richardk/iso27diy-corp
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Removed legacy property tables with Kilo

Browse source
This commit is contained in:
Richard Kranendonk 2026-05-02 12:00:56 +02:00
parent 880e2f2044
commit 8d66fc4602
68 changed files with 67 additions and 380 deletions
Download patch file Download diff file Expand all files Collapse all files

55
.kilo/plans/1777714595174-misty-tiger.md Normal file
View file

@ -0,0 +1,55 @@
# Plan to Remove Markdown Tables After First Header in Specified .md Files
## Goal
Remove the markdown table that appears after the first markdown header (## X.Y Title) in 35 specific .md files located in the directory `/Users/rico/src/iso27diy-corp/Corpus/Standards/ISO27x/OST/27002/EN`. These files contain ISO 27002 control descriptions and have a summary table listing Control type, Information security properties, etc., which needs to be removed.
## Analysis
- **Affected Files**: Identified 35 .md files containing the table starting with `| Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains |`.
- **Table Structure**: The table consists of 2-4 lines:
- Header row starting with `| Control type`
- Separator row
- Data row
- Optionally, an empty row
- **Location**: The table appears immediately after the first `##` header (e.g., `## 8.1 User endpoint devices`) and before the `**Control**` section.
- **Pattern**: All affected files follow the pattern where the table ends just before `**Control**`.
## Approach
Use a Bash script with `sed` to remove the table lines from each affected file. The `sed` command will delete lines from the start of the table (`| Control type`) up to but not including `**Control**`.
### Script
Create and run the following Bash script in the target directory:
```bash
#!/bin/bash
# Change to the target directory
cd /Users/rico/src/iso27diy-corp/Corpus/Standards/ISO27x/OST/27002/EN || exit 1
# Loop through all .md files
for file in *.md; do
# Check if the file contains the table
if grep -q "| Control type" "$file"; then
# Remove the table lines: from "| Control type" to just before "**Control**"
sed -i '/^| Control type /,/^\*\*Control$/ { /^\*\*Control$/ !d }' "$file"
echo "Processed $file"
fi
done
echo "Table removal complete."
```
### Steps to Execute
1. **Navigate to Directory**: Change to `/Users/rico/src/iso27diy-corp/Corpus/Standards/ISO27x/OST/27002/EN`.
2. **Backup (Optional)**: Consider backing up the directory before running the script.
3. **Run Script**: Execute the script to process all files.
4. **Verify**: After running, check a few files (e.g., `a-8.1-User-endpoint-devices.md`, `a-5.15-Access-control.md`) to ensure the table is removed and the `**Control**` section remains intact.
## Risks and Considerations
- **Accuracy**: The `sed` command is designed to precisely target the table based on the observed patterns. If any file has unexpected formatting, manual review may be needed.
- **No Impact on Non-Affected Files**: Files without the table will remain unchanged.
- **Reversibility**: If needed, restore from backup or use version control (assuming the directory is in a git repo).
## Expected Outcome
- Tables removed from 35 files.
- Content before and after the table (including `**Control**` and subsequent sections) preserved.
- No changes to other .md files in the directory.

59
Corpus/Standards/ISO27x/OST/27002/EN/a-3-Terms-definitions-and-abbreviated-terms.md
View file

@ -293,66 +293,29 @@ person or organization that can affect, be affected by, or perceive itself to be
**3.****1.19** 3.1.19
**non-repudiation** **non-repudiation**
ability to prove the occurrence of a claimed event or action and its originating _entities_ (3.1.11) ability to prove the occurrence of a claimed event or action and its originating _entities_ (3.1.11)
3.1.20
**personnel**
**3.1.20**
**pers****onnel**
persons doing work under the organizations direction persons doing work under the organizations direction
*Note 1 to entry: The concept of personnel includes the organizations members, such as the governing body, top management, employees, temporary staff, contractors and volunteers.*
3.1.21
Note 1 to entry: The concept of personnel includes the organizations members, such as the governing body, top management, employees, temporary staff, contractors and volunteers. **personally identifiable information**
© ISO/IEC 2022 All rights reserved **3**
**ISO/IEC 27002:2022(E)**
**3.1****.21**
Licensed to ISO27DIY / Richard Kranendonk (rkranendonk@mac.com)
ISO Store Order: OP-582678 / Downloaded: 2022-02-17 Single user licence only, copying and networking prohibited.
**personally identifiable** **information**
**PII** **PII**
any information that (a) can be used to establish a link between the information and the natural person to whom such information relates, or (b) is or can be directly or indirectly linked to a natural person. any information that (a) can be used to establish a link between the information and the natural person to whom such information relates, or (b) is or can be directly or indirectly linked to a natural person.
*Note 1 to entry: The “natural person” in the definition is the PII principal (3.1.22). To determine whether a PII principal is identifiable, account should be taken of all the means which can reasonably be used by the privacy stakeholder holding the data, or by any other party, to establish the link between the set of PII and the natural person.*
Note 1 to entry: The “natural person” in the definition is the _PII_ _principal_ (3.1.22). To determine whether a PII principal is identifiable, account should be taken of all the means which can reasonably be used by the privacy stakeholder holding the data, or by any other party, to establish the link between the set of PII and the natural person.
[SOURCE: ISO/IEC 29100:2011/Amd.1:2018, 2.9] [SOURCE: ISO/IEC 29100:2011/Amd.1:2018, 2.9]
© ISO/IEC 2022 All rights reserved **3**
**ISO/IEC 27002:2022(E)**
Licensed to ISO27DIY / Richard Kranendonk (rkranendonk@mac.com)
ISO Store Order: OP-582678 / Downloaded: 2022-02-17 Single user licence only, copying and networking prohibited.
**3.1.22** **3.1.22**

4
Corpus/Standards/ISO27x/OST/27002/EN/a-5.10-Acceptable-use-of-information-and-other-associated-assets.md
View file

@ -26,10 +26,6 @@ status: active
## 5.10 Acceptable use of information and other associated assets ## 5.10 Acceptable use of information and other associated assets
| Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains |
| ------------ | ----------------------------------------- | ---------------------- | ----------------------------------------- | ------------------------------------- |
| #Preventive | #Confidentiality #Integrity #Availability | #Protect | #Asset_management #Information_protection | #Governance_and_Ecosystem #Protection |
**Control** **Control**
Rules for the acceptable use and procedures for handling information and other associated assets should be identified, documented and implemented. Rules for the acceptable use and procedures for handling information and other associated assets should be identified, documented and implemented.

4
Corpus/Standards/ISO27x/OST/27002/EN/a-5.11-Return-of-assets.md
View file

@ -24,10 +24,6 @@ status: active
| Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains |
| ------------ | ----------------------------------------- | ---------------------- | ------------------------ | ---------------- |
| #Preventive | #Confidentiality #Integrity #Availability | #Protect | #Asset_management | #Protection |
**Control** **Control**
Personnel and other interested parties as appropriate should return all the organizations assets in their possession upon change or termination of their employment, contract or agreement. Personnel and other interested parties as appropriate should return all the organizations assets in their possession upon change or termination of their employment, contract or agreement.

4
Corpus/Standards/ISO27x/OST/27002/EN/a-5.12-Classification-of-information.md
View file

@ -24,10 +24,6 @@ status: active
## 5.12 Classification of information ## 5.12 Classification of information
| Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains |
| ------------ | ----------------------------------------- | ---------------------- | ------------------------ | -------------------- |
| #Preventive | #Confidentiality #Integrity #Availability | #Identify | #Information_protection | #Protection #Defence |
**Control** **Control**
Information should be classified according to the information security needs of the organization based on confidentiality, integrity, availability and relevant interested party requirements. Information should be classified according to the information security needs of the organization based on confidentiality, integrity, availability and relevant interested party requirements.

4
Corpus/Standards/ISO27x/OST/27002/EN/a-5.14-Information-transfer.md
View file

@ -24,10 +24,6 @@ status: active
## 5.14 Information transfer ## 5.14 Information transfer
| Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains |
| ------------ | ----------------------------------------- | ---------------------- | ----------------------------------------- | ---------------- |
| #Preventive | #Confidentiality #Integrity #Availability | #Protect | #Asset_management #Information_protection | #Protection |
**Control** **Control**
Information transfer rules, procedures, or agreements should be in place for all types of transfer facilities within the organization and between the organization and other parties. Information transfer rules, procedures, or agreements should be in place for all types of transfer facilities within the organization and between the organization and other parties.

4
Corpus/Standards/ISO27x/OST/27002/EN/a-5.15-Access-control.md
View file

@ -22,10 +22,6 @@ status: active
## 5.15 Access control ## 5.15 Access control
| Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains |
| ------------ | ----------------------------------------- | ---------------------- | ------------------------------- | ---------------- |
| #Preventive | #Confidentiality #Integrity #Availability | #Protect | #Identity_and_access_management | #Protection |
**Control** **Control**
Rules to control physical and logical access to information and other associated assets should be established and implemented based on business and information security requirements. Rules to control physical and logical access to information and other associated assets should be established and implemented based on business and information security requirements.

4
Corpus/Standards/ISO27x/OST/27002/EN/a-5.16-Identity-management.md
View file

@ -22,10 +22,6 @@ status: active
## 5.16 Identity management ## 5.16 Identity management
| Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains |
| ------------ | ----------------------------------------- | ---------------------- | ------------------------------- | ---------------- |
| #Preventive | #Confidentiality #Integrity #Availability | #Protect | #Identity_and_access_management | #Protection |
**Control** **Control**
The full life cycle of identities should be managed. The full life cycle of identities should be managed.

4
Corpus/Standards/ISO27x/OST/27002/EN/a-5.18-Access-rights.md
View file

@ -22,10 +22,6 @@ status: active
## 5.18 Access rights ## 5.18 Access rights
| Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains |
| ------------ | ----------------------------------------- | ---------------------- | ------------------------------- | ---------------- |
| #Preventive | #Confidentiality #Integrity #Availability | #Protect | #Identity_and_access_management | #Protection |
**Control** **Control**
Access rights to information and other associated assets should be provisioned, reviewed, modified and removed in accordance with the organizations topic-specific policy on and rules for access control. Access rights to information and other associated assets should be provisioned, reviewed, modified and removed in accordance with the organizations topic-specific policy on and rules for access control.

6
Corpus/Standards/ISO27x/OST/27002/EN/a-5.25-Assessment-and-decision-on-information-security-events.md
View file

@ -26,12 +26,6 @@ status: active
| Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains |
| ------------ | ----------------------------------------- | ---------------------- | -------------------------------------- | ---------------- |
| #Detective | #Confidentiality #Integrity #Availability | #Detect #Respond | #Information_security_event_management | #Defence |
**Control** **Control**
The organization should assess information security events and decide if they are to be categorized as information security incidents. The organization should assess information security events and decide if they are to be categorized as information security incidents.

5
Corpus/Standards/ISO27x/OST/27002/EN/a-5.26-Response-to-information-security-incidents.md
View file

@ -26,11 +26,6 @@ status: active
| Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains |
| ------------ | ----------------------------------------- | ---------------------- | -------------------------------------- | ---------------- |
| #Corrective | #Confidentiality #Integrity #Availability | #Respond #Recover | #Information_security_event_management | #Defence |
**Control** **Control**
Information security incidents should be responded to in accordance with the documented procedures. Information security incidents should be responded to in accordance with the documented procedures.

6
Corpus/Standards/ISO27x/OST/27002/EN/a-5.28-Collection-of-evidence.md
View file

@ -26,12 +26,6 @@ status: active
| Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains |
| ------------ | ----------------------------------------- | ---------------------- | -------------------------------------- | ---------------- |
| #Corrective | #Confidentiality #Integrity #Availability | #Detect #Respond | #Information_security_event_management | #Defence |
**Control** **Control**
The organization should establish and implement procedures for the identification, collection, acquisition and preservation of evidence related to information security events. The organization should establish and implement procedures for the identification, collection, acquisition and preservation of evidence related to information security events.

4
Corpus/Standards/ISO27x/OST/27002/EN/a-5.29-Information-security-during-disruption.md
View file

@ -28,10 +28,6 @@ status: active
## 5.29 Information security during disruption ## 5.29 Information security during disruption
| Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains |
| ----------------------- | ----------------------------------------- | ---------------------- | ------------------------ | ----------------------- |
| #Preventive #Corrective | #Confidentiality #Integrity #Availability | #Protect #Respond | #Continuity | #Protection #Resilience |
**Control** **Control**
The organization should plan how to maintain information security at an appropriate level during disruption. The organization should plan how to maintain information security at an appropriate level during disruption.

2
Corpus/Standards/ISO27x/OST/27002/EN/a-5.30-ICT-readiness-for-business-continuity.md
View file

@ -17,7 +17,7 @@ tags:
status: active status: active
--- ---
## **5.30** **ICT** **readiness** **for** **business** continuity ## 5.30 ICT readiness for business continuity
## Purpose ## Purpose

4
Corpus/Standards/ISO27x/OST/27002/EN/a-5.31-Legal-statutory-regulatory-and-contractual-requirements.md
View file

@ -24,10 +24,6 @@ status: active
## 5.31 Legal, statutory, regulatory and contractual requirements ## 5.31 Legal, statutory, regulatory and contractual requirements
| Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains |
| ------------ | ----------------------------------------- | ---------------------- | ------------------------ | ------------------------------------- |
| #Preventive | #Confidentiality #Integrity #Availability | #Identify | #Legal_and_compliance | #Governance_and_Ecosystem #Protection |
**Control** **Control**
Legal, statutory, regulatory and contractual requirements relevant to information security and the organizations approach to meet these requirements should be identified, documented and kept up to date. Legal, statutory, regulatory and contractual requirements relevant to information security and the organizations approach to meet these requirements should be identified, documented and kept up to date.

4
Corpus/Standards/ISO27x/OST/27002/EN/a-5.35-Independent-review-of-information-security.md
View file

@ -28,10 +28,6 @@ status: active
| Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains |
| ----------------------- | ----------------------------------------- | ---------------------- | ------------------------------- | ------------------------- |
| #Preventive #Corrective | #Confidentiality #Integrity #Availability | #Identify #Protect | #Information_security_assurance | #Governance_and_Ecosystem |
**Control** **Control**
The organizations approach to managing information security and its implementation including people, processes and technologies should be reviewed independently at planned intervals, or when significant changes occur. The organizations approach to managing information security and its implementation including people, processes and technologies should be reviewed independently at planned intervals, or when significant changes occur.

4
Corpus/Standards/ISO27x/OST/27002/EN/a-5.36-Compliance-with-policies-rules-and-standards-for-information-security.md
View file

@ -26,10 +26,6 @@ status: active
## 5.36 Compliance with policies, rules and standards for information security ## 5.36 Compliance with policies, rules and standards for information security
| Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains |
| ------------ | ----------------------------------------- | ---------------------- | ----------------------------------------------------- | ------------------------- |
| #Preventive | #Confidentiality #Integrity #Availability | #Identify #Protect | #Legal_and_compliance #Information_security_assurance | #Governance_and_Ecosystem |
**Control** **Control**
Compliance with the organizations information security policy, topic-specific policies, rules and standards should be regularly reviewed. Compliance with the organizations information security policy, topic-specific policies, rules and standards should be regularly reviewed.

4
Corpus/Standards/ISO27x/OST/27002/EN/a-5.37-Documented-operating-procedures.md
View file

@ -38,10 +38,6 @@ status: active
## 5.37 Documented operating procedures ## 5.37 Documented operating procedures
| Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains |
| ----------------------- | ----------------------------------------- | ---------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------- |
| #Preventive #Corrective | #Confidentiality #Integrity #Availability | #Protect #Recover | #Asset_management #Physical_security #System_and_network_security #Application_security #Secure_configuration #Identity_and_access_management #Threat_and_vulnerability_management #Continuity #Information_security_event_management | #Governance_and_Ecosystem #Protection #Defence |
**Control** **Control**
Operating procedures for information processing facilities should be documented and made available to personnel who need them. Operating procedures for information processing facilities should be documented and made available to personnel who need them.

4
Corpus/Standards/ISO27x/OST/27002/EN/a-5.9-Inventory-of-information-and-other-associated-assets.md
View file

@ -24,10 +24,6 @@ status: active
## 5.9 Inventory of information and other associated assets ## 5.9 Inventory of information and other associated assets
| Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains |
|--------------|----------------------------------------|-----------------------|-------------------------|-----------------------------------|
| #Preventive | #Confidentiality #Integrity #Availability | #Identify | #Asset_management | #Governance_and_Ecosystem #Protection |
**Control** **Control**
An inventory of information and other associated assets, including owners, should be developed and maintained. An inventory of information and other associated assets, including owners, should be developed and maintained.

4
Corpus/Standards/ISO27x/OST/27002/EN/a-6.1-Screening.md
View file

@ -22,10 +22,6 @@ status: active
## 6.1 Screening ## 6.1 Screening
| **Control type** | **Information security properties** | **Cybersecurity concepts** | **Operational capabilities** | **Security domains** |
| ---------------- | ----------------------------------------- | -------------------------- | ---------------------------- | ------------------------- |
| #Preventive | #Confidentiality #Integrity #Availability | #Protect | #Human_resource_security | #Governance_and_Ecosystem |
**Control** **Control**
Background verification checks on all candidates to become personnel should be carried out prior to joining the organization and on an ongoing basis taking into consideration applicable laws, regulations and ethics and be proportional to the business requirements, the classification of the information to be accessed and the perceived risks. Background verification checks on all candidates to become personnel should be carried out prior to joining the organization and on an ongoing basis taking into consideration applicable laws, regulations and ethics and be proportional to the business requirements, the classification of the information to be accessed and the perceived risks.

4
Corpus/Standards/ISO27x/OST/27002/EN/a-6.2-Terms-and-conditions-of-employment.md
View file

@ -22,10 +22,6 @@ status: active
## 6.2 Terms and conditions of employment ## 6.2 Terms and conditions of employment
| **Control type** | **Information security properties** | **Cybersecurity concepts** | **Operational capabilities** | **Security domains** |
| ---------------- | ----------------------------------------- | -------------------------- | ---------------------------- | ------------------------- |
| #Preventive | #Confidentiality #Integrity #Availability | #Protect | #Human_resource_security | #Governance_and_Ecosystem |
**Control** **Control**
The employment contractual agreements should state the personnels and the organizations responsibilities for information security. The employment contractual agreements should state the personnels and the organizations responsibilities for information security.

6
Corpus/Standards/ISO27x/OST/27002/EN/a-6.3-Information-security-awareness-education-and-training.md
View file

@ -22,12 +22,6 @@ status: active
## 6.3 Information security awareness, education and training ## 6.3 Information security awareness, education and training
| **Control type** | **Information security properties** | **Cybersecurity concepts** | **Operational capabilities** | **Security domains** |
| ---------------- | ----------------------------------------- | -------------------------- | ---------------------------- | ------------------------- |
| #Preventive | #Confidentiality #Integrity #Availability | #Protect | #Human_resource_security | #Governance_and_Ecosystem |
**Control** **Control**
Personnel of the organization and relevant interested parties should receive appropriate information security awareness, education and training and regular updates of the organization's information security policy, topic-specific policies and procedures, as relevant for their job function. Personnel of the organization and relevant interested parties should receive appropriate information security awareness, education and training and regular updates of the organization's information security policy, topic-specific policies and procedures, as relevant for their job function.

8
Corpus/Standards/ISO27x/OST/27002/EN/a-6.4-Disciplinary-process.md
View file

@ -28,14 +28,6 @@ status: active
| **Control type** | **Information security properties** | **Cybersecurity concepts** | **Operational capabilities** | **Security domains** |
|----------------------------|-----------------------------------------|---------------------------|-------------------------------|-----------------------------|
| #Preventive #Corrective | #Confidentiality #Integrity #Availability | #Protect #Respond | #Human_resource_security | #Governance_and_Ecosystem |
**Control** **Control**

4
Corpus/Standards/ISO27x/OST/27002/EN/a-6.5-Responsibilities-after-termination-or-change-of-employment.md
View file

@ -24,10 +24,6 @@ status: active
## 6.5 Responsibilities after termination or change of employment ## 6.5 Responsibilities after termination or change of employment
| **Control type** | **Information security properties** | **Cybersecurity concepts** | **Operational capabilities** | **Security domains** |
| ---------------- | ----------------------------------------- | -------------------------- | ---------------------------- | -------------------- |
| #Preventive | #Confidentiality #Integrity #Availability | | | |
**Control** **Control**
Information security responsibilities and duties that remain valid after termination or change of employment should be defined, enforced and communicated to relevant personnel and other interested parties. Information security responsibilities and duties that remain valid after termination or change of employment should be defined, enforced and communicated to relevant personnel and other interested parties.

8
Corpus/Standards/ISO27x/OST/27002/EN/a-6.6-Confidentiality-or-non-disclosure-agreements.md
View file

@ -24,14 +24,6 @@ status: active
| **Control type** | **Information security properties** | **Cybersecurity concepts** | **Operational capabilities** | **Security domains** |
|------------------|------------------------------------|---------------------------|-------------------------------------------------------------|-------------------------------|
| #Preventive | #Confidentiality | #Protect | #Human_resource_security #Information_protection #Supplier_relationships | #Governance_and_Ecosystem |
**Control** **Control**
Confidentiality or non-disclosure agreements reflecting the organizations needs for the protection of information should be identified, documented, regularly reviewed and signed by personnel and other relevant interested parties. Confidentiality or non-disclosure agreements reflecting the organizations needs for the protection of information should be identified, documented, regularly reviewed and signed by personnel and other relevant interested parties.

8
Corpus/Standards/ISO27x/OST/27002/EN/a-6.7-Remote-working.md
View file

@ -28,14 +28,6 @@ status: active
| **Control type** | **Information security properties** | **Cybersecurity concepts** | **Operational capabilities** | **Security domains** |
|------------------|-----------------------------------------|---------------------------|--------------------------------------------------------------------------------|---------------------|
| #Preventive | #Confidentiality #Integrity #Availability | #Protect | #Asset_management #Information_protection #Physical_security #System_and_network_security | #Protection |
**Control** **Control**

8
Corpus/Standards/ISO27x/OST/27002/EN/a-7.10-Storage-media.md
View file

@ -26,14 +26,6 @@ status: active
| **Control type** | **Information security properties** | **Cybersecurity concepts** | **Operational capabilities** | **Security domains** |
|------------------|-----------------------------------------|---------------------------|---------------------------------------------|---------------------|
| #Preventive | #Confidentiality #Integrity #Availability | #Protect | #Physical_security #Asset_management | #Protection |
**Control** **Control**

8
Corpus/Standards/ISO27x/OST/27002/EN/a-7.11-Supporting-utilities.md
View file

@ -27,14 +27,6 @@ status: active
| **Control type** | **Information security properties** | **Cybersecurity concepts** | **Operational capabilities** | **Security domains** |
|-----------------------|------------------------------------|---------------------------|-----------------------------|----------------------|
| #Preventive<br>#Detective | #Integrity<br>#Availability | #Protect #Detect | #Physical_security | #Protection |
**Control** **Control**

8
Corpus/Standards/ISO27x/OST/27002/EN/a-7.12-Cabling-security.md
View file

@ -23,14 +23,6 @@ status: active
| **Control type** | **Information security properties** | **Cybersecurity concepts** | **Operational capabilities** | **Security domains** |
|------------------|------------------------------------|---------------------------|-----------------------------|----------------------|
| #Preventive | #Confidentiality #Availability | #Protect | #Physical_security | #Protection |
**Control** **Control**

8
Corpus/Standards/ISO27x/OST/27002/EN/a-7.13-Equipment-maintenance.md
View file

@ -28,14 +28,6 @@ status: active
| **Control type** | **Information security properties** | **Cybersecurity concepts** | **Operational capabilities** | **Security domains** |
|------------------|-----------------------------------------|---------------------------|----------------------------------------|---------------------------|
| #Preventive | #Confidentiality #Integrity #Availability | #Protect | #Physical_security #Asset_management | #Protection #Resilience |
**Control** **Control**

8
Corpus/Standards/ISO27x/OST/27002/EN/a-7.14-Secure-disposal-or-re-use-of-equipment.md
View file

@ -23,14 +23,6 @@ status: active
| **Control type** | **Information security properties** | **Cybersecurity concepts** | **Operational capabilities** | **Security domains** |
|------------------|------------------------------------|---------------------------|----------------------------------------|---------------------------|
| #Preventive | #Confidentiality | #Protect | #Physical_security #Asset_management | #Protection |
**Control** **Control**

8
Corpus/Standards/ISO27x/OST/27002/EN/a-7.3-Securing-offices-rooms-and-facilities.md
View file

@ -26,14 +26,6 @@ status: active
| **Control type** | **Information security properties** | **Cybersecurity concepts** | **Operational capabilities** | **Security domains** |
|------------------|-----------------------------------------|---------------------------|--------------------------------------|---------------------|
| #Preventive | #Confidentiality #Integrity #Availability | #Protect | #Physical_security<br>#Asset_management | #Protection |
**Control** **Control**

8
Corpus/Standards/ISO27x/OST/27002/EN/a-7.4-Physical-security-monitoring.md
View file

@ -30,14 +30,6 @@ status: active
| **Control type** | **Information security properties** | **Cybersecurity concepts** | **Operational capabilities** | **Security domains** |
|----------------------------|-----------------------------------------|---------------------------|-----------------------------|---------------------------|
| #Preventive #Detective | #Confidentiality #Integrity #Availability | #Protect #Detect | #Physical_security | #Protection #Defence |
**Control** **Control**

8
Corpus/Standards/ISO27x/OST/27002/EN/a-7.5-Protecting-against-physical-and-environmental-threats.md
View file

@ -24,14 +24,6 @@ status: active
| **Control type** | **Information security properties** | **Cybersecurity concepts** | **Operational capabilities** | **Security domains** |
|------------------|-----------------------------------------|---------------------------|-----------------------------|----------------------|
| #Preventive | #Confidentiality #Integrity #Availability | #Protect | #Physical_security | #Protection |
**Control** **Control**

8
Corpus/Standards/ISO27x/OST/27002/EN/a-7.6-Working-in-secure-areas.md
View file

@ -24,14 +24,6 @@ status: active
| **Control type** | **Information security properties** | **Cybersecurity concepts** | **Operational capabilities** | **Security domains** |
|------------------|-----------------------------------------|---------------------------|-----------------------------|----------------------|
| #Preventive | #Confidentiality #Integrity #Availability | #Protect | #Physical_security | #Protection |
**Control** **Control**

6
Corpus/Standards/ISO27x/OST/27002/EN/a-7.7-Clear-desk-and-clear-screen.md
View file

@ -21,12 +21,6 @@ status: active
| **Control type** | **Information security properties** | **Cybersecurity concepts** | **Operational capabilities** | **Security domains** |
|------------------|------------------------------------|---------------------------|-----------------------------|----------------------|
| #Preventive | #Confidentiality | #Protect | #Physical_security | #Protection |
**Control** **Control**

8
Corpus/Standards/ISO27x/OST/27002/EN/a-7.8-Equipment-siting-and-protection.md
View file

@ -26,14 +26,6 @@ status: active
| **Control type** | **Information security properties** | **Cybersecurity concepts** | **Operational capabilities** | **Security domains** |
|------------------|-----------------------------------------|---------------------------|----------------------------------------|---------------------|
| #Preventive | #Confidentiality #Integrity #Availability | #Protect | #Physical_security #Asset_management | #Protection |
**Control** **Control**

6
Corpus/Standards/ISO27x/OST/27002/EN/a-7.9-Security-of-assets-off-premises.md
View file

@ -26,12 +26,6 @@ status: active
| **Control type** | **Information security properties** | **Cybersecurity concepts** | **Operational capabilities** | **Security domains** |
|------------------|-----------------------------------------|---------------------------|----------------------------------------|---------------------|
| #Preventive | #Confidentiality #Integrity #Availability | #Protect | #Physical_security #Asset_management | #Protection |
**Control** **Control**

4
Corpus/Standards/ISO27x/OST/27002/EN/a-8.1-User-endpoint-devices.md
View file

@ -26,10 +26,6 @@ status: active
| Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains |
| -------------- | ---------------------------------------- | --------------------- | ----------------------------------------- | --------------- |
| #Preventive | #Confidentiality #Integrity #Availability | #Protect | #Asset_management<br>#Information_protection | #Protection |
**Control** **Control**
Information stored on, processed by or accessible via user endpoint devices should be protected. Information stored on, processed by or accessible via user endpoint devices should be protected.

4
Corpus/Standards/ISO27x/OST/27002/EN/a-8.10-Information-deletion.md
View file

@ -21,10 +21,6 @@ status: active
## 8.10 Information deletion ## 8.10 Information deletion
| **Control type** | **Information security properties** | **Cybersecurity concepts** | **Operational capabilities** | **Security domains** |
| ---------------- | ----------------------------------- | -------------------------- | --------------------------------------------- | -------------------- |
| #Preventive | #Confidentiality | #Protect | #Information_protection #Legal_and_compliance | #Protection |
**Control** **Control**
Information stored in information systems, devices or in any other storage media should be deleted when no longer required. Information stored in information systems, devices or in any other storage media should be deleted when no longer required.

4
Corpus/Standards/ISO27x/OST/27002/EN/a-8.11-Data-masking.md
View file

@ -19,10 +19,6 @@ status: active
## 8.11 Data masking ## 8.11 Data masking
| **Control type** | **Information security properties** | **Cybersecurity concepts** | **Operational capabilities** | **Security domains** |
| ---------------- | ----------------------------------- | -------------------------- | ---------------------------- | -------------------- |
| #Preventive | #Confidentiality | #Protect | #Information_protection | #Protection |
**Control** **Control**
Data masking should be used in accordance with the organizations topic-specific policy on access control and other related topic-specific policies, and business requirements, taking applicable legislation into consideration. Data masking should be used in accordance with the organizations topic-specific policy on access control and other related topic-specific policies, and business requirements, taking applicable legislation into consideration.

4
Corpus/Standards/ISO27x/OST/27002/EN/a-8.12-Data-leakage-prevention.md
View file

@ -25,10 +25,6 @@ status: active
## 8.12 Data leakage prevention ## 8.12 Data leakage prevention
| **Control type** | **Information security properties** | **Cybersecurity concepts** | **Operational capabilities** | **Security domains** |
| ---------------------- | ----------------------------------- | -------------------------- | ---------------------------- | -------------------- |
| #Preventive #Detective | #Confidentiality | #Protect #Detect | #Information_protection | #Protection #Defence |
**Control** **Control**
Data leakage prevention measures should be applied to systems, networks and any other devices that process, store or transmit sensitive information. Data leakage prevention measures should be applied to systems, networks and any other devices that process, store or transmit sensitive information.

4
Corpus/Standards/ISO27x/OST/27002/EN/a-8.13-Information-backup.md
View file

@ -21,10 +21,6 @@ status: active
## 8.13 Information backup ## 8.13 Information backup
| Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains |
| ------------ | ------------------------------- | ---------------------- | ------------------------ | ---------------- |
| #Corrective | #Integrity #Availability | #Recover | #Continuity | #Protection |
**Control** **Control**
Backup copies of information, software and systems should be maintained and regularly tested in accordance with the agreed topic-specific policy on backup. Backup copies of information, software and systems should be maintained and regularly tested in accordance with the agreed topic-specific policy on backup.

4
Corpus/Standards/ISO27x/OST/27002/EN/a-8.14-Redundancy-of-information-processing-facilities.md
View file

@ -23,10 +23,6 @@ status: active
## 8.14 Redundancy of information processing facilities ## 8.14 Redundancy of information processing facilities
| Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains |
| ------------ | ------------------------------- | ---------------------- | ----------------------------- | ----------------------- |
| #Preventive | #Availability | #Protect | #Continuity #Asset_management | #Protection #Resilience |
**Control** **Control**
Information processing facilities should be implemented with redundancy sufficient to meet availability requirements. Information processing facilities should be implemented with redundancy sufficient to meet availability requirements.

4
Corpus/Standards/ISO27x/OST/27002/EN/a-8.15-Logging.md
View file

@ -24,10 +24,6 @@ status: active
## 8.15 Logging ## 8.15 Logging
| **Control type** | **Information security properties** | **Cybersecurity concepts** | **Operational capabilities** | **Security domains** |
| ---------------- | ----------------------------------------- | -------------------------- | -------------------------------------- | -------------------- |
| #Detective | #Confidentiality #Integrity #Availability | #Detect | #Information_security_event_management | #Protection #Defence |
**Control** **Control**
Logs that record activities, exceptions, faults and other relevant events should be produced, stored, protected and analysed. Logs that record activities, exceptions, faults and other relevant events should be produced, stored, protected and analysed.

5
Corpus/Standards/ISO27x/OST/27002/EN/a-8.16-Monitoring-activities.md
View file

@ -26,11 +26,6 @@ status: active
## 8.16 Monitoring activities ## 8.16 Monitoring activities
| **Control type** | **Information security properties** | **Cybersecurity concepts** | **Operational capabilities** | **Security domains** |
| ---------------------- | ----------------------------------------- | -------------------------- | -------------------------------------- | -------------------- |
| #Detective #Corrective | #Confidentiality #Integrity #Availability | #Detect #Respond | #Information_security_event_management | #Defence |
**Control** **Control**
Networks, systems and applications should be monitored for anomalous behaviour and appropriate actions taken to evaluate potential information security incidents. Networks, systems and applications should be monitored for anomalous behaviour and appropriate actions taken to evaluate potential information security incidents.

4
Corpus/Standards/ISO27x/OST/27002/EN/a-8.17-Clock-synchronization.md
View file

@ -23,10 +23,6 @@ status: active
## 8.17 Clock synchronization ## 8.17 Clock synchronization
| **Control type** | **Information security properties** | **Cybersecurity concepts** | **Operational capabilities** | **Security domains** |
| ---------------- | ----------------------------------- | -------------------------- | -------------------------------------- | -------------------- |
| #Detective | #Integrity | #Protect #Detect | #Information_security_event_management | #Protection #Defence |
**Control** **Control**
The clocks of information processing systems used by the organization should be synchronized to approved time sources. The clocks of information processing systems used by the organization should be synchronized to approved time sources.

4
Corpus/Standards/ISO27x/OST/27002/EN/a-8.18-Use-of-privileged-utility-programs.md
View file

@ -25,10 +25,6 @@ status: active
## 8.18 Use of privileged utility programs ## 8.18 Use of privileged utility programs
| Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains |
| ------------ | ----------------------------------------- | ---------------------- | ------------------------------------------------------------------------ | ---------------- |
| #Preventive | #Confidentiality #Integrity #Availability | #Protect | #System_and_network_security #Secure_configuration #Application_security | #Protection |
**Control** **Control**
The use of utility programs that can be capable of overriding system and application controls should be restricted and tightly controlled. The use of utility programs that can be capable of overriding system and application controls should be restricted and tightly controlled.

4
Corpus/Standards/ISO27x/OST/27002/EN/a-8.19-Installation-of-software-on-operational-systems.md
View file

@ -24,10 +24,6 @@ status: active
## 8.19 Installation of software on operational systems ## 8.19 Installation of software on operational systems
| Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains |
| ------------ | ----------------------------------------- | ---------------------- | ------------------------------------------- | ---------------- |
| #Preventive | #Confidentiality #Integrity #Availability | #Protect | #Secure_configuration #Application_security | #Protection |
**Control** **Control**
Procedures and measures should be implemented to securely manage software installation on operational systems. Procedures and measures should be implemented to securely manage software installation on operational systems.

4
Corpus/Standards/ISO27x/OST/27002/EN/a-8.2-Privileged-access-rights.md
View file

@ -22,10 +22,6 @@ status: active
## 8.2 Privileged access rights ## 8.2 Privileged access rights
| Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains |
| ------------ | ----------------------------------------- | ---------------------- | ------------------------------- | ---------------- |
| #Preventive | #Confidentiality #Integrity #Availability | #Protect | #Identity_and_access_management | #Protection |
**Control** **Control**
The allocation and use of privileged access rights should be restricted and managed. The allocation and use of privileged access rights should be restricted and managed.

4
Corpus/Standards/ISO27x/OST/27002/EN/a-8.20-Networks-security.md
View file

@ -28,10 +28,6 @@ status: active
| Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains |
| ---------------------- | ----------------------------------------- | ---------------------- | ---------------------------- | ---------------- |
| #Preventive #Detective | #Confidentiality #Integrity #Availability | #Protect #Detect | #System_and_network_security | #Protection |
**Control** **Control**
Networks and network devices should be secured, managed and controlled to protect information in systems and applications. Networks and network devices should be secured, managed and controlled to protect information in systems and applications.

4
Corpus/Standards/ISO27x/OST/27002/EN/a-8.21-Security-of-network-services.md
View file

@ -22,10 +22,6 @@ status: active
## 8.21 Security of network services ## 8.21 Security of network services
| Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains |
| ------------ | ----------------------------------------- | ---------------------- | ---------------------------- | ---------------- |
| #Preventive | #Confidentiality #Integrity #Availability | #Protect | #System_and_network_security | #Protection |
**Control** **Control**
Security mechanisms, service levels and service requirements of network services should be identified, implemented and monitored. Security mechanisms, service levels and service requirements of network services should be identified, implemented and monitored.

4
Corpus/Standards/ISO27x/OST/27002/EN/a-8.22-Segregation-of-networks.md
View file

@ -22,10 +22,6 @@ status: active
## 8.22 Segregation of networks ## 8.22 Segregation of networks
| Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains |
| ------------ | ----------------------------------------- | ---------------------- | ---------------------------- | ---------------- |
| #Preventive | #Confidentiality #Integrity #Availability | #Protect | #System_and_network_security | #Protection |
**Control** **Control**
Groups of information services, users and information systems should be segregated in the organizations networks. Groups of information services, users and information systems should be segregated in the organizations networks.

4
Corpus/Standards/ISO27x/OST/27002/EN/a-8.23-Web-filtering.md
View file

@ -22,10 +22,6 @@ status: active
## 8.23 Web filtering ## 8.23 Web filtering
| Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains |
| ------------ | ----------------------------------------- | ---------------------- | ---------------------------- | ---------------- |
| #Preventive | #Confidentiality #Integrity #Availability | #Protect | #System_and_network_security | #Protection |
**Control** **Control**
Access to external websites should be managed to reduce exposure to malicious content. Access to external websites should be managed to reduce exposure to malicious content.

5
Corpus/Standards/ISO27x/OST/27002/EN/a-8.24-Use-of-cryptography.md
View file

@ -24,11 +24,6 @@ status: active
| Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains
| -------------- | ---------------------------------------- | --------------------- | ------------------------- | --------------- |
| #Preventive | #Confidentiality #Integrity #Availability | #Protect | #Secure_configuration | #Protection |
**Control** **Control**
Rules for the effective use of cryptography, including cryptographic key management, should be defined and implemented. Rules for the effective use of cryptography, including cryptographic key management, should be defined and implemented.

6
Corpus/Standards/ISO27x/OST/27002/EN/a-8.25-Secure-development-life-cycle.md
View file

@ -24,12 +24,6 @@ status: active
## 8.25 Secure development life cycle ## 8.25 Secure development life cycle
| Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains |
| ------------ | ----------------------------------------- | ---------------------- | -------------------------------------------------- | ---------------- |
| #Preventive | #Confidentiality #Integrity #Availability | #Protect | #Application_security #System_and_network_security | #Protection |
**Control** **Control**

4
Corpus/Standards/ISO27x/OST/27002/EN/a-8.27-Secure-system-architecture-and-engineering-principles.md
View file

@ -24,10 +24,6 @@ status: active
## 8.27 Secure system architecture and engineering principles ## 8.27 Secure system architecture and engineering principles
| Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains |
| ------------ | ----------------------------------------- | ---------------------- | -------------------------------------------------- | ---------------- |
| #Preventive | #Confidentiality #Integrity #Availability | #Protect | #Application_security #System_and_network_security | #Protection |
**Control** **Control**
Principles for engineering secure systems should be established, documented, maintained and applied to any information system development activities. Principles for engineering secure systems should be established, documented, maintained and applied to any information system development activities.

4
Corpus/Standards/ISO27x/OST/27002/EN/a-8.29-Security-testing-in-development-and-acceptance.md
View file

@ -25,10 +25,6 @@ status: active
## 8.29 Security testing in development and acceptance ## 8.29 Security testing in development and acceptance
| Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains |
| ------------ | ----------------------------------------- | ---------------------- | ---------------------------------------------------------------------------------- | ---------------- |
| #Preventive | #Confidentiality #Integrity #Availability | #Identify | #Application_security #Information_security_assurance #System_and_network_security | #Protection |
**Control** **Control**
Security testing processes should be defined and implemented in the development life cycle. Security testing processes should be defined and implemented in the development life cycle.

4
Corpus/Standards/ISO27x/OST/27002/EN/a-8.3-Information-access-restriction.md
View file

@ -22,10 +22,6 @@ status: active
## 8.3 Information access restriction ## 8.3 Information access restriction
| Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains |
| ------------ | ----------------------------------------- | ---------------------- | ------------------------------- | ---------------- |
| #Preventive | #Confidentiality #Integrity #Availability | #Protect | #Identity_and_access_management | #Protection |
**Control** **Control**
Access to information and other associated assets should be restricted in accordance with the established topic-specific policy on access control. Access to information and other associated assets should be restricted in accordance with the established topic-specific policy on access control.

4
Corpus/Standards/ISO27x/OST/27002/EN/a-8.30-Outsourced-development.md
View file

@ -32,10 +32,6 @@ status: active
## 8.30 Outsourced development ## 8.30 Outsourced development
| Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains |
| :--------------------- | :------------------------------------------- | :---------------------------- | :---------------------------------------------------------------------------------- | :------------------------------------ |
| #Preventive #Detective | #Confidentiality<br>#Integrity #Availability | #Identify #Protect<br>#Detect | #System_and_network_security #Application_security #Supplier_relationships_security | #Governance_and_Ecosystem #Protection |
**Control** **Control**
The organization should direct, monitor and review the activities related to outsourced system development. The organization should direct, monitor and review the activities related to outsourced system development.

4
Corpus/Standards/ISO27x/OST/27002/EN/a-8.31-Separation-of-development-test-and-production-environments.md
View file

@ -24,10 +24,6 @@ status: active
## 8.31 Separation of development, test and production environments ## 8.31 Separation of development, test and production environments
| Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains |
| --- | --- | --- | --- | --- |
| #Preventive | #Confidentiality #Integrity #Availability | #Protect | #Application_security #System_and_network_security | #Protection |
**Control** **Control**
Development, testing and production environments should be separated and secured. Development, testing and production environments should be separated and secured.

4
Corpus/Standards/ISO27x/OST/27002/EN/a-8.32-Change-management.md
View file

@ -24,10 +24,6 @@ status: active
## 8.32 Change management ## 8.32 Change management
| Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains |
| ------------ | ----------------------------------------- | ---------------------- | -------------------------------------------------- | ---------------- |
| #Preventive | #Confidentiality #Integrity #Availability | #Protect | #Application_security #System_and_network_security | #Protection |
**Control** **Control**
Changes to information processing facilities and information systems should be subject to change management procedures. Changes to information processing facilities and information systems should be subject to change management procedures.

4
Corpus/Standards/ISO27x/OST/27002/EN/a-8.33-Test-information.md
View file

@ -21,10 +21,6 @@ status: active
## 8.33 Test information ## 8.33 Test information
| Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains |
| ------------ | ------------------------------- | ---------------------- | ------------------------ | ---------------- |
| #Preventive | #Confidentiality #Integrity | #Protect | #Information_protection | #Protection |
**Control** **Control**
Test information should be appropriately selected, protected and managed. Test information should be appropriately selected, protected and managed.

4
Corpus/Standards/ISO27x/OST/27002/EN/a-8.34-Protection-of-information-systems-during-audit-testing.md
View file

@ -26,10 +26,6 @@ status: active
## 8.34 Protection of information systems during audit testing ## 8.34 Protection of information systems during audit testing
| Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains |
| --- | --- | --- | --- | --- |
| #Preventive | #Confidentiality #Integrity #Availability | #Protect | #System_and_network_security #Information_protection | #Governance_and_Ecosystem #Protection |
**Control** **Control**
Audit tests and other assurance activities involving assessment of operational systems should be planned and agreed between the tester and appropriate management. Audit tests and other assurance activities involving assessment of operational systems should be planned and agreed between the tester and appropriate management.

4
Corpus/Standards/ISO27x/OST/27002/EN/a-8.4-Access-to-source-code.md
View file

@ -25,10 +25,6 @@ status: active
## 8.4 Access to source code ## 8.4 Access to source code
| Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains |
| ------------ | ----------------------------------------- | ---------------------- | --------------------------------------------------------------------------- | ---------------- |
| #Preventive | #Confidentiality #Integrity #Availability | #Protect | #Identity_and_access_management #Application_security #Secure_configuration | #Protection |
**Control** **Control**
Read and write access to source code, development tools and software libraries should be appropriately managed. Read and write access to source code, development tools and software libraries should be appropriately managed.

4
Corpus/Standards/ISO27x/OST/27002/EN/a-8.5-Secure-authentication.md
View file

@ -22,10 +22,6 @@ status: active
## 8.5 Secure authentication ## 8.5 Secure authentication
| Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains |
| ------------ | ----------------------------------------- | ---------------------- | ------------------------------- | ---------------- |
| #Preventive | #Confidentiality #Integrity #Availability | #Protect | #Identity_and_access_management | #Protection |
**Control** **Control**
Secure authentication technologies and procedures should be implemented based on information access restrictions and the topic-specific policy on access control. Secure authentication technologies and procedures should be implemented based on information access restrictions and the topic-specific policy on access control.

4
Corpus/Standards/ISO27x/OST/27002/EN/a-8.6-Capacity-management.md
View file

@ -28,10 +28,6 @@ status: active
## 8.6 Capacity management ## 8.6 Capacity management
| Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains |
| ---------------------- | ------------------------------- | -------------------------- | ------------------------ | ------------------------------------- |
| #Preventive #Detective | #Integrity #Availability | #Identify #Protect #Detect | #Continuity | #Governance_and_Ecosystem #Protection |
**Control** **Control**
The use of resources should be monitored and adjusted in line with current and expected capacity requirements. The use of resources should be monitored and adjusted in line with current and expected capacity requirements.

8
Corpus/Standards/ISO27x/OST/27002/EN/a-8.8-Management-of-technical-vulnerabilities.md
View file

@ -30,14 +30,6 @@ status: active
| Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains |
| -------------- | ---------------------------------------- | --------------------- | ------------------------------- | ------------------------------- |
| #Preventive | #Confidentiality #Integrity #Availability | #Identify #Protect | #Threat_and_vulnerability_management | #Governance_and_Ecosystem #Protection #Defence |
**Control** **Control**