,4 @@ Older:
|
|||
- [Ideas on Risk Ownership](../../Sparks/Ideas%20on%20Risk%20Ownership.md)
|
||||
- [Asset ownership](../../Sparks/Asset%20ownership.md)
|
||||
- [Procuratieregeling](../../Various/Procuratieregeling.md)
|
||||
- [Control ownership](../../Sparks/Control%20ownership.md)
|
||||
- [Control ownership](../../Sparks/ISMS/Control%20ownership.md)
|
||||
|
|
|
|||
|
|
@ -0,0 +1,69 @@
|
|||
# Detailed comparison between 2017 and 2022
|
||||
|
||||
According to [Mark Bernard](https://www.linkedin.com/posts/markesbernard_the-changes-to-isoiec-27001-isms-are-not-activity-7344467878198329344-nZN7) , 28 juni 2025, "The changes to ISO/IEC 27001 ISMS are not straightforward. Some believe that the total number of controls was reduced; however, the truth is that new controls were added while existing controls were consolidated and streamlined."
|
||||
|
||||
|
||||
|
||||
|
||||
## New ISMS Control Objectives - ISO 27001:2022 CLAUSE 4 TO 10
|
||||
|
||||
| Line # | Clause | Title |
|
||||
| ------ | --------- | --------------------------------------------------------------------------------------------------------------------------------------------------------- |
|
||||
| 1 | 4.2(c) | Which of these requirements will be addressed through the information security management system |
|
||||
| 2 | 6.1.2(e)2 | Prioritize analysed risks for risk treatment |
|
||||
| 3 | 6.2(d) | Be monitored |
|
||||
| 4 | 6.2(g) | Be available as documented information |
|
||||
| 5 | 6.3 | When the organization determines the need for changes to the information security management system, the changes shall be carried out in a planned manner |
|
||||
| 6 | 9.3.2(c) | Changes in needs and expectations of interested parties that are relevant to the information security management system |
|
||||
|
||||
## Deleted ISMS Control Objectives - ISO 27001:2022 CLAUSE 4 TO 10
|
||||
|
||||
| Line # | Clause | Title |
|
||||
| ------ | ------ | ------------------------------------------------------ |
|
||||
| 1 | 7.4(c) | The processes by which communication shall be affected |
|
||||
|
||||
## New Annex A Control Objectives - ISO 27001:2022
|
||||
|
||||
| Line # | Clause | Title |
|
||||
| ------ | ------ | ---------------------------------------------- |
|
||||
| 1 | 5.7 | Threat intelligence |
|
||||
| 2 | 5.23 | Information security for use of cloud services |
|
||||
| 3 | 5.30 | ICT readiness for business continuity |
|
||||
| 4 | 7.4 | Physical security monitoring |
|
||||
| 5 | 8.9 | Configuration management |
|
||||
| 6 | 8.10 | Information deletion |
|
||||
| 7 | 8.11 | Data masking |
|
||||
| 8 | 8.12 | Data leakage prevention |
|
||||
| 9 | 8.16 | Monitoring activities |
|
||||
| 10 | 8.23 | Web filtering |
|
||||
| 11 | 8.28 | Secure coding |
|
||||
|
||||
## Consolidated Annex A Control Objectives - ISO 27001:2022
|
||||
|
||||
| Line # | New Clause | Old | Redundant | Title |
|
||||
| ------ | ---------- | ------ | ---------------------- | ---------------------------------------------------------------------- |
|
||||
| 1 | 5.1 | 5.1.1 | 5.1.2 | Policies for information security |
|
||||
| 2 | 5.8 | 6.1.5 | 14.1.1 | Information security in project management |
|
||||
| 3 | 5.9 | 8.1.1 | 8.1.2 | Inventory of information and other associated assets |
|
||||
| 4 | 5.10 | 8.1.3 | 8.2.3 | Acceptable use of information and other associated assets |
|
||||
| 5 | 5.14 | 13.2.1 | 13.2.2, 13.2.3 | Information transfer |
|
||||
| 6 | 5.15 | 9.1.1 | 9.1.2 | Access control |
|
||||
| 7 | 5.17 | 9.2.4 | 9.3.1, 9.4.3 | Authentication information |
|
||||
| 8 | 5.18 | 9.2.2 | 9.2.5, 9.2.6 | Access rights |
|
||||
| 9 | 5.22 | 15.2.1 | 15.2.2 | Monitoring, review and change management of supplier services |
|
||||
| 10 | 5.29 | 17.1.1 | 17.121, 17.1.3 | Information security during disruption |
|
||||
| 11 | 5.31 | 18.1.1 | 18.1.5 | Legal, statutory, regulatory and contractual requirements |
|
||||
| 12 | 5.36 | 18.2.2 | 18.2.3 | Compliance with policies, rules and standards for information security |
|
||||
| 13 | 6.8 | 16.1.2 | 16.1.3 | Information security event reporting |
|
||||
| 14 | 7.2 | 11.1.2 | 11.1.6 | Physical entry |
|
||||
| 15 | 7.10 | 8.3.1 | 8.3.2, 8.3.3, 11.2.5 | Storage media |
|
||||
| 16 | 8.1 | 6.2.1 | 11.2.8 | User endpoint devices |
|
||||
| 17 | 8.8 | 12.6.1 | 18.2.3 | Management of technical vulnerabilities |
|
||||
| 18 | 8.15 | 12.4.1 | 12.4.2, 12.4.3 | Logging |
|
||||
| 19 | 8.19 | 12.5.1 | 12.6.2 | Installation of software on operational systems |
|
||||
| 20 | 8.24 | 10.1.1 | 10.1.2 | Use of cryptography |
|
||||
| 21 | 8.25 | 14.1.2 | 14.1.3 | Application security requirements |
|
||||
| 22 | 8.29 | 14.2.8 | 14.2.9 | Security testing in development and acceptance |
|
||||
| 23 | 8.31 | 12.1.4 | 14.2.6 | Seporation of development, test and production environments |
|
||||
| 24 | 8.32 | 12.1.2 | 14.2.2, 14.2.3, 14.2.4 | Change management |
|
||||
|
||||
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
- Easier sales
|
||||
- Accelerates your customer’s Purchase Decision Process ("Sell with Confidence. Worldwide.")
|
||||
- Certification for this standard is increasingly becoming a knock-out criterium for [Examples of vendor selection questionnaires](../../../../Sparks/Examples%20of%20vendor%20selection%20questionnaires.md).
|
||||
- Certification for this standard is increasingly becoming a knock-out criterium for [Examples of vendor selection questionnaires](../../../../Sparks/Information%20Security/Examples%20of%20vendor%20selection%20questionnaires.md).
|
||||
- Raises your infosec maturity level
|
||||
- Raise your [Maturity Models](../../../../📚️%20Literature%20notes/Maturity%20Models.md) from incident driven to improvement focussed
|
||||
- Continual improvement of security
|
||||
|
|
|
|||
|
|
@ -1,3 +1,3 @@
|
|||
- [Perverse prikkels in de normindustrie](../../../../Sparks/Perverse%20prikkels%20in%20de%20normindustrie.md)
|
||||
- [GRC software is geschreven voor domeindeskundigen](../../../../Sparks/GRC%20software%20is%20geschreven%20voor%20domeindeskundigen.md)
|
||||
- [GRC software is geschreven voor domeindeskundigen](../../../../../Content%20Factory/Scratch%20file/GRC%20software%20is%20geschreven%20voor%20domeindeskundigen.md)
|
||||
- [Problems solved 1](../../../../Sparks/Problems%20solved%201.md)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue