From 880e2f204477e9d88ee737a16ef3e25efdfb5be6 Mon Sep 17 00:00:00 2001 From: Richard Kranendonk Date: Sat, 2 May 2026 11:31:49 +0200 Subject: [PATCH] Front matter added with prepend_frontmatter.py --- ...information-and-other-associated-assets.md | 26 +++++++++++++ .../OST/27002/EN/a-5.11-Return-of-assets.md | 22 +++++++++++ .../a-5.12-Classification-of-information.md | 24 ++++++++++++ .../EN/a-5.13-Labelling-of-information.md | 24 ++++++++++++ .../27002/EN/a-5.14-Information-transfer.md | 24 ++++++++++++ .../OST/27002/EN/a-5.15-Access-control.md | 22 +++++++++++ .../27002/EN/a-5.16-Identity-management.md | 22 +++++++++++ .../EN/a-5.17-Authentication-information.md | 22 +++++++++++ .../OST/27002/EN/a-5.18-Access-rights.md | 22 +++++++++++ ...tion-security-in-supplier-relationships.md | 24 ++++++++++++ ...ion-security-roles-and-responsibilities.md | 25 ++++++++++++ ...ion-security-within-supplier-agreements.md | 24 ++++++++++++ ...mation-security-in-the-ICT-supply-chain.md | 24 ++++++++++++ ...-change-management-of-supplier-services.md | 26 +++++++++++++ ...tion-security-for-use-of-cloud-services.md | 24 ++++++++++++ ...ent-management-planning-and-preparation.md | 26 +++++++++++++ ...decision-on-information-security-events.md | 24 ++++++++++++ ...ponse-to-information-security-incidents.md | 24 ++++++++++++ ...ing-from-information-security-incidents.md | 24 ++++++++++++ .../27002/EN/a-5.28-Collection-of-evidence.md | 24 ++++++++++++ ...-Information-security-during-disruption.md | 28 ++++++++++++++ .../27002/EN/a-5.3-Segregation-of-duties.md | 24 ++++++++++++ ...0-ICT-readiness-for-business-continuity.md | 19 ++++++++++ ...regulatory-and-contractual-requirements.md | 24 ++++++++++++ .../EN/a-5.32-Intellectual-property-rights.md | 22 +++++++++++ .../27002/EN/a-5.33-Protection-of-records.md | 33 ++++++++++++---- .../a-5.34-Privacy-and-protection-of-PII.md | 31 ++++++++++++--- ...ependent-review-of-information-security.md | 26 +++++++++++++ ...-and-standards-for-information-security.md | 26 +++++++++++++ .../a-5.37-Documented-operating-procedures.md | 38 +++++++++++++++++++ .../EN/a-5.4-Management-responsibilities.md | 22 +++++++++++ .../EN/a-5.5-Contact-with-authorities.md | 30 +++++++++++++++ ....6-Contact-with-special-interest-groups.md | 27 +++++++++++++ .../OST/27002/EN/a-5.7-Threat-intelligence.md | 30 +++++++++++++++ ...ormation-security-in-project-management.md | 26 +++++++++++++ ...information-and-other-associated-assets.md | 24 ++++++++++++ .../ISO27x/OST/27002/EN/a-6.1-Screening.md | 22 +++++++++++ ...-6.2-Terms-and-conditions-of-employment.md | 22 +++++++++++ ...curity-awareness-education-and-training.md | 22 +++++++++++ .../27002/EN/a-6.4-Disciplinary-process.md | 26 +++++++++++++ ...ter-termination-or-change-of-employment.md | 24 ++++++++++++ ...dentiality-or-non-disclosure-agreements.md | 22 +++++++++++ .../OST/27002/EN/a-6.7-Remote-working.md | 26 +++++++++++++ ....8-Information-security-event-reporting.md | 31 ++++++++++----- .../EN/a-7.1-Physical-security-perimeters.md | 25 ++++++++++-- .../OST/27002/EN/a-7.10-Storage-media.md | 24 ++++++++++++ .../27002/EN/a-7.11-Supporting-utilities.md | 25 ++++++++++++ .../OST/27002/EN/a-7.12-Cabling-security.md | 21 ++++++++++ .../27002/EN/a-7.13-Equipment-maintenance.md | 26 +++++++++++++ ...-Secure-disposal-or-re-use-of-equipment.md | 21 ++++++++++ .../OST/27002/EN/a-7.2-Physical-entry.md | 32 ++++++++++++---- ...3-Securing-offices-rooms-and-facilities.md | 24 ++++++++++++ .../EN/a-7.4-Physical-security-monitoring.md | 28 ++++++++++++++ ...inst-physical-and-environmental-threats.md | 22 +++++++++++ .../27002/EN/a-7.6-Working-in-secure-areas.md | 22 +++++++++++ .../EN/a-7.7-Clear-desk-and-clear-screen.md | 19 ++++++++++ .../a-7.8-Equipment-siting-and-protection.md | 24 ++++++++++++ .../a-7.9-Security-of-assets-off-premises.md | 24 ++++++++++++ .../27002/EN/a-8.1-User-endpoint-devices.md | 24 ++++++++++++ .../27002/EN/a-8.10-Information-deletion.md | 21 ++++++++++ .../OST/27002/EN/a-8.11-Data-masking.md | 19 ++++++++++ .../EN/a-8.12-Data-leakage-prevention.md | 25 ++++++++++++ .../OST/27002/EN/a-8.13-Information-backup.md | 21 ++++++++++ ...cy-of-information-processing-facilities.md | 23 +++++++++++ .../ISO27x/OST/27002/EN/a-8.15-Logging.md | 24 ++++++++++++ .../27002/EN/a-8.16-Monitoring-activities.md | 26 +++++++++++++ .../27002/EN/a-8.17-Clock-synchronization.md | 23 +++++++++++ ...8.18-Use-of-privileged-utility-programs.md | 25 ++++++++++++ ...tion-of-software-on-operational-systems.md | 24 ++++++++++++ .../EN/a-8.2-Privileged-access-rights.md | 22 +++++++++++ .../OST/27002/EN/a-8.20-Networks-security.md | 26 +++++++++++++ .../EN/a-8.21-Security-of-network-services.md | 22 +++++++++++ .../EN/a-8.22-Segregation-of-networks.md | 22 +++++++++++ .../OST/27002/EN/a-8.23-Web-filtering.md | 22 +++++++++++ .../27002/EN/a-8.24-Use-of-cryptography.md | 22 +++++++++++ .../a-8.25-Secure-development-life-cycle.md | 24 ++++++++++++ ...-8.26-Application-security-requirements.md | 26 +++++++++++++ ...architecture-and-engineering-principles.md | 24 ++++++++++++ .../OST/27002/EN/a-8.28-Secure-coding.md | 24 ++++++++++++ ...y-testing-in-development-and-acceptance.md | 25 ++++++++++++ .../a-8.3-Information-access-restriction.md | 22 +++++++++++ .../27002/EN/a-8.30-Outsourced-development.md | 32 ++++++++++++++++ ...opment-test-and-production-environments.md | 24 ++++++++++++ .../OST/27002/EN/a-8.32-Change-management.md | 24 ++++++++++++ .../OST/27002/EN/a-8.33-Test-information.md | 21 ++++++++++ ...nformation-systems-during-audit-testing.md | 26 +++++++++++++ .../27002/EN/a-8.4-Access-to-source-code.md | 25 ++++++++++++ .../27002/EN/a-8.5-Secure-authentication.md | 22 +++++++++++ .../OST/27002/EN/a-8.6-Capacity-management.md | 28 ++++++++++++++ .../EN/a-8.7-Protection-against-malware.md | 31 +++++++++++++++ ...Management-of-technical-vulnerabilities.md | 27 +++++++++++++ .../EN/a-8.9-Configuration-management.md | 22 +++++++++++ 92 files changed, 2224 insertions(+), 33 deletions(-) diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.10-Acceptable-use-of-information-and-other-associated-assets.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.10-Acceptable-use-of-information-and-other-associated-assets.md index e627b91..c3daaa8 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.10-Acceptable-use-of-information-and-other-associated-assets.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.10-Acceptable-use-of-information-and-other-associated-assets.md @@ -1,3 +1,29 @@ +--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.10" +title: "Acceptable use of information and other associated assets" +theme: Organizational +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: + - Asset_management + - Information_protection +security_domains: + - Governance_and_Ecosystem + - Protection +tags: + - iso27002/2022/EN +status: active +--- + ## 5.10 Acceptable use of information and other associated assets | Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains | diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.11-Return-of-assets.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.11-Return-of-assets.md index 6281a5f..fb6b272 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.11-Return-of-assets.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.11-Return-of-assets.md @@ -1,3 +1,25 @@ +--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.11" +title: "Return of assets" +theme: Organizational +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: [Asset_management] +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +--- + ## 5.11 Return of assets diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.12-Classification-of-information.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.12-Classification-of-information.md index 338d711..8fab83b 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.12-Classification-of-information.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.12-Classification-of-information.md @@ -1,3 +1,27 @@ +--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.12" +title: "Classification of information" +theme: Organizational +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Identify] +operational_capabilities: [Information_protection] +security_domains: + - Protection + - Defence +tags: + - iso27002/2022/EN +status: active +--- + ## 5.12 Classification of information | Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains | diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.13-Labelling-of-information.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.13-Labelling-of-information.md index 343d95a..eab3d61 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.13-Labelling-of-information.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.13-Labelling-of-information.md @@ -1,3 +1,27 @@ +--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.13" +title: "Labelling of information" +theme: Organizational +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: [Information_protection] +security_domains: + - Defence + - Protection +tags: + - iso27002/2022/EN +status: active +--- + ## 5.13 Labelling of information diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.14-Information-transfer.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.14-Information-transfer.md index e9cc43d..9e55b6e 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.14-Information-transfer.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.14-Information-transfer.md @@ -1,3 +1,27 @@ +--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.14" +title: "Information transfer" +theme: Organizational +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: + - Asset_management + - Information_protection +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +--- + ## 5.14 Information transfer | Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains | diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.15-Access-control.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.15-Access-control.md index a55aa6e..b2594e8 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.15-Access-control.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.15-Access-control.md @@ -1,3 +1,25 @@ +--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.15" +title: "Access control" +theme: Organizational +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: [Identity_and_access_management] +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +--- + ## 5.15 Access control | Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains | diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.16-Identity-management.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.16-Identity-management.md index 481ee8d..39667e3 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.16-Identity-management.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.16-Identity-management.md @@ -1,3 +1,25 @@ +--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.16" +title: "Identity management" +theme: Organizational +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: [Identity_and_access_management] +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +--- + ## 5.16 Identity management | Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains | diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.17-Authentication-information.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.17-Authentication-information.md index 50be34b..5e39e04 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.17-Authentication-information.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.17-Authentication-information.md @@ -1,3 +1,25 @@ +--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.17" +title: "Authentication information" +theme: Organizational +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: [Identity_and_access_management] +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +--- + ## 5.17 Authentication information ### Control diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.18-Access-rights.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.18-Access-rights.md index 7020cd9..9594348 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.18-Access-rights.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.18-Access-rights.md @@ -1,3 +1,25 @@ +--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.18" +title: "Access rights" +theme: Organizational +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: [Identity_and_access_management] +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +--- + ## 5.18 Access rights | Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains | diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.19-Information-security-in-supplier-relationships.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.19-Information-security-in-supplier-relationships.md index a614244..995967d 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.19-Information-security-in-supplier-relationships.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.19-Information-security-in-supplier-relationships.md @@ -1,3 +1,27 @@ +--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.19" +title: "Information security in supplier relationships" +theme: Organizational +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Identify] +operational_capabilities: [Supplier_relationships_security] +security_domains: + - Governance_and_Ecosystem + - Protection +tags: + - iso27002/2022/EN +status: active +--- + ## 5.19 Information security in supplier relationships **Control** diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.2-Information-security-roles-and-responsibilities.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.2-Information-security-roles-and-responsibilities.md index 7b88880..80d91f8 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.2-Information-security-roles-and-responsibilities.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.2-Information-security-roles-and-responsibilities.md @@ -1,3 +1,28 @@ +--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.2" +title: "Information security roles and responsibilities" +theme: Organizational +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Identify] +operational_capabilities: [Governance] +security_domains: + - Governance_and_Ecosystem + - Protection + - Resilience +tags: + - iso27002/2022/EN +status: active +--- + ## 5.2 Information security roles and responsibilities ### Control diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.20-Addressing-information-security-within-supplier-agreements.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.20-Addressing-information-security-within-supplier-agreements.md index 3eecb00..eb89626 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.20-Addressing-information-security-within-supplier-agreements.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.20-Addressing-information-security-within-supplier-agreements.md @@ -1,3 +1,27 @@ +--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.20" +title: "Addressing information security within supplier agreements" +theme: Organizational +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Identify] +operational_capabilities: [Supplier_relationships_security] +security_domains: + - Governance_and_Ecosystem + - Protection +tags: + - iso27002/2022/EN +status: active +--- + ## 5.20 Addressing information security within supplier agreements **Control** diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.21-Managing-information-security-in-the-ICT-supply-chain.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.21-Managing-information-security-in-the-ICT-supply-chain.md index 5d9418c..41dcb24 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.21-Managing-information-security-in-the-ICT-supply-chain.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.21-Managing-information-security-in-the-ICT-supply-chain.md @@ -1,3 +1,27 @@ +--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.21" +title: "Managing information security in the ICT supply chain" +theme: Organizational +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Identify] +operational_capabilities: [Supplier_relationships_security] +security_domains: + - Governance_and_Ecosystem + - Protection +tags: + - iso27002/2022/EN +status: active +--- + ## 5.21 Managing information security in the ICT supply chain **Control** diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.22-Monitoring-review-and-change-management-of-supplier-services.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.22-Monitoring-review-and-change-management-of-supplier-services.md index 885d951..130c23e 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.22-Monitoring-review-and-change-management-of-supplier-services.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.22-Monitoring-review-and-change-management-of-supplier-services.md @@ -1,3 +1,29 @@ +--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.22" +title: "Monitoring, review and change management of supplier services" +theme: Organizational +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Identify] +operational_capabilities: [Supplier_relationships_security] +security_domains: + - Governance_and_Ecosystem + - Protection + - Defence + - Information_security_assurance +tags: + - iso27002/2022/EN +status: active +--- + ## 5.22 Monitoring, review, and change management of supplier services **Control** diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.23-Information-security-for-use-of-cloud-services.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.23-Information-security-for-use-of-cloud-services.md index e13d64d..fb545dc 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.23-Information-security-for-use-of-cloud-services.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.23-Information-security-for-use-of-cloud-services.md @@ -1,3 +1,27 @@ +--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.23" +title: "Information security for use of cloud services" +theme: Organizational +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: [Supplier_relationships_security] +security_domains: + - Governance_and_Ecosystem + - Protection +tags: + - iso27002/2022/EN +status: active +--- + ## 5.23 Information security for use of cloud services #### Control diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.24-Information-security-incident-management-planning-and-preparation.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.24-Information-security-incident-management-planning-and-preparation.md index a2bd547..962fcfe 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.24-Information-security-incident-management-planning-and-preparation.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.24-Information-security-incident-management-planning-and-preparation.md @@ -1,3 +1,29 @@ +--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.24" +title: "Information security incident management planning and preparation" +theme: Organizational +control_type: [Corrective] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: + - Respond + - Recover +operational_capabilities: + - Governance + - Information_security_event_management +security_domains: [Defence] +tags: + - iso27002/2022/EN +status: active +--- + ## 5.24 Information security incident management planning and preparation #### Control diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.25-Assessment-and-decision-on-information-security-events.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.25-Assessment-and-decision-on-information-security-events.md index 827c3ad..a1b7232 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.25-Assessment-and-decision-on-information-security-events.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.25-Assessment-and-decision-on-information-security-events.md @@ -1,3 +1,27 @@ +--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.25" +title: "Assessment and decision on information security events" +theme: Organizational +control_type: [Detective] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: + - Detect + - Respond +operational_capabilities: [Information_security_event_management] +security_domains: [Defence] +tags: + - iso27002/2022/EN +status: active +--- + ## 5.25 Assessment and decision on information security events diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.26-Response-to-information-security-incidents.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.26-Response-to-information-security-incidents.md index f1a470f..cad7485 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.26-Response-to-information-security-incidents.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.26-Response-to-information-security-incidents.md @@ -1,3 +1,27 @@ +--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.26" +title: "Response to information security incidents" +theme: Organizational +control_type: [Corrective] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: + - Respond + - Recover +operational_capabilities: [Information_security_event_management] +security_domains: [Defence] +tags: + - iso27002/2022/EN +status: active +--- + ## 5.26 Response to information security incidents diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.27-Learning-from-information-security-incidents.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.27-Learning-from-information-security-incidents.md index 089f267..a9c839a 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.27-Learning-from-information-security-incidents.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.27-Learning-from-information-security-incidents.md @@ -1,3 +1,27 @@ +--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.27" +title: "Learning from information security incidents" +theme: Organizational +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: + - Identify + - Protect +operational_capabilities: [Information_security_event_management] +security_domains: [Defence] +tags: + - iso27002/2022/EN +status: active +--- + ## 5.27 Learning from information security incidents #### Control diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.28-Collection-of-evidence.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.28-Collection-of-evidence.md index d4b3cff..862ba24 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.28-Collection-of-evidence.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.28-Collection-of-evidence.md @@ -1,3 +1,27 @@ +--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.28" +title: "Collection of evidence" +theme: Organizational +control_type: [Corrective] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: + - Detect + - Respond +operational_capabilities: [Information_security_event_management] +security_domains: [Defence] +tags: + - iso27002/2022/EN +status: active +--- + ## 5.28 Collection of evidence diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.29-Information-security-during-disruption.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.29-Information-security-during-disruption.md index 24172cd..d8bcf2a 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.29-Information-security-during-disruption.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.29-Information-security-during-disruption.md @@ -1,3 +1,31 @@ +--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.29" +title: "Information security during disruption" +theme: Organizational +control_type: + - Preventive + - Corrective +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: + - Protect + - Respond +operational_capabilities: [Continuity] +security_domains: + - Protection + - Resilience +tags: + - iso27002/2022/EN +status: active +--- + ## 5.29 Information security during disruption | Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains | diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.3-Segregation-of-duties.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.3-Segregation-of-duties.md index f8858ba..a5c86c7 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.3-Segregation-of-duties.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.3-Segregation-of-duties.md @@ -1,3 +1,27 @@ +--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.3" +title: "Segregation of duties" +theme: Organizational +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: + - Governance + - Identity_and_access_management +security_domains: [Governance_and_Ecosystem] +tags: + - iso27002/2022/EN +status: active +--- + ## 5.3 Segregation of duties ### Control diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.30-ICT-readiness-for-business-continuity.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.30-ICT-readiness-for-business-continuity.md index 0c3c50a..369fd10 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.30-ICT-readiness-for-business-continuity.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.30-ICT-readiness-for-business-continuity.md @@ -1,3 +1,22 @@ +--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.30" +title: "ICT readiness for business continuity" +theme: Organizational +control_type: [Corrective] +information_security_properties: [Availability] +cybersecurity_concepts: [Respond] +operational_capabilities: [Continuity] +security_domains: [Resilience] +tags: + - iso27002/2022/EN +status: active +--- + ## **5.30** **ICT** **readiness** **for** **business** continuity ## Purpose diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.31-Legal-statutory-regulatory-and-contractual-requirements.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.31-Legal-statutory-regulatory-and-contractual-requirements.md index 03202b6..52a9de2 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.31-Legal-statutory-regulatory-and-contractual-requirements.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.31-Legal-statutory-regulatory-and-contractual-requirements.md @@ -1,3 +1,27 @@ +--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.31" +title: "Legal, statutory, regulatory and contractual requirements" +theme: Organizational +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Identify] +operational_capabilities: [Legal_and_compliance] +security_domains: + - Governance_and_Ecosystem + - Protection +tags: + - iso27002/2022/EN +status: active +--- + ## 5.31 Legal, statutory, regulatory and contractual requirements | Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains | diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.32-Intellectual-property-rights.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.32-Intellectual-property-rights.md index 6637786..37131c8 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.32-Intellectual-property-rights.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.32-Intellectual-property-rights.md @@ -1,3 +1,25 @@ +--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.32" +title: "Intellectual property rights" +theme: Organizational +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Identify] +operational_capabilities: [Legal_and_compliance] +security_domains: [Governance_and_Ecosystem] +tags: + - iso27002/2022/EN +status: active +--- + ## 5.32 Intellectual property rights **Control** diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.33-Protection-of-records.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.33-Protection-of-records.md index b4d26f3..ce7419d 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.33-Protection-of-records.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.33-Protection-of-records.md @@ -1,11 +1,30 @@ +--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.33" +title: "Protection of records" +theme: Organizational +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: + - Identify + - Protect +operational_capabilities: + - Legal_and_compliance + - Asset_management + - Information_protection +security_domains: [Defence] +tags: + - iso27002/2022/EN +status: active +--- ## 5.33 Protection of records - - - -| Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains | -| ------------ | ----------------------------------------- | ---------------------- | --------------------------------------------------------------- | ---------------- | -| #Preventive | #Confidentiality #Integrity #Availability | #Identify #Protect | #Legal_and_compliance #Asset_management #Information_protection | #Defence | - **Control** Records should be protected from loss, destruction, falsification, unauthorized access and unauthorized release. diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.34-Privacy-and-protection-of-PII.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.34-Privacy-and-protection-of-PII.md index cf279bd..fb4756e 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.34-Privacy-and-protection-of-PII.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.34-Privacy-and-protection-of-PII.md @@ -1,10 +1,31 @@ +--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.34" +title: "Privacy and protection of PII" +theme: Organizational +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: + - Identify + - Protect +operational_capabilities: + - Information_protection + - Legal_and_compliance +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +--- + ## 5.34 Privacy and protection of PII - - -| Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains | -| ------------ | ----------------------------------------- | ---------------------- | --------------------------------------------- | ---------------- | -| #Preventive | #Confidentiality #Integrity #Availability | #Identify #Protect | #Information_protection #Legal_and_compliance | #Protection | **Control** The organization should identify and meet the requirements regarding the preservation of privacy and protection of PII according to applicable laws and regulations and contractual requirements. diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.35-Independent-review-of-information-security.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.35-Independent-review-of-information-security.md index 893e829..16314aa 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.35-Independent-review-of-information-security.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.35-Independent-review-of-information-security.md @@ -1,3 +1,29 @@ +--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.35" +title: "Independent review of information security" +theme: Organizational +control_type: + - Preventive + - Corrective +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: + - Identify + - Protect +operational_capabilities: [Information_security_assurance] +security_domains: [Governance_and_Ecosystem] +tags: + - iso27002/2022/EN +status: active +--- + ## 5.35 Independent review of information security diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.36-Compliance-with-policies-rules-and-standards-for-information-security.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.36-Compliance-with-policies-rules-and-standards-for-information-security.md index ed00652..564b7d4 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.36-Compliance-with-policies-rules-and-standards-for-information-security.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.36-Compliance-with-policies-rules-and-standards-for-information-security.md @@ -1,3 +1,29 @@ +--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.36" +title: "Compliance with policies, rules and standards for information security" +theme: Organizational +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: + - Identify + - Protect +operational_capabilities: + - Legal_and_compliance + - Information_security_assurance +security_domains: [Governance_and_Ecosystem] +tags: + - iso27002/2022/EN +status: active +--- + ## 5.36 Compliance with policies, rules and standards for information security | Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains | diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.37-Documented-operating-procedures.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.37-Documented-operating-procedures.md index 741a191..e623cf2 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.37-Documented-operating-procedures.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.37-Documented-operating-procedures.md @@ -1,3 +1,41 @@ +--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.37" +title: "Documented operating procedures" +theme: Organizational +control_type: + - Preventive + - Corrective +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: + - Protect + - Recover +operational_capabilities: + - Asset_management + - Physical_security + - System_and_network_security + - Application_security + - Secure_configuration + - Identity_and_access_management + - Threat_and_vulnerability_management + - Continuity + - Information_security_event_management +security_domains: + - Governance_and_Ecosystem + - Protection + - Defence +tags: + - iso27002/2022/EN +status: active +--- + ## 5.37 Documented operating procedures | Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains | diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.4-Management-responsibilities.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.4-Management-responsibilities.md index 113f2e7..4aeac14 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.4-Management-responsibilities.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.4-Management-responsibilities.md @@ -1,3 +1,25 @@ +--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.4" +title: "Management responsibilities" +theme: Organizational +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Identify] +operational_capabilities: [Governance] +security_domains: [Governance_and_Ecosystem] +tags: + - iso27002/2022/EN +status: active +--- + ## 5.4 Management responsibilities #### Control diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.5-Contact-with-authorities.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.5-Contact-with-authorities.md index a6fcb18..0549e0c 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.5-Contact-with-authorities.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.5-Contact-with-authorities.md @@ -1,3 +1,33 @@ +--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.5" +title: "Contact with authorities" +theme: Organizational +control_type: + - Preventive + - Corrective +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: + - Identify + - Protect + - Respond + - Recover +operational_capabilities: [Governance] +security_domains: + - Defence + - Resilience +tags: + - iso27002/2022/EN +status: active +--- + ## 5.5 Contact with authorities #### Control diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.6-Contact-with-special-interest-groups.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.6-Contact-with-special-interest-groups.md index 3756091..6e426df 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.6-Contact-with-special-interest-groups.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.6-Contact-with-special-interest-groups.md @@ -1,3 +1,30 @@ +--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.6" +title: "Contact with special interest groups" +theme: Organizational +control_type: + - Preventive + - Corrective +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: + - Protect + - Respond + - Recover +operational_capabilities: [Governance] +security_domains: [Defence] +tags: + - iso27002/2022/EN +status: active +--- + ## 5.6 Contact with special interest groups #### Control diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.7-Threat-intelligence.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.7-Threat-intelligence.md index ff4ee61..c4f05a3 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.7-Threat-intelligence.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.7-Threat-intelligence.md @@ -1,3 +1,33 @@ +--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.7" +title: "Threat intelligence" +theme: Organizational +control_type: + - Preventive + - Detective + - Corrective +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: + - Identify + - Detect + - Respond +operational_capabilities: [Threat_and_vulnerability_management] +security_domains: + - Defence + - Resilience +tags: + - iso27002/2022/EN +status: active +--- + ## 5.7 Threat intelligence #### Control diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.8-Information-security-in-project-management.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.8-Information-security-in-project-management.md index 7d9150b..a78489a 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.8-Information-security-in-project-management.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.8-Information-security-in-project-management.md @@ -1,3 +1,29 @@ +--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.8" +title: "Information security in project management" +theme: Organizational +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: + - Identify + - Protect +operational_capabilities: [Governance] +security_domains: + - Governance_and_Ecosystem + - Protection +tags: + - iso27002/2022/EN +status: active +--- + ## 5.8 Information security in project management #### Control diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.9-Inventory-of-information-and-other-associated-assets.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.9-Inventory-of-information-and-other-associated-assets.md index 26c260a..3fa68cb 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.9-Inventory-of-information-and-other-associated-assets.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.9-Inventory-of-information-and-other-associated-assets.md @@ -1,3 +1,27 @@ +--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.9" +title: "Inventory of information and other associated assets" +theme: Organizational +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Identify] +operational_capabilities: [Asset_management] +security_domains: + - Governance_and_Ecosystem + - Protection +tags: + - iso27002/2022/EN +status: active +--- + ## 5.9 Inventory of information and other associated assets | Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains | diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-6.1-Screening.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-6.1-Screening.md index 602ffc2..8eedae4 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-6.1-Screening.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-6.1-Screening.md @@ -1,3 +1,25 @@ +--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.6.1" +title: "Screening" +theme: People +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: [Human_resource_security] +security_domains: [Governance_and_Ecosystem] +tags: + - iso27002/2022/EN +status: active +--- + ## 6.1 Screening | **Control type** | **Information security properties** | **Cybersecurity concepts** | **Operational capabilities** | **Security domains** | diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-6.2-Terms-and-conditions-of-employment.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-6.2-Terms-and-conditions-of-employment.md index 5583450..54b967b 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-6.2-Terms-and-conditions-of-employment.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-6.2-Terms-and-conditions-of-employment.md @@ -1,3 +1,25 @@ +--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.6.2" +title: "Terms and conditions of employment" +theme: People +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: [Human_resource_security] +security_domains: [Governance_and_Ecosystem] +tags: + - iso27002/2022/EN +status: active +--- + ## 6.2 Terms and conditions of employment | **Control type** | **Information security properties** | **Cybersecurity concepts** | **Operational capabilities** | **Security domains** | diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-6.3-Information-security-awareness-education-and-training.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-6.3-Information-security-awareness-education-and-training.md index f290ca1..63dfd7d 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-6.3-Information-security-awareness-education-and-training.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-6.3-Information-security-awareness-education-and-training.md @@ -1,3 +1,25 @@ +--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.6.3" +title: "Information security awareness, education and training" +theme: People +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: [Human_resource_security] +security_domains: [Governance_and_Ecosystem] +tags: + - iso27002/2022/EN +status: active +--- + ## 6.3 Information security awareness, education and training | **Control type** | **Information security properties** | **Cybersecurity concepts** | **Operational capabilities** | **Security domains** | diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-6.4-Disciplinary-process.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-6.4-Disciplinary-process.md index b2f1db0..ed8d099 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-6.4-Disciplinary-process.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-6.4-Disciplinary-process.md @@ -1,3 +1,29 @@ +--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.6.4" +title: "Disciplinary process" +theme: People +control_type: + - Preventive + - Corrective +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: + - Protect + - Respond +operational_capabilities: [Human_resource_security] +security_domains: [Governance_and_Ecosystem] +tags: + - iso27002/2022/EN +status: active +--- + ## 6.4 Disciplinary process diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-6.5-Responsibilities-after-termination-or-change-of-employment.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-6.5-Responsibilities-after-termination-or-change-of-employment.md index e8e029d..bfa122e 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-6.5-Responsibilities-after-termination-or-change-of-employment.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-6.5-Responsibilities-after-termination-or-change-of-employment.md @@ -1,3 +1,27 @@ +--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.6.5" +title: "Responsibilities after termination or change of employment" +theme: People +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: + - Human_resource_security + - Asset_management +security_domains: [Governance_and_Ecosystem] +tags: + - iso27002/2022/EN +status: active +--- + ## 6.5 Responsibilities after termination or change of employment | **Control type** | **Information security properties** | **Cybersecurity concepts** | **Operational capabilities** | **Security domains** | diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-6.6-Confidentiality-or-non-disclosure-agreements.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-6.6-Confidentiality-or-non-disclosure-agreements.md index be79fae..e03a3fe 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-6.6-Confidentiality-or-non-disclosure-agreements.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-6.6-Confidentiality-or-non-disclosure-agreements.md @@ -1,3 +1,25 @@ +--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.6.6" +title: "Confidentiality or non-disclosure agreements" +theme: People +control_type: [Preventive] +information_security_properties: [Confidentiality] +cybersecurity_concepts: [Protect] +operational_capabilities: + - Human_resource_security + - Information_protection + - Supplier_relationships_security +security_domains: [Governance_and_Ecosystem] +tags: + - iso27002/2022/EN +status: active +--- + ## 6.6 Confidentiality or non-disclosure agreements diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-6.7-Remote-working.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-6.7-Remote-working.md index 289fc7c..56625d9 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-6.7-Remote-working.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-6.7-Remote-working.md @@ -1,3 +1,29 @@ +--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.6.7" +title: "Remote working" +theme: People +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: + - Asset_management + - Information_protection + - Physical_security + - System_and_network_security +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +--- + ## 6.7 Remote working diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-6.8-Information-security-event-reporting.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-6.8-Information-security-event-reporting.md index 0c1aec9..0d7cf69 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-6.8-Information-security-event-reporting.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-6.8-Information-security-event-reporting.md @@ -1,13 +1,26 @@ +--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.6.8" +title: "Information security event reporting" +theme: People +control_type: [Detective] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Detect] +operational_capabilities: [Information_security_event_management] +security_domains: [Defence] +tags: + - iso27002/2022/EN +status: active +--- + ## 6.8 Information security event reporting - - - -| **Control type** | **Information security properties** | **Cybersecurity concepts** | **Operational capabilities** | **Security domains** | - -|------------------|-----------------------------------------|---------------------------|---------------------------------------------|---------------------| - -| #Detective | #Confidentiality #Integrity #Availability | #Detect | #Information_security_event_management | #Defence | - **Control** diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-7.1-Physical-security-perimeters.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-7.1-Physical-security-perimeters.md index 2f6f13a..80a4728 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-7.1-Physical-security-perimeters.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-7.1-Physical-security-perimeters.md @@ -1,9 +1,26 @@ +--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.7.1" +title: "Physical security perimeters" +theme: Physical +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: [Physical_security] +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +--- ## 7.1 Physical security perimeters -| **Control type** | **Information security properties** | **Cybersecurity concepts** | **Operational capabilities** | **Security domains** | -|------------------|-----------------------------------------|---------------------------|-----------------------------------|---------------------| -| #Preventive | #Confidentiality #Integrity #Availability | #Protect | #Physical_security | - **Control** Security perimeters should be defined and used to protect areas that contain information and other associated assets. diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-7.10-Storage-media.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-7.10-Storage-media.md index a22aea1..1c1bd65 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-7.10-Storage-media.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-7.10-Storage-media.md @@ -1,3 +1,27 @@ +--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.7.10" +title: "Storage media" +theme: Physical +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: + - Physical_security + - Asset_management +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +--- + ## 7.10 Storage media diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-7.11-Supporting-utilities.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-7.11-Supporting-utilities.md index 3ee2bd9..fabb66e 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-7.11-Supporting-utilities.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-7.11-Supporting-utilities.md @@ -1,3 +1,28 @@ +--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.7.11" +title: "Supporting utilities" +theme: Physical +control_type: + - Preventive + - Detective +information_security_properties: + - Integrity + - Availability +cybersecurity_concepts: + - Protect + - Detect +operational_capabilities: [Physical_security] +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +--- + ## 7.11 Supporting utilities diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-7.12-Cabling-security.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-7.12-Cabling-security.md index 26f7384..325389c 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-7.12-Cabling-security.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-7.12-Cabling-security.md @@ -1,3 +1,24 @@ +--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.7.12" +title: "Cabling security" +theme: Physical +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: [Physical_security] +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +--- + ## 7.12 Cabling security diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-7.13-Equipment-maintenance.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-7.13-Equipment-maintenance.md index 2f16d29..c2fc6fb 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-7.13-Equipment-maintenance.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-7.13-Equipment-maintenance.md @@ -1,3 +1,29 @@ +--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.7.13" +title: "Equipment maintenance" +theme: Physical +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: + - Physical_security + - Asset_management +security_domains: + - Protection + - Resilience +tags: + - iso27002/2022/EN +status: active +--- + ## 7.13 Equipment maintenance diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-7.14-Secure-disposal-or-re-use-of-equipment.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-7.14-Secure-disposal-or-re-use-of-equipment.md index c3867ad..673ee9a 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-7.14-Secure-disposal-or-re-use-of-equipment.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-7.14-Secure-disposal-or-re-use-of-equipment.md @@ -1,3 +1,24 @@ +--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.7.14" +title: "Secure disposal or re-use of equipment" +theme: Physical +control_type: [Preventive] +information_security_properties: [Confidentiality] +cybersecurity_concepts: [Protect] +operational_capabilities: + - Physical_security + - Asset_management +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +--- + ## 7.14 Secure disposal or re-use of equipment diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-7.2-Physical-entry.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-7.2-Physical-entry.md index 0208a84..5700a52 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-7.2-Physical-entry.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-7.2-Physical-entry.md @@ -1,14 +1,30 @@ +--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.7.2" +title: "Physical entry" +theme: Physical +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: + - Physical_security + - Identity_and_access_management +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +--- + ## 7.2 Physical entry - -| **Control type** | **Information security properties** | **Cybersecurity concepts** | **Operational capabilities** | **Security domains** | - -|------------------|-----------------------------------------|---------------------------|-----------------------------------------------------|---------------------| - -| #Preventive | #Confidentiality #Integrity #Availability | #Protect | #Physical_security #Identity_and_Access - - **Control** diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-7.3-Securing-offices-rooms-and-facilities.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-7.3-Securing-offices-rooms-and-facilities.md index 1b83685..aad9a52 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-7.3-Securing-offices-rooms-and-facilities.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-7.3-Securing-offices-rooms-and-facilities.md @@ -1,3 +1,27 @@ +--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.7.3" +title: "Securing offices, rooms and facilities" +theme: Physical +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: + - Physical_security + - Asset_management +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +--- + ## 7.3 Securing offices, rooms and facilities diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-7.4-Physical-security-monitoring.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-7.4-Physical-security-monitoring.md index ab30fdb..76dd130 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-7.4-Physical-security-monitoring.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-7.4-Physical-security-monitoring.md @@ -1,3 +1,31 @@ +--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.7.4" +title: "Physical security monitoring" +theme: Physical +control_type: + - Preventive + - Detective +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: + - Protect + - Detect +operational_capabilities: [Physical_security] +security_domains: + - Protection + - Defence +tags: + - iso27002/2022/EN +status: active +--- + ## 7.4 Physical security monitoring diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-7.5-Protecting-against-physical-and-environmental-threats.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-7.5-Protecting-against-physical-and-environmental-threats.md index b20093b..da7edb2 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-7.5-Protecting-against-physical-and-environmental-threats.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-7.5-Protecting-against-physical-and-environmental-threats.md @@ -1,3 +1,25 @@ +--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.7.5" +title: "Protecting against physical and environmental threats" +theme: Physical +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: [Physical_security] +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +--- + ## 7.5 Protecting against physical and environmental threats diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-7.6-Working-in-secure-areas.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-7.6-Working-in-secure-areas.md index 4cc388d..ca8a5ab 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-7.6-Working-in-secure-areas.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-7.6-Working-in-secure-areas.md @@ -1,3 +1,25 @@ +--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.7.6" +title: "Working in secure areas" +theme: Physical +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: [Physical_security] +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +--- + ## 7.6 Working in secure areas diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-7.7-Clear-desk-and-clear-screen.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-7.7-Clear-desk-and-clear-screen.md index 04aa36a..12039b9 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-7.7-Clear-desk-and-clear-screen.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-7.7-Clear-desk-and-clear-screen.md @@ -1,3 +1,22 @@ +--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.7.7" +title: "Clear desk and clear screen" +theme: Physical +control_type: [Preventive] +information_security_properties: [Confidentiality] +cybersecurity_concepts: [Protect] +operational_capabilities: [Physical_security] +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +--- + ## 7.7 Clear desk and clear screen diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-7.8-Equipment-siting-and-protection.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-7.8-Equipment-siting-and-protection.md index 0f5874a..7c554dc 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-7.8-Equipment-siting-and-protection.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-7.8-Equipment-siting-and-protection.md @@ -1,3 +1,27 @@ +--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.7.8" +title: "Equipment siting and protection" +theme: Physical +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: + - Physical_security + - Asset_management +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +--- + ## 7.8 Equipment siting and protection diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-7.9-Security-of-assets-off-premises.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-7.9-Security-of-assets-off-premises.md index 79afda5..47b2ce1 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-7.9-Security-of-assets-off-premises.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-7.9-Security-of-assets-off-premises.md @@ -1,3 +1,27 @@ +--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.7.9" +title: "Security of assets off-premises" +theme: Physical +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: + - Physical_security + - Asset_management +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +--- + ## 7.9 Security of assets off-premises diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.1-User-endpoint-devices.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.1-User-endpoint-devices.md index a5a364b..37df8d1 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.1-User-endpoint-devices.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.1-User-endpoint-devices.md @@ -1,3 +1,27 @@ +--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.1" +title: "User endpoint devices" +theme: Technological +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: + - Asset_management + - Information_protection +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +--- + ## 8.1 User endpoint devices diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.10-Information-deletion.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.10-Information-deletion.md index edf72c5..ee1fe68 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.10-Information-deletion.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.10-Information-deletion.md @@ -1,3 +1,24 @@ +--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.10" +title: "Information deletion" +theme: Technological +control_type: [Preventive] +information_security_properties: [Confidentiality] +cybersecurity_concepts: [Protect] +operational_capabilities: + - Information_protection + - Legal_and_compliance +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +--- + ## 8.10 Information deletion | **Control type** | **Information security properties** | **Cybersecurity concepts** | **Operational capabilities** | **Security domains** | diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.11-Data-masking.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.11-Data-masking.md index a09772a..33a9c73 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.11-Data-masking.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.11-Data-masking.md @@ -1,3 +1,22 @@ +--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.11" +title: "Data masking" +theme: Technological +control_type: [Preventive] +information_security_properties: [Confidentiality] +cybersecurity_concepts: [Protect] +operational_capabilities: [Information_protection] +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +--- + ## 8.11 Data masking | **Control type** | **Information security properties** | **Cybersecurity concepts** | **Operational capabilities** | **Security domains** | diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.12-Data-leakage-prevention.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.12-Data-leakage-prevention.md index ec2d2c2..4c18b96 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.12-Data-leakage-prevention.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.12-Data-leakage-prevention.md @@ -1,3 +1,28 @@ +--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.12" +title: "Data leakage prevention" +theme: Technological +control_type: + - Preventive + - Detective +information_security_properties: [Confidentiality] +cybersecurity_concepts: + - Protect + - Detect +operational_capabilities: [Information_protection] +security_domains: + - Protection + - Defence +tags: + - iso27002/2022/EN +status: active +--- + ## 8.12 Data leakage prevention | **Control type** | **Information security properties** | **Cybersecurity concepts** | **Operational capabilities** | **Security domains** | diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.13-Information-backup.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.13-Information-backup.md index f3baf55..65000f0 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.13-Information-backup.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.13-Information-backup.md @@ -1,3 +1,24 @@ +--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.13" +title: "Information backup" +theme: Technological +control_type: [Corrective] +information_security_properties: + - Integrity + - Availability +cybersecurity_concepts: [Recover] +operational_capabilities: [Continuity] +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +--- + ## 8.13 Information backup | Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains | diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.14-Redundancy-of-information-processing-facilities.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.14-Redundancy-of-information-processing-facilities.md index d1266e8..344c568 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.14-Redundancy-of-information-processing-facilities.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.14-Redundancy-of-information-processing-facilities.md @@ -1,3 +1,26 @@ +--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.14" +title: "Redundancy of information processing facilities" +theme: Technological +control_type: [Preventive] +information_security_properties: [Availability] +cybersecurity_concepts: [Protect] +operational_capabilities: + - Continuity + - Asset_management +security_domains: + - Protection + - Resilience +tags: + - iso27002/2022/EN +status: active +--- + ## 8.14 Redundancy of information processing facilities | Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains | diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.15-Logging.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.15-Logging.md index 2fe1db6..68493e9 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.15-Logging.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.15-Logging.md @@ -1,3 +1,27 @@ +--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.15" +title: "Logging" +theme: Technological +control_type: [Detective] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Detect] +operational_capabilities: [Information_security_event_management] +security_domains: + - Protection + - Defence +tags: + - iso27002/2022/EN +status: active +--- + ## 8.15 Logging | **Control type** | **Information security properties** | **Cybersecurity concepts** | **Operational capabilities** | **Security domains** | diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.16-Monitoring-activities.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.16-Monitoring-activities.md index f2df294..b7cbb7e 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.16-Monitoring-activities.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.16-Monitoring-activities.md @@ -1,3 +1,29 @@ +--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.16" +title: "Monitoring activities" +theme: Technological +control_type: + - Detective + - Corrective +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: + - Detect + - Respond +operational_capabilities: [Information_security_event_management] +security_domains: [Defence] +tags: + - iso27002/2022/EN +status: active +--- + ## 8.16 Monitoring activities | **Control type** | **Information security properties** | **Cybersecurity concepts** | **Operational capabilities** | **Security domains** | diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.17-Clock-synchronization.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.17-Clock-synchronization.md index 7b5e866..dbc2438 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.17-Clock-synchronization.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.17-Clock-synchronization.md @@ -1,3 +1,26 @@ +--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.17" +title: "Clock synchronization" +theme: Technological +control_type: [Detective] +information_security_properties: [Integrity] +cybersecurity_concepts: + - Protect + - Detect +operational_capabilities: [Information_security_event_management] +security_domains: + - Protection + - Defence +tags: + - iso27002/2022/EN +status: active +--- + ## 8.17 Clock synchronization | **Control type** | **Information security properties** | **Cybersecurity concepts** | **Operational capabilities** | **Security domains** | diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.18-Use-of-privileged-utility-programs.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.18-Use-of-privileged-utility-programs.md index 51c226f..d56d89f 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.18-Use-of-privileged-utility-programs.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.18-Use-of-privileged-utility-programs.md @@ -1,3 +1,28 @@ +--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.18" +title: "Use of privileged utility programs" +theme: Technological +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: + - System_and_network_security + - Secure_configuration + - Application_security +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +--- + ## 8.18 Use of privileged utility programs | Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains | diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.19-Installation-of-software-on-operational-systems.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.19-Installation-of-software-on-operational-systems.md index cf3feb6..b24a47d 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.19-Installation-of-software-on-operational-systems.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.19-Installation-of-software-on-operational-systems.md @@ -1,3 +1,27 @@ +--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.19" +title: "Installation of software on operational systems" +theme: Technological +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: + - Secure_configuration + - Application_security +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +--- + ## 8.19 Installation of software on operational systems | Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains | diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.2-Privileged-access-rights.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.2-Privileged-access-rights.md index e9422e8..f1108ad 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.2-Privileged-access-rights.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.2-Privileged-access-rights.md @@ -1,3 +1,25 @@ +--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.2" +title: "Privileged access rights" +theme: Technological +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: [Identity_and_access_management] +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +--- + ## 8.2 Privileged access rights | Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains | diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.20-Networks-security.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.20-Networks-security.md index b00856b..bdf8c97 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.20-Networks-security.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.20-Networks-security.md @@ -1,3 +1,29 @@ +--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.20" +title: "Networks security" +theme: Technological +control_type: + - Preventive + - Detective +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: + - Protect + - Detect +operational_capabilities: [System_and_network_security] +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +--- + ## 8.20 Networks security diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.21-Security-of-network-services.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.21-Security-of-network-services.md index 66c0216..e05780b 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.21-Security-of-network-services.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.21-Security-of-network-services.md @@ -1,3 +1,25 @@ +--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.21" +title: "Security of network services" +theme: Technological +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: [System_and_network_security] +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +--- + ## 8.21 Security of network services | Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains | diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.22-Segregation-of-networks.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.22-Segregation-of-networks.md index 9449c18..cf6511f 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.22-Segregation-of-networks.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.22-Segregation-of-networks.md @@ -1,3 +1,25 @@ +--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.22" +title: "Segregation of networks" +theme: Technological +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: [System_and_network_security] +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +--- + ## 8.22 Segregation of networks | Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains | diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.23-Web-filtering.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.23-Web-filtering.md index 2925df8..12063bb 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.23-Web-filtering.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.23-Web-filtering.md @@ -1,3 +1,25 @@ +--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.23" +title: "Web filtering" +theme: Technological +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: [System_and_network_security] +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +--- + ## 8.23 Web filtering | Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains | diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.24-Use-of-cryptography.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.24-Use-of-cryptography.md index 2b5eb7a..22effd6 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.24-Use-of-cryptography.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.24-Use-of-cryptography.md @@ -1,3 +1,25 @@ +--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.24" +title: "Use of cryptography" +theme: Technological +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: [Secure_configuration] +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +--- + ## 8.24 Use of cryptography diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.25-Secure-development-life-cycle.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.25-Secure-development-life-cycle.md index 6a9422e..883039d 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.25-Secure-development-life-cycle.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.25-Secure-development-life-cycle.md @@ -1,3 +1,27 @@ +--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.25" +title: "Secure development life cycle" +theme: Technological +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: + - Application_security + - System_and_network_security +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +--- + ## 8.25 Secure development life cycle | Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains | diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.26-Application-security-requirements.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.26-Application-security-requirements.md index 43a9ca1..a7987c3 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.26-Application-security-requirements.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.26-Application-security-requirements.md @@ -1,3 +1,29 @@ +--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.26" +title: "Application security requirements" +theme: Technological +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: + - Application_security + - System_and_network_security +security_domains: + - Protection + - Defence +tags: + - iso27002/2022/EN +status: active +--- + ## 8.26 Application security requirements | Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains | diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.27-Secure-system-architecture-and-engineering-principles.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.27-Secure-system-architecture-and-engineering-principles.md index 8795494..35d58c5 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.27-Secure-system-architecture-and-engineering-principles.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.27-Secure-system-architecture-and-engineering-principles.md @@ -1,3 +1,27 @@ +--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.27" +title: "Secure system architecture and engineering principles" +theme: Technological +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: + - Application_security + - System_and_network_security +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +--- + ## 8.27 Secure system architecture and engineering principles | Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains | diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.28-Secure-coding.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.28-Secure-coding.md index 6e6ba21..afc0c21 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.28-Secure-coding.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.28-Secure-coding.md @@ -1,3 +1,27 @@ +--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.28" +title: "Secure coding" +theme: Technological +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: + - Application_security + - System_and_network_security +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +--- + ## 8.28 Secure coding #### Control diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.29-Security-testing-in-development-and-acceptance.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.29-Security-testing-in-development-and-acceptance.md index dabba50..2a76fea 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.29-Security-testing-in-development-and-acceptance.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.29-Security-testing-in-development-and-acceptance.md @@ -1,3 +1,28 @@ +--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.29" +title: "Security testing in development and acceptance" +theme: Technological +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Identify] +operational_capabilities: + - Application_security + - Information_security_assurance + - System_and_network_security +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +--- + ## 8.29 Security testing in development and acceptance | Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains | diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.3-Information-access-restriction.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.3-Information-access-restriction.md index 1ef746b..03bd068 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.3-Information-access-restriction.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.3-Information-access-restriction.md @@ -1,3 +1,25 @@ +--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.3" +title: "Information access restriction" +theme: Technological +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: [Identity_and_access_management] +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +--- + ## 8.3 Information access restriction | Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains | diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.30-Outsourced-development.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.30-Outsourced-development.md index 0d3174d..522cf96 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.30-Outsourced-development.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.30-Outsourced-development.md @@ -1,3 +1,35 @@ +--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.30" +title: "Outsourced development" +theme: Technological +control_type: + - Preventive + - Detective +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: + - Identify + - Protect + - Detect +operational_capabilities: + - System_and_network_security + - Application_security + - Supplier_relationships_security +security_domains: + - Governance_and_Ecosystem + - Protection +tags: + - iso27002/2022/EN +status: active +--- + ## 8.30 Outsourced development | Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains | diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.31-Separation-of-development-test-and-production-environments.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.31-Separation-of-development-test-and-production-environments.md index 191f9e4..4a1a161 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.31-Separation-of-development-test-and-production-environments.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.31-Separation-of-development-test-and-production-environments.md @@ -1,3 +1,27 @@ +--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.31" +title: "Separation of development, test and production environments" +theme: Technological +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: + - Application_security + - System_and_network_security +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +--- + ## 8.31 Separation of development, test and production environments | Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains | diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.32-Change-management.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.32-Change-management.md index 7154dcb..43eeb3a 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.32-Change-management.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.32-Change-management.md @@ -1,3 +1,27 @@ +--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.32" +title: "Change management" +theme: Technological +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: + - Application_security + - System_and_network_security +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +--- + ## 8.32 Change management | Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains | diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.33-Test-information.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.33-Test-information.md index e827f33..aaa013d 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.33-Test-information.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.33-Test-information.md @@ -1,3 +1,24 @@ +--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.33" +title: "Test information" +theme: Technological +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity +cybersecurity_concepts: [Protect] +operational_capabilities: [Information_protection] +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +--- + ## 8.33 Test information | Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains | diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.34-Protection-of-information-systems-during-audit-testing.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.34-Protection-of-information-systems-during-audit-testing.md index 6e209fe..65b607f 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.34-Protection-of-information-systems-during-audit-testing.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.34-Protection-of-information-systems-during-audit-testing.md @@ -1,3 +1,29 @@ +--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.34" +title: "Protection of information systems during audit testing" +theme: Technological +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: + - System_and_network_security + - Information_protection +security_domains: + - Governance_and_Ecosystem + - Protection +tags: + - iso27002/2022/EN +status: active +--- + ## 8.34 Protection of information systems during audit testing | Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains | diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.4-Access-to-source-code.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.4-Access-to-source-code.md index cadaf79..f2e93b9 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.4-Access-to-source-code.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.4-Access-to-source-code.md @@ -1,3 +1,28 @@ +--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.4" +title: "Access to source code" +theme: Technological +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: + - Identity_and_access_management + - Application_security + - Secure_configuration +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +--- + ## 8.4 Access to source code | Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains | diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.5-Secure-authentication.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.5-Secure-authentication.md index 111ab8b..cbedf76 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.5-Secure-authentication.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.5-Secure-authentication.md @@ -1,3 +1,25 @@ +--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.5" +title: "Secure authentication" +theme: Technological +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: [Identity_and_access_management] +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +--- + ## 8.5 Secure authentication | Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains | diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.6-Capacity-management.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.6-Capacity-management.md index 516cb86..581e3f4 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.6-Capacity-management.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.6-Capacity-management.md @@ -1,3 +1,31 @@ +--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.6" +title: "Capacity management" +theme: Technological +control_type: + - Preventive + - Detective +information_security_properties: + - Integrity + - Availability +cybersecurity_concepts: + - Identify + - Protect + - Detect +operational_capabilities: [Continuity] +security_domains: + - Governance_and_Ecosystem + - Protection +tags: + - iso27002/2022/EN +status: active +--- + ## 8.6 Capacity management | Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains | diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.7-Protection-against-malware.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.7-Protection-against-malware.md index 292a238..57590a7 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.7-Protection-against-malware.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.7-Protection-against-malware.md @@ -1,3 +1,34 @@ +--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.7" +title: "Protection against malware" +theme: Technological +control_type: + - Preventive + - Detective + - Corrective +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: + - Protect + - Detect +operational_capabilities: + - System_and_network_security + - Information_protection +security_domains: + - Protection + - Defence +tags: + - iso27002/2022/EN +status: active +--- + ## 8.7  Protection against malware ## Control diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.8-Management-of-technical-vulnerabilities.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.8-Management-of-technical-vulnerabilities.md index 245b592..b925101 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.8-Management-of-technical-vulnerabilities.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.8-Management-of-technical-vulnerabilities.md @@ -1,3 +1,30 @@ +--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.8" +title: "Management of technical vulnerabilities" +theme: Technological +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: + - Identify + - Protect +operational_capabilities: [Threat_and_vulnerability_management] +security_domains: + - Governance_and_Ecosystem + - Protection + - Defence +tags: + - iso27002/2022/EN +status: active +--- + ## 8.8 Management of technical vulnerabilities diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.9-Configuration-management.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.9-Configuration-management.md index 6287b0f..aaf2484 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.9-Configuration-management.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.9-Configuration-management.md @@ -1,3 +1,25 @@ +--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.9" +title: "Configuration management" +theme: Technological +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: [Secure_configuration] +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +--- + ## 8.9 Configuration management ### Control