From 96cd8fea7b8014c49056d85f85520a919ff662bf Mon Sep 17 00:00:00 2001 From: Richard Kranendonk Date: Mon, 18 May 2026 09:31:41 +0200 Subject: [PATCH] Cleaning up the Sparks folder --- Clients/DAK/Pentest DAK rapport Vitaen.md | 2 +- Corpus/Information security concepts MoC.md | 4 +- .../BCP_Bedrijfscontinuïteitsplanning.md | 4 +- ...hecklist for auditing Access Management.md | 2 +- .../Def_Sec_Handbook_Chapter_10.md | 2 +- .../Managing Risks - A New Framework.md | 2 +- Corpus/Literature notes/Threat Catalogues.md | 2 +- .../Topical InfoSec Kanban’s.md | 2 +- Corpus/MoCs/iso27DIY-MoC.md | 59 ------------------ Corpus/Sparks/Hinsons Green and Read flags.md | 8 --- Corpus/Sparks/ISMS/Access Control Models.md | 2 +- .../Assets Ownership and Risk Overview.md | 2 +- .../Data Classification.md | 4 +- .../How to develop an Asset Inventory.md | 8 ++- Corpus/Sparks/ISMS/ISMS audit flags.md | 10 +++ .../{IMG_4214.jpg => ISMS/ISMS diagram.jpg} | Bin .../{ => ISMS}/Ideas about enforcement.md | 3 +- .../{ => ISMS}/Ideas on Risk Ownership.md | 0 .../Informatie_classificatie_matrix.xlsx | Bin .../{ => ISMS}/KPIs in Incident Response.md | 2 +- ...ng of information in the digital domain.md | 12 ++-- Corpus/Sparks/Ideas about enforcement 1.md | 13 ---- Corpus/Sparks/Impact of Disruption.md | 8 --- Corpus/Sparks/Information Security.md | 3 - .../Cracking passwords in 2024.md | 4 +- ...ining roles and responsibilities in IT.md} | 2 + .../Identification.md | 9 +-- ...ntifying and Managing Preventable Risks.md | 2 +- .../Identity and Access Management (IAM).md | 16 ++--- .../Importance of a BCP.md | 0 .../Incident Response Planning.md | 12 ++-- .../Incident Response playbooks.md | 0 .../Kerberoasting.md | 0 ...roduction for Organizational Structures.md | 13 ---- Corpus/Sparks/List of possible partners 1.md | 4 -- ...licy on handling classified information.md | 0 ...cidents.md => Risico's uit de praktijk.md} | 5 +- ...=> Risk Register Template Hyperproof.xlsx} | Bin Corpus/Sparks/Risk inventories.md | 2 +- ...hreats vs Vulnerabilities SCF diagram.jpg} | Bin .../Risks vs Threats vs Vulnerabilities.md | 6 +- ...URF Handreiking risicobeoordeling 2.0.pdf} | Bin ... risicobeoordeling kaartjes workshop.docx} | Bin .../Sparks/SURF Toolkit risicobeoordeling.md | 4 +- Corpus/Sparks/Samenhang tussen producten.md | 2 +- ... Time for brute force on passwords EN.png} | Bin ... Time for brute force on passwords NL.png} | Bin ...a Kanban board for ISMS implementation.md} | 2 + Corpus/Sparks/impactgebieden.md | 2 - .../{ => iso27diy}/ISO27DIY benefits.md | 0 .../Sparks/{ => iso27diy}/Idea Validation.md | 0 .../List of possible partners.md | 2 +- Corpus/Sparks/iso27diy/iso27DIY-MoC.md | 59 ++++++++++++++++++ .../CIS Controls and Safeguards.png} | Bin .../CIS Controls.md | 8 +-- .../CIS safeguards effectiveness.png} | Bin .../Data maturity model NL overheid.md | 0 Corpus/Standards/ISO27x/Authentication.md | 4 +- Corpus/Standards/ISO27x/Authorization.md | 4 +- .../Changes in ISO 27001-2022 table.jpeg} | Bin ...Roles and responsibilities in ISO 27001.md | 2 +- ...tailed comparison between 2017 and 2022.md | 2 +- ... 27001 A 8.2.2 Labelling of information.md | 2 +- .../iso27DIY mk I/ISO27DIY Business model.md | 2 +- .../ISO 27001 Implementation Plan.md | 2 +- .../ISO 27001 Stakeholder Presentation.md | 2 +- Corpus/Various/Elevator Pitch.md | 2 +- ... model for abstracts and categorization.md | 0 .../Instruct an LLM on available tools.md | 0 ...beddings with AnythingLLM and LM Studio.md | 0 .../JSON validation for Postgres.md | 0 .../Key Areas of Rasa Syntax.md | 0 .../Kilo Code development workflow.md | 0 .../Knowledge Graph Databases.md | 0 .../{Sparks => Various}/LLM Prompt types.md | 0 .../MCP Servers for Markdown.md | 0 .../MCP server for Obsidian Vault.md | 0 .../MCP server for creating abstracts.md | 0 78 files changed, 149 insertions(+), 181 deletions(-) delete mode 100644 Corpus/MoCs/iso27DIY-MoC.md delete mode 100644 Corpus/Sparks/Hinsons Green and Read flags.md rename Corpus/Sparks/{ => ISMS}/How to develop an Asset Inventory.md (69%) create mode 100644 Corpus/Sparks/ISMS/ISMS audit flags.md rename Corpus/Sparks/{IMG_4214.jpg => ISMS/ISMS diagram.jpg} (100%) rename Corpus/Sparks/{ => ISMS}/Ideas about enforcement.md (95%) rename Corpus/Sparks/{ => ISMS}/Ideas on Risk Ownership.md (100%) rename Corpus/Sparks/{ => ISMS}/Informatie_classificatie_matrix.xlsx (100%) rename Corpus/Sparks/{ => ISMS}/KPIs in Incident Response.md (88%) rename Corpus/Sparks/{ => ISMS}/Labeling of information in the digital domain.md (74%) delete mode 100644 Corpus/Sparks/Ideas about enforcement 1.md delete mode 100644 Corpus/Sparks/Impact of Disruption.md delete mode 100644 Corpus/Sparks/Information Security.md rename Corpus/Sparks/{IT dept roles and responsibility frameworks.md => Information Security/Frameworks for defining roles and responsibilities in IT.md} (96%) rename Corpus/Sparks/{ => Information Security}/Identification.md (59%) rename Corpus/Sparks/{ => Information Security}/Identifying and Managing Preventable Risks.md (89%) rename Corpus/Sparks/{ => Information Security}/Identity and Access Management (IAM).md (69%) rename Corpus/Sparks/{ => Information Security}/Importance of a BCP.md (100%) rename Corpus/Sparks/{ => Information Security}/Incident Response Planning.md (74%) rename Corpus/Sparks/{ => Information Security}/Incident Response playbooks.md (100%) rename Corpus/Sparks/{ => Information Security}/Kerberoasting.md (100%) delete mode 100644 Corpus/Sparks/Introduction for Organizational Structures.md delete mode 100644 Corpus/Sparks/List of possible partners 1.md rename Corpus/Sparks/{ => Policy examples}/Key Topics for a policy on handling classified information.md (100%) rename Corpus/Sparks/{Incidents.md => Risico's uit de praktijk.md} (97%) rename Corpus/Sparks/{Hyperproof Risk Register Template.xlsx => Risk Register Template Hyperproof.xlsx} (100%) rename Corpus/Sparks/{2023-scf-risk-management-ecosystem-diagram.jpg => Risks vs Threats vs Vulnerabilities SCF diagram.jpg} (100%) rename Corpus/Sparks/{Handreiking risicobeoordeling 2.0.pdf => SURF Handreiking risicobeoordeling 2.0.pdf} (100%) rename Corpus/Sparks/{kaartjes dreiging kwetsbaar impact.docx => SURF Toolkit risicobeoordeling kaartjes workshop.docx} (100%) rename Corpus/Sparks/{Hive Systems Password Table - 2024 Square.png => Time for brute force on passwords EN.png} (100%) rename Corpus/Sparks/{Hive Systems Password Table - 2024_Dutch.png => Time for brute force on passwords NL.png} (100%) rename Corpus/Sparks/{How to work the Kanban.md => Using a Kanban board for ISMS implementation.md} (97%) delete mode 100644 Corpus/Sparks/impactgebieden.md rename Corpus/Sparks/{ => iso27diy}/ISO27DIY benefits.md (100%) rename Corpus/Sparks/{ => iso27diy}/Idea Validation.md (100%) rename Corpus/Sparks/{ => iso27diy}/List of possible partners.md (80%) create mode 100644 Corpus/Sparks/iso27diy/iso27DIY-MoC.md rename Corpus/{Sparks/CleanShot 2024-10-08 at 16.27.06.png => Standards/CIS Controls and Safeguards.png} (100%) rename Corpus/{Sparks/Information Security => Standards}/CIS Controls.md (97%) rename Corpus/{Sparks/CleanShot 2024-10-08 at 16.10.32.png => Standards/CIS safeguards effectiveness.png} (100%) rename Corpus/{Sparks/Information Security => Standards}/Data maturity model NL overheid.md (100%) rename Corpus/{Sparks/iso27001_changes_table.jpeg => Standards/ISO27x/Changes in ISO 27001-2022 table.jpeg} (100%) rename Corpus/{Sparks => Various}/GGUF model for abstracts and categorization.md (100%) rename Corpus/{Sparks => Various}/Instruct an LLM on available tools.md (100%) rename Corpus/{Sparks => Various}/Integrating Ollama Embeddings with AnythingLLM and LM Studio.md (100%) rename Corpus/{Sparks => Various}/JSON validation for Postgres.md (100%) rename Corpus/{Sparks => Various}/Key Areas of Rasa Syntax.md (100%) rename Corpus/{Sparks => Various}/Kilo Code development workflow.md (100%) rename Corpus/{Sparks => Various}/Knowledge Graph Databases.md (100%) rename Corpus/{Sparks => Various}/LLM Prompt types.md (100%) rename Corpus/{Sparks => Various}/MCP Servers for Markdown.md (100%) rename Corpus/{Sparks => Various}/MCP server for Obsidian Vault.md (100%) rename Corpus/{Sparks => Various}/MCP server for creating abstracts.md (100%) diff --git a/Clients/DAK/Pentest DAK rapport Vitaen.md b/Clients/DAK/Pentest DAK rapport Vitaen.md index 5a26534..2fa8329 100644 --- a/Clients/DAK/Pentest DAK rapport Vitaen.md +++ b/Clients/DAK/Pentest DAK rapport Vitaen.md @@ -51,7 +51,7 @@ Kwetsbaarheden gescoord volgens het Common Vulnerability Scoring System ([CVSS v Voor het gebruik van de SA_VEEAM backup software is een Domain Administrator account aangemaakt. Dit geeft directe toegang geeft tot de volledige Active Directory-omgeving. Een aanvaller kan hiermee back-ups manipuleren, verwijderen of zelfs de volledige Active Directory overnemen. Het principe van least privilege lijkt niet te zijn toegepast Volgens Vitaen is dit 'in de meeste gevallen niet noodzakelijk en verhoogt het aanvalsoppervlak aanzienlijk': ->Aangezien dit account vatbaar is voor een [Kerberoasting](../../Corpus/Sparks/Kerberoasting.md) aanval, is het mogelijk gebleken de wachtwoord hash te bemachtigen. Het bleek echter niet mogelijk in de korte tijd dat de opdracht plaatsvond, om hiervan het wachtwoord te brute-forcen. +>Aangezien dit account vatbaar is voor een [Kerberoasting](../../Corpus/Sparks/Information%20Security/Kerberoasting.md) aanval, is het mogelijk gebleken de wachtwoord hash te bemachtigen. Het bleek echter niet mogelijk in de korte tijd dat de opdracht plaatsvond, om hiervan het wachtwoord te brute-forcen. **Oplossingsrichting** > Vitaen adviseert om het principe van least privilege toe te passen: service accounts mogen alleen de rechten krijgen die strikt noodzakelijk zijn voor hun functionaliteit. Waar mogelijk moeten alternatieve oplossingen zoals Managed Service Accounts (MSA) of Group Managed Service Accounts (gMSA) worden gebruikt, die automatisch wachtwoorden roteren en minder risicovol zijn. Daarnaast moet het gebruik van service accounts met verhoogde rechten actief worden gemonitord en gelogd, zodat afwijkend gedrag direct wordt opgemerkt. diff --git a/Corpus/Information security concepts MoC.md b/Corpus/Information security concepts MoC.md index 9b7e5ee..180ab37 100644 --- a/Corpus/Information security concepts MoC.md +++ b/Corpus/Information security concepts MoC.md @@ -37,8 +37,8 @@ Frameworks [NIST articles list](Standards/NIST/NIST%20articles%20list.md) [Governance](/Governance.md) [[Hardening]] -[Identity and Access Management (IAM)](Sparks/Identity%20and%20Access%20Management%20(IAM).md) - [Identification](Sparks/Identification.md) +[Identity and Access Management (IAM)](Sparks/Information%20Security/Identity%20and%20Access%20Management%20(IAM).md) + [Identification](Sparks/Information%20Security/Identification.md) [Authentication](Standards/ISO27x/Authentication.md) [Authorization](Standards/ISO27x/Authorization.md) Impact diff --git a/Corpus/Literature notes/BCP_Bedrijfscontinuïteitsplanning.md b/Corpus/Literature notes/BCP_Bedrijfscontinuïteitsplanning.md index 2e7f6b6..ff8ce04 100644 --- a/Corpus/Literature notes/BCP_Bedrijfscontinuïteitsplanning.md +++ b/Corpus/Literature notes/BCP_Bedrijfscontinuïteitsplanning.md @@ -7,7 +7,7 @@ Producten: ## Literatuur - BCP.mindnode op iCloud > Best Practices -- evt. [CIS Controls](../Sparks/Information%20Security/CIS%20Controls.md) als raamwerk +- evt. [CIS Controls](../Standards/CIS%20Controls.md) als raamwerk - ISO-22301-2019 'Business continuity management systems' en ISO-22313-2020 'Guidance on the use of ISO 22301' - [CISSP, Chapter 3](../Standards/CISSP/CISSP_OSG_Chapter_3.md) @@ -17,7 +17,7 @@ Bedrijfscontinuïteitsplanning is een continu proces, met als doel het implement Belangrijke onderdelen van Bedrijfscontinuïteitsplanning zijn de Bedrijfsimpact Analyse ([BIA](../Sparks/ISMS/Business%20Impact%20Analysis%20(BIA).md)) en het Herstelplan ('Disaster Recovery Plan' / [DRP](..//Disaster%20Recovery%20Planning.md)). De BIA richt zich op het identificeren van de impact van verstoringen op de bedrijfsprocessen, en het Herstelplan richt zich op het herstel van de normale bedrijfsprocessen na een verstoring en de eventuele inzet van alternatieve middelen of werkwijzen . -Zie ook: [Het belang van een Bedrijfscontinuïteitsplan](../Sparks/ISMS/Belang%20van%20een%20BCP.md) / [The importance of having a business continuity plan](../Sparks/Importance%20of%20a%20BCP.md). +Zie ook: [Het belang van een Bedrijfscontinuïteitsplan](../Sparks/ISMS/Belang%20van%20een%20BCP.md) / [The importance of having a business continuity plan](../Sparks/Information%20Security/Importance%20of%20a%20BCP.md). ## Aanpak diff --git a/Corpus/Literature notes/Checklists Gerardus Blokdyk/Checklist for auditing Access Management.md b/Corpus/Literature notes/Checklists Gerardus Blokdyk/Checklist for auditing Access Management.md index da8e474..da5f7ef 100644 --- a/Corpus/Literature notes/Checklists Gerardus Blokdyk/Checklist for auditing Access Management.md +++ b/Corpus/Literature notes/Checklists Gerardus Blokdyk/Checklist for auditing Access Management.md @@ -9,7 +9,7 @@ Relevant ISO 27001 clauses/controls: - [ISO 27001 A 18 Compliance](../../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%2018%20Compliance.md) Related: -- [Identity and Access Management (IAM)](../../Sparks/Identity%20and%20Access%20Management%20(IAM).md) +- [Identity and Access Management (IAM)](../../Sparks/Information%20Security/Identity%20and%20Access%20Management%20(IAM).md) ## Organized by Key Themes: Identity, Access, Cloud, Security, Management, Data, Network, Risk, Development, Project: diff --git a/Corpus/Literature notes/Def_Sec_Handbook_Chapter_10.md b/Corpus/Literature notes/Def_Sec_Handbook_Chapter_10.md index 535d6dd..899cd3d 100644 --- a/Corpus/Literature notes/Def_Sec_Handbook_Chapter_10.md +++ b/Corpus/Literature notes/Def_Sec_Handbook_Chapter_10.md @@ -1,6 +1,6 @@ # Chapter 10: Password Management and Multifactor Authentication -See also: [Identity and Access Management (IAM)](../Sparks/Identity%20and%20Access%20Management%20(IAM).md), [Roles in Identity and Access Management (IAM)](Roles%20in%20Identity%20and%20Access%20Management%20(IAM).md) +See also: [Identity and Access Management (IAM)](../Sparks/Information%20Security/Identity%20and%20Access%20Management%20(IAM).md), [Roles in Identity and Access Management (IAM)](Roles%20in%20Identity%20and%20Access%20Management%20(IAM).md) ## Password practices Password complexity and brute force cracking: diff --git a/Corpus/Literature notes/Managing Risks - A New Framework.md b/Corpus/Literature notes/Managing Risks - A New Framework.md index 2c7dab1..4bc9205 100644 --- a/Corpus/Literature notes/Managing Risks - A New Framework.md +++ b/Corpus/Literature notes/Managing Risks - A New Framework.md @@ -40,7 +40,7 @@ Rules about what to do and what not to do won’t help here. In fact, they usual ## Managing the different Risk Categories ### Managing Preventable Risks -See: [Identifying and Managing Preventable Risks](../Sparks/Identifying%20and%20Managing%20Preventable%20Risks.md) +See: [Identifying and Managing Preventable Risks](../Sparks/Information%20Security/Identifying%20and%20Managing%20Preventable%20Risks.md) ### Managing Strategy Risks Over the past 10 years of study, we’ve come across three distinct approaches to managing strategy risks. all three encourage employees to challenge existing assumptions and debate risk information. Which model is appropriate for a given firm depends largely on the context in which an organization operates. diff --git a/Corpus/Literature notes/Threat Catalogues.md b/Corpus/Literature notes/Threat Catalogues.md index d13daef..012f5f1 100644 --- a/Corpus/Literature notes/Threat Catalogues.md +++ b/Corpus/Literature notes/Threat Catalogues.md @@ -24,5 +24,5 @@ LINDDUN GO OWASP RISMAN -Data Maturity Models, zie [Data maturity model NL overheid](../Sparks/Information%20Security/Data%20maturity%20model%20NL%20overheid.md) +Data Maturity Models, zie [Data maturity model NL overheid](../Standards/Data%20maturity%20model%20NL%20overheid.md) diff --git a/Corpus/Literature notes/Topical InfoSec Kanban’s.md b/Corpus/Literature notes/Topical InfoSec Kanban’s.md index 770aef5..01f55e8 100644 --- a/Corpus/Literature notes/Topical InfoSec Kanban’s.md +++ b/Corpus/Literature notes/Topical InfoSec Kanban’s.md @@ -30,7 +30,7 @@ Note that these boards where created with Airtable.com. ### Related notes: - [📼 ISO27DIY Video Series](../Standards/ISO27x/legacy/iso27DIY%20mk%20I/📼%20ISO27DIY%20Video%20Series.md) - [ISO27DIY Additional resources](../Standards/ISO27x/legacy/iso27DIY%20mk%20I/ISO27DIY%20Additional%20resources.md) -- [List of possible partners 1](../Sparks/List%20of%20possible%20partners%201.md) +- [List of possible partners](../Sparks/iso27diy/List%20of%20possible%20partners.md) - [ISO27DIY Workshop Overview template](../Standards/ISO27x/legacy/iso27DIY%20mk%20I/📒%20Templates/ISO27DIY%20Workshop%20Overview%20template.md) - [Advised Documents for ISO 27001](../../../iso27DIY-gis/reference/Advised%20Documents%20for%20ISO%2027001.md) - [💾 AuditGlue software](../Standards/ISO27x/legacy/iso27DIY%20mk%20I/💾%20AuditGlue%20software.md) diff --git a/Corpus/MoCs/iso27DIY-MoC.md b/Corpus/MoCs/iso27DIY-MoC.md deleted file mode 100644 index de7165b..0000000 --- a/Corpus/MoCs/iso27DIY-MoC.md +++ /dev/null @@ -1,59 +0,0 @@ ---- -tags: -- project/iso27DIY -- type/MoC ---- -## Marketing source material -[ISO27DIY Solution and Components](../../marketing/branding/ISO27DIY%20Solution%20and%20Components.md) -[Value Proposition Canvas for iso27DIY](../../marketing/branding/Value%20Proposition%20Canvas%20for%20iso27DIY.md) -[Brand Values](../../marketing/branding/Brand%20Values.md) -[FUD with Certification](../../marketing/branding/FUD%20with%20Certification.md) -[PRD Product Requirements Document for iso27DYI](AuditGlue/PRD%20Product%20Requirements%20Document%20for%20iso27DYI.md) - -[iso27DIY Functional Diagram](AuditGlue/System%20alternative/iso27DIY%20Functional%20Diagram.canvas) -[iso27DIY content modules](../../AuditGlue/iso27DIY%20content%20modules.canvas) - -## Marketing - -[Pricing](../Sparks/The%20Psychology%20Behind%20SaaS%20Pricing.md) -[[Pricing Tiers for iso27DIY|Tiers]] -[[SEO guide for Carrd|Website SEO]] -[Idea Validation](../Sparks/Idea%20Validation.md) - -## Method -[Samenhang tussen producten](../Sparks/Samenhang%20tussen%20producten.md) -[ISO 27001 2023 Processen en Artefacten](../Standards/ISO27x/OST/ISO%2027001%202023%20Processen%20en%20Artefacten.md) -[Advised Documents for ISO 27001](../iso27DIY-gis/reference/Advised%20Documents%20for%20ISO%2027001.md) -[Examples of Proof for auditors](../Sparks/Examples%20of%20Proof%20for%20auditors.md) -[About ISO27DIY Policy Cards](../💡Permanent%20ideas/About%20ISO27DIY%20Policy%20Cards.md) - -## Design -[Modules Canvas](../../AuditGlue/iso27DIY%20content%20modules.canvas) -[About the flow](../Sparks/About%20iso27diy/About%20the%20flow.md) -[UI ideas](AuditGlue/System%20alternative/iso27DIY%20UI%20ideas.md) - -### Agents -[Create a proactive conversational agent](../Various/Create%20a%20proactive%20conversational%20agent.md) -[Create an interview agent](../Various/Create%20an%20interview%20agent.md) - [Agent Design Intent Card](AuditGlue/System%20alternative/Agent%20Design%20Intent%20Card.md) -[Create a threat analysis chatbot](../Various/Create%20a%20threat%20analysis%20chatbot.md) -[Instruct an LLM on available tools](../Sparks/Instruct%20an%20LLM%20on%20available%20tools.md) -[LLM Prompt types](../Sparks/LLM%20Prompt%20types.md) - -## Content -[ISO27DIY Videos list](../🧱%20Projects/iso27DIY%20mk%20I/ISO27DIY%20Videos%20list.md) - -## Platform -[Design Document for ISO 27001 Certification Support Online Service](../Various/Design%20Document%20for%20ISO%2027001%20Certification%20Support%20Online%20Service.md) -[Personae and Roles](../Sparks/Personae%20and%20Roles.md) -[TypeDB structure for ISO27DIY](../Sparks/TypeDB%20structure%20for%20ISO27DIY.md) -[Client segregation in SaaS](../Sparks/Information%20Security/Client%20segregation%20in%20SaaS.md) -[Building functionality in Supabase](../Various/Building%20functionality%20in%20Supabase.md) -[SupaBase edge functions portability](../Sparks/SupaBase%20edge%20functions%20portability.md) -[Connect LLM to Supabase to create content](../Various/Connect%20LLM%20to%20Supabase%20to%20create%20content.md) -[Application architecture](../Various/Application%20architecture.md) -[iso27DYI architecture with LLM](AuditGlue/System%20alternative/iso27DYI%20architecture%20with%20LLM.md) -[iso27DIY stack deployment](AuditGlue/System%20alternative/iso27DIY%20stack%20deployment.md) -[SurveyJS](../Sparks/SurveyJS.md) -[WeWeb Security Pre-Launch Checklist](../Sparks/weweb_security_checklist.md) - diff --git a/Corpus/Sparks/Hinsons Green and Read flags.md b/Corpus/Sparks/Hinsons Green and Read flags.md deleted file mode 100644 index 0d5822e..0000000 --- a/Corpus/Sparks/Hinsons Green and Read flags.md +++ /dev/null @@ -1,8 +0,0 @@ ---- -tags: - - iso27001 - - audit ---- - -![](SecAware%20ISMS%20audit%20flags.docx) - diff --git a/Corpus/Sparks/ISMS/Access Control Models.md b/Corpus/Sparks/ISMS/Access Control Models.md index 2a42a18..4f6d157 100644 --- a/Corpus/Sparks/ISMS/Access Control Models.md +++ b/Corpus/Sparks/ISMS/Access Control Models.md @@ -1,6 +1,6 @@ See also: - [Authorization vs Access Control](Authorization%20vs%20Access%20Control.md) -- [Identity and Access Management (IAM)](../Identity%20and%20Access%20Management%20(IAM).md) +- [Identity and Access Management (IAM)](../Information%20Security/Identity%20and%20Access%20Management%20(IAM).md) - [RBAC Access levels](../../Literature%20notes/RBAC%20Access%20levels.md) - [CRUD Matrices](../Information%20Security/CRUD%20Matrices.md) diff --git a/Corpus/Sparks/ISMS/Assets Ownership and Risk Overview.md b/Corpus/Sparks/ISMS/Assets Ownership and Risk Overview.md index 02be598..fb9fedc 100644 --- a/Corpus/Sparks/ISMS/Assets Ownership and Risk Overview.md +++ b/Corpus/Sparks/ISMS/Assets Ownership and Risk Overview.md @@ -97,7 +97,7 @@ The source files reference the following related notes in the vault: - [Risk ownership](../Risk%20ownership.md) - [Control ownership](Control%20ownership.md) - [Asset lifecycle](../../Literature%20notes/Asset%20lifecycle.md) -- [How to develop an Asset Inventory](../How%20to%20develop%20an%20Asset%20Inventory.md) +- [How to develop an Asset Inventory](How%20to%20develop%20an%20Asset%20Inventory.md) ![Asset classes](Asset%20classes.png) diff --git a/Corpus/Sparks/ISMS/Data classification/Data Classification.md b/Corpus/Sparks/ISMS/Data classification/Data Classification.md index 9f01359..3d9ccf0 100644 --- a/Corpus/Sparks/ISMS/Data classification/Data Classification.md +++ b/Corpus/Sparks/ISMS/Data classification/Data Classification.md @@ -50,7 +50,7 @@ Leiden University has a tool picker that is publicly available, to help employee It does not solve the classification labeling problem if you have a single mandatory system in mind, but I can imagine that asking them about what goal they want to achieve makes it easier for employees to see classification as helpful and useful. [https://web.universiteitleiden.nl/assets/toolpicker/?lang=en](https://web.universiteitleiden.nl/assets/toolpicker/?lang=en) -![](../../Informatie_classificatie_matrix.xlsx) +![](../Informatie_classificatie_matrix.xlsx) See also: @@ -58,7 +58,7 @@ See also: [Def_Sec_Handbook_Chapter_2](../../../Literature%20notes/Def_Sec_Handbook_Chapter_2.md#Information%20classification) [ISO 27002:2022 NL A5.12](../../../Standards/ISO27x/OST/27002/NL/a-5.12-Classificeren-van-informatie.md) [Designing an information management scheme](../../../Literature%20notes/Designing%20an%20information%20management%20scheme.md) -[Key Topics for a policy on handling classified information](../../Key%20Topics%20for%20a%20policy%20on%20handling%20classified%20information.md) +[Key Topics for a policy on handling classified information](../../Policy%20examples/Key%20Topics%20for%20a%20policy%20on%20handling%20classified%20information.md) [Traffic Light Protocol (TLP)](../../../Literature%20notes/Traffic%20Light%20Protocol%20TLP.md) diff --git a/Corpus/Sparks/How to develop an Asset Inventory.md b/Corpus/Sparks/ISMS/How to develop an Asset Inventory.md similarity index 69% rename from Corpus/Sparks/How to develop an Asset Inventory.md rename to Corpus/Sparks/ISMS/How to develop an Asset Inventory.md index a1afb95..2a1de51 100644 --- a/Corpus/Sparks/How to develop an Asset Inventory.md +++ b/Corpus/Sparks/ISMS/How to develop an Asset Inventory.md @@ -1,11 +1,13 @@ +# How to develop an asset inventory + https://www.isms.online/iso-27001/how-to-develop-an-asset-inventory-for-iso-27001/ Relevant ISO 27001 clauses/controls: -- [ISO 27001 A 8.1.1 Inventory of assets](../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%208.1.1%20Inventory%20of%20assets.md) -- [ISO 27001 C 6.1.2 Information security risk assessment](../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20C%206.1.2%20Information%20security%20risk%20assessment.md) +- [ISO 27001 A 8.1.1 Inventory of assets](../../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%208.1.1%20Inventory%20of%20assets.md) +- [ISO 27001 C 6.1.2 Information security risk assessment](../../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20C%206.1.2%20Information%20security%20risk%20assessment.md) See also: -- [Assets, Vulnerabilities, Threats, Risks](Assets,%20Vulnerabilities,%20Threats,%20Risks.md) +- [Assets, Vulnerabilities, Threats, Risks](../../Literature%20notes/Assets,%20Vulnerabilities,%20Threats,%20Risks.md) # 3D Asset Inventory diff --git a/Corpus/Sparks/ISMS/ISMS audit flags.md b/Corpus/Sparks/ISMS/ISMS audit flags.md new file mode 100644 index 0000000..d3a4d6f --- /dev/null +++ b/Corpus/Sparks/ISMS/ISMS audit flags.md @@ -0,0 +1,10 @@ +# ISMS audit flags + +This guideline supports practitioners conducting audits of Information Security Management Systems (ISMSs) built on ISO/IEC 27001. It provides practical reference material organised around two complementary audit tools: green flags — the evidence and documentation an auditor should expect to find in a functioning ISMS — and red flags — the indicators that signal a dysfunctional, failing, or nonconformant system. + +The guideline does not prescribe how to audit, nor does it address the content of individual security controls. Its scope is the management system itself: whether it is properly designed, genuinely operating, and delivering value to the organisation. Because ISO/IEC 27001 is deliberately broad in its requirements, this document fills the interpretive gap with experience-based guidance on what adequate evidence looks like in practice, and what warning signs are worth investigating further. + +Intended primarily for internal auditors and certification auditors working with ISO/IEC 27001-based ISMSs, it is also relevant to those assessing information service providers such as cloud and managed security vendors. The guidance draws on four decades of practitioner experience and is offered as a supplement to — not a replacement for — formal audit checklists and professional judgement. + +![](../SecAware%20ISMS%20audit%20flags.docx) + diff --git a/Corpus/Sparks/IMG_4214.jpg b/Corpus/Sparks/ISMS/ISMS diagram.jpg similarity index 100% rename from Corpus/Sparks/IMG_4214.jpg rename to Corpus/Sparks/ISMS/ISMS diagram.jpg diff --git a/Corpus/Sparks/Ideas about enforcement.md b/Corpus/Sparks/ISMS/Ideas about enforcement.md similarity index 95% rename from Corpus/Sparks/Ideas about enforcement.md rename to Corpus/Sparks/ISMS/Ideas about enforcement.md index 07d43bc..8f6cfd5 100644 --- a/Corpus/Sparks/Ideas about enforcement.md +++ b/Corpus/Sparks/ISMS/Ideas about enforcement.md @@ -1,4 +1,5 @@ # Ideas about enforcement + The coverage of [[Enforcement tooling]] will not be complete, if only because their implementation will always be one step behind organizational reality. There will be information assets out of scope, by choice or accident. There will be situations where the improper handling of assets is not prevented by such tooling, and employees would need to be aware of, or deduce from content, the classification of those assets, and make an informed decission on the proper handling. @@ -10,4 +11,4 @@ There's also a link here to different stakeholders with different interests. Thi Related: - [Labeling of information in the digital domain](Labeling%20of%20information%20in%20the%20digital%20domain.md). -- [Stakeholder Analysis](Stakeholder%20Analysis.md) \ No newline at end of file +- [Stakeholder Analysis](../Stakeholder%20Analysis.md) \ No newline at end of file diff --git a/Corpus/Sparks/Ideas on Risk Ownership.md b/Corpus/Sparks/ISMS/Ideas on Risk Ownership.md similarity index 100% rename from Corpus/Sparks/Ideas on Risk Ownership.md rename to Corpus/Sparks/ISMS/Ideas on Risk Ownership.md diff --git a/Corpus/Sparks/Informatie_classificatie_matrix.xlsx b/Corpus/Sparks/ISMS/Informatie_classificatie_matrix.xlsx similarity index 100% rename from Corpus/Sparks/Informatie_classificatie_matrix.xlsx rename to Corpus/Sparks/ISMS/Informatie_classificatie_matrix.xlsx diff --git a/Corpus/Sparks/KPIs in Incident Response.md b/Corpus/Sparks/ISMS/KPIs in Incident Response.md similarity index 88% rename from Corpus/Sparks/KPIs in Incident Response.md rename to Corpus/Sparks/ISMS/KPIs in Incident Response.md index 58ac0cf..e8143db 100644 --- a/Corpus/Sparks/KPIs in Incident Response.md +++ b/Corpus/Sparks/ISMS/KPIs in Incident Response.md @@ -2,7 +2,7 @@ tags: - metrics Related: - - "[ISO_27002_2022_5.24_PE Information security incident management planning and preparation](../../../iso27DIY-gis/reference/Paraphrased/ISO27002-2022-EN/ISO_27002_2022_5.24_PE%20Information%20security%20incident%20management%20planning%20and%20preparation.md)" + - "[ISO_27002_2022_5.24_PE Information security incident management planning and preparation](../../../../iso27DIY-gis/reference/Paraphrased/ISO27002-2022-EN/ISO_27002_2022_5.24_PE%20Information%20security%20incident%20management%20planning%20and%20preparation.md)" --- # KPIs in Incident Response diff --git a/Corpus/Sparks/Labeling of information in the digital domain.md b/Corpus/Sparks/ISMS/Labeling of information in the digital domain.md similarity index 74% rename from Corpus/Sparks/Labeling of information in the digital domain.md rename to Corpus/Sparks/ISMS/Labeling of information in the digital domain.md index 0a3e25e..383b21a 100644 --- a/Corpus/Sparks/Labeling of information in the digital domain.md +++ b/Corpus/Sparks/ISMS/Labeling of information in the digital domain.md @@ -1,4 +1,4 @@ -[ISO 27001 A 8.2.2 Labelling of information](../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%208.2.2%20Labelling%20of%20information.md) makes procedures for information labelling in accordance with the classification scheme mandatory. +[ISO 27001 A 8.2.2 Labelling of information](../../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%208.2.2%20Labelling%20of%20information.md) makes procedures for information labelling in accordance with the classification scheme mandatory. For physical assets it’s straightforward: a ‘restricted area’ sign on the door to the server room, a ‘classified’ mark on a folder, a ‘privacy sensitive’ sticker on a backup tape, etc. @@ -13,11 +13,11 @@ Labeling of digital information assets ‘close to the source’ – e.g. assign Looking at it that way, any metadata that helps ensure the acceptable use and proper handling of information assets could be identified as ‘labeling’. A data dictionary that contains classification information could also be considered to use labeling. Related: -- [ISO 27001 A 8.2.1 Classification of information](../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%208.2.1%20Classification%20of%20information.md) -- [ISO 27001 A 8.1.3 Acceptable use of assets](../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%208.1.3%20Acceptable%20use%20of%20assets.md) +- [ISO 27001 A 8.2.1 Classification of information](../../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%208.2.1%20Classification%20of%20information.md) +- [ISO 27001 A 8.1.3 Acceptable use of assets](../../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%208.1.3%20Acceptable%20use%20of%20assets.md) - [[Enforcement tooling]] -[ISO 27001 A 8.2.2 Labelling of information](../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%208.2.2%20Labelling%20of%20information.md) makes procedures for information labelling in accordance with the classification scheme mandatory. +[ISO 27001 A 8.2.2 Labelling of information](../../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%208.2.2%20Labelling%20of%20information.md) makes procedures for information labelling in accordance with the classification scheme mandatory. For physical assets it’s straightforward: a ‘restricted area’ sign on the door to the server room, a ‘classified’ mark on a folder, a ‘privacy sensitive’ sticker on a backup tape, etc. @@ -32,6 +32,6 @@ Labeling of digital information assets ‘close to the source’ – e.g. assign Looking at it that way, any metadata that helps ensure the acceptable use and proper handling of information assets could be identified as ‘labeling’. A data dictionary that contains classification information could also be considered to use labeling. Related: -- [ISO 27001 A 8.2.1 Classification of information](../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%208.2.1%20Classification%20of%20information.md) -- [ISO 27001 A 8.1.3 Acceptable use of assets](../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%208.1.3%20Acceptable%20use%20of%20assets.md) +- [ISO 27001 A 8.2.1 Classification of information](../../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%208.2.1%20Classification%20of%20information.md) +- [ISO 27001 A 8.1.3 Acceptable use of assets](../../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%208.1.3%20Acceptable%20use%20of%20assets.md) - [[Enforcement tooling]] \ No newline at end of file diff --git a/Corpus/Sparks/Ideas about enforcement 1.md b/Corpus/Sparks/Ideas about enforcement 1.md deleted file mode 100644 index 07d43bc..0000000 --- a/Corpus/Sparks/Ideas about enforcement 1.md +++ /dev/null @@ -1,13 +0,0 @@ -# Ideas about enforcement -The coverage of [[Enforcement tooling]] will not be complete, if only because their implementation will always be one step behind organizational reality. There will be information assets out of scope, by choice or accident. - -There will be situations where the improper handling of assets is not prevented by such tooling, and employees would need to be aware of, or deduce from content, the classification of those assets, and make an informed decission on the proper handling. - -The underlying idea is that I personally prefer that people have freedom of choice and be supported in making informed decissions. -that is not only morally preferable, but it's a necessigty precisely because there will always be situations in which they *need* to decide for themselves. - -There's also a link here to different stakeholders with different interests. Think of your stereotypical IT Guy, who wants to screw everything down, and Marketing Guy, who wants maximum freedom in the data lake. - -Related: -- [Labeling of information in the digital domain](Labeling%20of%20information%20in%20the%20digital%20domain.md). -- [Stakeholder Analysis](Stakeholder%20Analysis.md) \ No newline at end of file diff --git a/Corpus/Sparks/Impact of Disruption.md b/Corpus/Sparks/Impact of Disruption.md deleted file mode 100644 index e5cce1d..0000000 --- a/Corpus/Sparks/Impact of Disruption.md +++ /dev/null @@ -1,8 +0,0 @@ -## Impact of Disruption - - - [](../Attachments/TLP_Impact_matrix_NL.xlsx) - -[BCP_Bedrijfscontinuïteitsplanning](../📚️%20Literature%20notes/BCP_Bedrijfscontinuïteitsplanning.md) -[Business Impact Analysis (BIA)](..//Business%20Impact%20Analysis%20(BIA).md) - diff --git a/Corpus/Sparks/Information Security.md b/Corpus/Sparks/Information Security.md deleted file mode 100644 index 1524603..0000000 --- a/Corpus/Sparks/Information Security.md +++ /dev/null @@ -1,3 +0,0 @@ -- [Information security concepts MoC](../Information%20security%20concepts%20MoC.md) -- [Standards and Regulations for information security](../Standards/other/Standards%20and%20Regulations%20for%20information%20security.md) - diff --git a/Corpus/Sparks/Information Security/Cracking passwords in 2024.md b/Corpus/Sparks/Information Security/Cracking passwords in 2024.md index 3361c6e..c664e7d 100644 --- a/Corpus/Sparks/Information Security/Cracking passwords in 2024.md +++ b/Corpus/Sparks/Information Security/Cracking passwords in 2024.md @@ -1,9 +1,9 @@ # Cracking passwords in 2024 -![](../Hive%20Systems%20Password%20Table%20-%202024_Dutch.png) +![](../Time%20for%20brute%20force%20on%20passwords%20NL.png) -![](../Hive%20Systems%20Password%20Table%20-%202024%20Square.png) +![](../Time%20for%20brute%20force%20on%20passwords%20EN.png) diff --git a/Corpus/Sparks/IT dept roles and responsibility frameworks.md b/Corpus/Sparks/Information Security/Frameworks for defining roles and responsibilities in IT.md similarity index 96% rename from Corpus/Sparks/IT dept roles and responsibility frameworks.md rename to Corpus/Sparks/Information Security/Frameworks for defining roles and responsibilities in IT.md index e1ff4e2..39216d1 100644 --- a/Corpus/Sparks/IT dept roles and responsibility frameworks.md +++ b/Corpus/Sparks/Information Security/Frameworks for defining roles and responsibilities in IT.md @@ -1,3 +1,5 @@ +# Frameworks for defining roles and responsibilities in IT + Several established frameworks exist for defining roles and responsibilities within IT departments. Here are the most widely used ones: **RACI Matrix (Responsible, Accountable, Consulted, Informed)** diff --git a/Corpus/Sparks/Identification.md b/Corpus/Sparks/Information Security/Identification.md similarity index 59% rename from Corpus/Sparks/Identification.md rename to Corpus/Sparks/Information Security/Identification.md index 7c89c15..1ca1952 100644 --- a/Corpus/Sparks/Identification.md +++ b/Corpus/Sparks/Information Security/Identification.md @@ -1,15 +1,16 @@ # Identification + Identification is the claim of a subject of its identity. See also: -- [Authentication](../Standards/ISO27x/Authentication.md) -- [Authorization](../Standards/ISO27x/Authorization.md) +- [Authentication](../../Standards/ISO27x/Authentication.md) +- [Authorization](../../Standards/ISO27x/Authorization.md) - [Identity and Access Management (IAM)](Identity%20and%20Access%20Management%20(IAM).md) # Identification Identification is the claim of a subject of its identity. See also: -- [Authentication](../Standards/ISO27x/Authentication.md) -- [Authorization](../Standards/ISO27x/Authorization.md) +- [Authentication](../../Standards/ISO27x/Authentication.md) +- [Authorization](../../Standards/ISO27x/Authorization.md) - [Identity and Access Management (IAM)](Identity%20and%20Access%20Management%20(IAM).md) diff --git a/Corpus/Sparks/Identifying and Managing Preventable Risks.md b/Corpus/Sparks/Information Security/Identifying and Managing Preventable Risks.md similarity index 89% rename from Corpus/Sparks/Identifying and Managing Preventable Risks.md rename to Corpus/Sparks/Information Security/Identifying and Managing Preventable Risks.md index a98c6a0..ad7b090 100644 --- a/Corpus/Sparks/Identifying and Managing Preventable Risks.md +++ b/Corpus/Sparks/Information Security/Identifying and Managing Preventable Risks.md @@ -1,4 +1,4 @@ -Sidebar from [Managing Risks - A New Framework](../Literature%20notes/Managing%20Risks%20-%20A%20New%20Framework.md) +Sidebar from [Managing Risks - A New Framework](../../Literature%20notes/Managing%20Risks%20-%20A%20New%20Framework.md) Companies cannot anticipate every circumstance or conflict of interest that an employee might encounter. Thus, the first line of defense against preventable risk events is to provide guidelines clarifying the company’s goals and values. diff --git a/Corpus/Sparks/Identity and Access Management (IAM).md b/Corpus/Sparks/Information Security/Identity and Access Management (IAM).md similarity index 69% rename from Corpus/Sparks/Identity and Access Management (IAM).md rename to Corpus/Sparks/Information Security/Identity and Access Management (IAM).md index 0d4911e..bfcc210 100644 --- a/Corpus/Sparks/Identity and Access Management (IAM).md +++ b/Corpus/Sparks/Information Security/Identity and Access Management (IAM).md @@ -8,10 +8,10 @@ An _allow policy_, also known as an _IAM policy_, defines and enforces what ro See: - [Identification](Identification.md) – "This is who I am" -- [Authentication](../Standards/ISO27x/Authentication.md) – "This is how I prove it" -- [Authorization](../Standards/ISO27x/Authorization.md) – "... then this is what you get access to" -- [CISSP_Domain_5_1](../Standards/CISSP/CISSP_Domain_5_1.md), [CISSP_Domain_5_2](../Standards/CISSP/CISSP_Domain_5_2.md) -- [Roles in Identity and Access Management (IAM)](../Literature%20notes/Roles%20in%20Identity%20and%20Access%20Management%20(IAM).md) +- [Authentication](../../Standards/ISO27x/Authentication.md) – "This is how I prove it" +- [Authorization](../../Standards/ISO27x/Authorization.md) – "... then this is what you get access to" +- [CISSP_Domain_5_1](../../Standards/CISSP/CISSP_Domain_5_1.md), [CISSP_Domain_5_2](../../Standards/CISSP/CISSP_Domain_5_2.md) +- [Roles in Identity and Access Management (IAM)](../../Literature%20notes/Roles%20in%20Identity%20and%20Access%20Management%20(IAM).md) ## How IAM works @@ -23,7 +23,7 @@ An _allow policy_, also known as an _IAM policy_, defines and enforces what ro See: - [Identification](Identification.md) – "This is who I am" -- [Authentication](../Standards/ISO27x/Authentication.md) – "This is how I prove it" -- [Authorization](../Standards/ISO27x/Authorization.md) – "... then this is what you get access to" -- [CISSP_Domain_5_1](../Standards/CISSP/CISSP_Domain_5_1.md), [CISSP_Domain_5_2](../Standards/CISSP/CISSP_Domain_5_2.md) -- [Roles in Identity and Access Management (IAM)](../Literature%20notes/Roles%20in%20Identity%20and%20Access%20Management%20(IAM).md) \ No newline at end of file +- [Authentication](../../Standards/ISO27x/Authentication.md) – "This is how I prove it" +- [Authorization](../../Standards/ISO27x/Authorization.md) – "... then this is what you get access to" +- [CISSP_Domain_5_1](../../Standards/CISSP/CISSP_Domain_5_1.md), [CISSP_Domain_5_2](../../Standards/CISSP/CISSP_Domain_5_2.md) +- [Roles in Identity and Access Management (IAM)](../../Literature%20notes/Roles%20in%20Identity%20and%20Access%20Management%20(IAM).md) \ No newline at end of file diff --git a/Corpus/Sparks/Importance of a BCP.md b/Corpus/Sparks/Information Security/Importance of a BCP.md similarity index 100% rename from Corpus/Sparks/Importance of a BCP.md rename to Corpus/Sparks/Information Security/Importance of a BCP.md diff --git a/Corpus/Sparks/Incident Response Planning.md b/Corpus/Sparks/Information Security/Incident Response Planning.md similarity index 74% rename from Corpus/Sparks/Incident Response Planning.md rename to Corpus/Sparks/Information Security/Incident Response Planning.md index 5aaa831..d27e8cb 100644 --- a/Corpus/Sparks/Incident Response Planning.md +++ b/Corpus/Sparks/Information Security/Incident Response Planning.md @@ -1,15 +1,15 @@ -[SANS Incident Response Plan](../Standards/SANS/SANS%20Incident%20Response%20Plan.md) +[SANS Incident Response Plan](../../Standards/SANS/SANS%20Incident%20Response%20Plan.md) -[Checklist for auditing Incident Response Plan](../Literature%20notes/Checklists%20Gerardus%20Blokdyk/Checklist%20for%20auditing%20Incident%20Response%20Plan.md) +[Checklist for auditing Incident Response Plan](../../Literature%20notes/Checklists%20Gerardus%20Blokdyk/Checklist%20for%20auditing%20Incident%20Response%20Plan.md) See also: -- [Ransomware Playbook](Ransomware%20Playbook.md) -- [a-5.30-ICT-readiness-for-business-continuity](../Standards/ISO27x/OST/27002/EN/a-5.30-ICT-readiness-for-business-continuity.md) +- [Ransomware Playbook](../Ransomware%20Playbook.md) +- [a-5.30-ICT-readiness-for-business-continuity](../../Standards/ISO27x/OST/27002/EN/a-5.30-ICT-readiness-for-business-continuity.md) - [BCP_Bedrijfscontinuïteitsplanning](../📚️%20Literature%20notes/BCP_Bedrijfscontinuïteitsplanning.md) -ISO 27002 5.24 Planning and preparation [PE](../../../iso27DIY-gis/reference/Paraphrased/ISO27002-2022-EN/ISO_27002_2022_5.24_PE%20Information%20security%20incident%20management%20planning%20and%20preparation.md)/ [OT](../Standards/ISO27x/OST/27002/EN/a-5.24-Information-security-incident-management-planning-and-preparation.md) +ISO 27002 5.24 Planning and preparation [PE](../../../../iso27DIY-gis/reference/Paraphrased/ISO27002-2022-EN/ISO_27002_2022_5.24_PE%20Information%20security%20incident%20management%20planning%20and%20preparation.md)/ [OT](../../Standards/ISO27x/OST/27002/EN/a-5.24-Information-security-incident-management-planning-and-preparation.md) CISSP Incident Response Steps[^1]: @@ -26,7 +26,7 @@ CISSP Incident Response Steps[^1]: - Remediation - root cause analysis - Lessons Learned - - ISO 27002 5.27 [PE](../../../iso27DIY-gis/reference/Paraphrased/ISO27002-2022-EN/ISO_27002_2022_5.27_PE%20Learning%20from%20information%20security%20incidents.md) / [OT](../Standards/ISO27x/OST/27002/EN/a-5.27-Learning-from-information-security-incidents.md) + - ISO 27002 5.27 [PE](../../../../iso27DIY-gis/reference/Paraphrased/ISO27002-2022-EN/ISO_27002_2022_5.27_PE%20Learning%20from%20information%20security%20incidents.md) / [OT](../../Standards/ISO27x/OST/27002/EN/a-5.27-Learning-from-information-security-incidents.md) - prevent from re-occurring - improve incident response diff --git a/Corpus/Sparks/Incident Response playbooks.md b/Corpus/Sparks/Information Security/Incident Response playbooks.md similarity index 100% rename from Corpus/Sparks/Incident Response playbooks.md rename to Corpus/Sparks/Information Security/Incident Response playbooks.md diff --git a/Corpus/Sparks/Kerberoasting.md b/Corpus/Sparks/Information Security/Kerberoasting.md similarity index 100% rename from Corpus/Sparks/Kerberoasting.md rename to Corpus/Sparks/Information Security/Kerberoasting.md diff --git a/Corpus/Sparks/Introduction for Organizational Structures.md b/Corpus/Sparks/Introduction for Organizational Structures.md deleted file mode 100644 index 43f6f38..0000000 --- a/Corpus/Sparks/Introduction for Organizational Structures.md +++ /dev/null @@ -1,13 +0,0 @@ -# Introduction for Organizational Structures - -Identifying information security requirements, according to ISO 27000:2018 C.4.5.2: - - Information security requirements can be identified through an understanding of the following: - - a) identified information assets and their value; - - b) business needs for information processing, storage and communication; - - c) legal, regulatory, and contractual requirements. - - Conducting a methodical assessment of the risks associated with the organization’s information assets involves analysing threats to information assets, vulnerabilities to and the likelihood of a threat materializing to information assets, and the potential impact of any information security incident on information assets. The expenditure on relevant controls is expected to be proportionate to the perceived business impact of the risk materializing. \ No newline at end of file diff --git a/Corpus/Sparks/List of possible partners 1.md b/Corpus/Sparks/List of possible partners 1.md deleted file mode 100644 index 47bdcf1..0000000 --- a/Corpus/Sparks/List of possible partners 1.md +++ /dev/null @@ -1,4 +0,0 @@ -- [The Art of Service](The%20Art%20of%20Service.md) offers topical InfoSec Kanban boards -- 'Certificeringsadvies' offers independent external audits, they were employed by Networking4all -- [Muddassir via Gumroad](https://community.gumroad.com/c/share-your-wins/boring-fields-like-supply-chains-can-be-creative-enough-to-sell-digital-products?login_token=RyhWoyqXw2kT5de2eNp6RYjL6U4NY1aKLPmS#comment_wrapper_4014940). Runs a site on SCM and has offered to cross post content. - diff --git a/Corpus/Sparks/Key Topics for a policy on handling classified information.md b/Corpus/Sparks/Policy examples/Key Topics for a policy on handling classified information.md similarity index 100% rename from Corpus/Sparks/Key Topics for a policy on handling classified information.md rename to Corpus/Sparks/Policy examples/Key Topics for a policy on handling classified information.md diff --git a/Corpus/Sparks/Incidents.md b/Corpus/Sparks/Risico's uit de praktijk.md similarity index 97% rename from Corpus/Sparks/Incidents.md rename to Corpus/Sparks/Risico's uit de praktijk.md index 3c9f8df..a534cf5 100644 --- a/Corpus/Sparks/Incidents.md +++ b/Corpus/Sparks/Risico's uit de praktijk.md @@ -1,7 +1,6 @@ -A [List of Post-Mortems](https://github.com/danluu/post-mortems) on Github +# Risico's uit de praktijk -[Incident Response Planning](Incident%20Response%20Planning.md) -[Business Continuity Planning (BCP)](../📚️%20Literature%20notes/BCP_Bedrijfscontinuïteitsplanning.md) +A [List of Post-Mortems](https://github.com/danluu/post-mortems) on Github Search terms: Human Risk Human Error Breaches Incidents diff --git a/Corpus/Sparks/Hyperproof Risk Register Template.xlsx b/Corpus/Sparks/Risk Register Template Hyperproof.xlsx similarity index 100% rename from Corpus/Sparks/Hyperproof Risk Register Template.xlsx rename to Corpus/Sparks/Risk Register Template Hyperproof.xlsx diff --git a/Corpus/Sparks/Risk inventories.md b/Corpus/Sparks/Risk inventories.md index 72f1a00..4b86c91 100644 --- a/Corpus/Sparks/Risk inventories.md +++ b/Corpus/Sparks/Risk inventories.md @@ -21,7 +21,7 @@ Zie ook: [](Open%20Group%20Risk%20Taxonomy%20Standard%203.01.pdf) [OWASP Top 10 CI-CD Security Risks](../Standards/other/OWASP%20Top%2010%20CI-CD%20Security%20Risks.md) [Splunk Top 50 Security threats](https://www.splunk.com/pdfs/ebooks/top-50-security-threats.pdf) -[Austin Songer's risk catalogue](https://songer.pro/risk-catalogue/), seemingly based on SCF's [SCF's SP-RMM Risk Management Model](SP-RMM%20Risk%20Management%20Model.pdf), which is also used in the [Hyperproof Risk Register Template](Hyperproof%20Risk%20Register%20Template.xlsx). +[Austin Songer's risk catalogue](https://songer.pro/risk-catalogue/), seemingly based on SCF's [SCF's SP-RMM Risk Management Model](SP-RMM%20Risk%20Management%20Model.pdf), which is also used in the [Risk Register Template Hyperproof](Risk%20Register%20Template%20Hyperproof.xlsx). [Risks of using personal email accounts in the workplace](Risks%20of%20using%20personal%20email%20accounts%20in%20the%20workplace.md) diff --git a/Corpus/Sparks/2023-scf-risk-management-ecosystem-diagram.jpg b/Corpus/Sparks/Risks vs Threats vs Vulnerabilities SCF diagram.jpg similarity index 100% rename from Corpus/Sparks/2023-scf-risk-management-ecosystem-diagram.jpg rename to Corpus/Sparks/Risks vs Threats vs Vulnerabilities SCF diagram.jpg diff --git a/Corpus/Sparks/Risks vs Threats vs Vulnerabilities.md b/Corpus/Sparks/Risks vs Threats vs Vulnerabilities.md index 09c1101..d11fd94 100644 --- a/Corpus/Sparks/Risks vs Threats vs Vulnerabilities.md +++ b/Corpus/Sparks/Risks vs Threats vs Vulnerabilities.md @@ -3,5 +3,7 @@ Risks, threats and vulnerabilities are commonly misunderstood. -Fundamentally, vulnerability and risk management practices exist to achieve a minimum level of protection for an organization, which equates to a reduction in the total risk due to the protections offered by implemented controls. This can be conceptualized as a "risk management ecosystem" as it pertains to an organization's overall cybersecurity & data protection efforts. These ecosystem components have unique meanings that need to be understood to reasonably protect people, processes, technology and data, as shown below: -![](2023-scf-risk-management-ecosystem-diagram.jpg) +Fundamentally, vulnerability and risk management practices exist to achieve a minimum level of protection for an organization, which equates to a reduction in the total risk due to the protections offered by implemented controls. This can be conceptualized as a "risk management ecosystem" as it pertains to an organization's overall cybersecurity & data protection efforts. + +These ecosystem components have unique meanings that need to be understood to reasonably protect people, processes, technology and data, as shown below: +![](Risks%20vs%20Threats%20vs%20Vulnerabilities%20SCF%20diagram.jpg) diff --git a/Corpus/Sparks/Handreiking risicobeoordeling 2.0.pdf b/Corpus/Sparks/SURF Handreiking risicobeoordeling 2.0.pdf similarity index 100% rename from Corpus/Sparks/Handreiking risicobeoordeling 2.0.pdf rename to Corpus/Sparks/SURF Handreiking risicobeoordeling 2.0.pdf diff --git a/Corpus/Sparks/kaartjes dreiging kwetsbaar impact.docx b/Corpus/Sparks/SURF Toolkit risicobeoordeling kaartjes workshop.docx similarity index 100% rename from Corpus/Sparks/kaartjes dreiging kwetsbaar impact.docx rename to Corpus/Sparks/SURF Toolkit risicobeoordeling kaartjes workshop.docx diff --git a/Corpus/Sparks/SURF Toolkit risicobeoordeling.md b/Corpus/Sparks/SURF Toolkit risicobeoordeling.md index f6ae731..7200125 100644 --- a/Corpus/Sparks/SURF Toolkit risicobeoordeling.md +++ b/Corpus/Sparks/SURF Toolkit risicobeoordeling.md @@ -3,7 +3,7 @@ Bron: [SURF website](https://sec.surf.nl/asset/toolkit-risicobeoordeling/) -![](Handreiking%20risicobeoordeling%202.0.pdf) +![](SURF%20Handreiking%20risicobeoordeling%202.0.pdf) **Powerpoint voor workshop** @@ -20,7 +20,7 @@ Met tabbladen voor: - Risico evaluatie **Kaartjes** -![](kaartjes%20dreiging%20kwetsbaar%20impact.docx) +![](SURF%20Toolkit%20risicobeoordeling%20kaartjes%20workshop.docx) Workshop kaartjes voor: - Actoren - Motieven diff --git a/Corpus/Sparks/Samenhang tussen producten.md b/Corpus/Sparks/Samenhang tussen producten.md index 19ab959..09dc7f3 100644 --- a/Corpus/Sparks/Samenhang tussen producten.md +++ b/Corpus/Sparks/Samenhang tussen producten.md @@ -94,7 +94,7 @@ graph TD Strategie --> Informatiebeveiligingsbeleid ``` -![](IMG_4214.jpg) +![](ISMS/ISMS%20diagram.jpg) I’d put ‘policies and documentation’ on the right, business processes on the left, context, strategy and planning at the top, and controls at the bottom. RM/PDCA cycles at the center. diff --git a/Corpus/Sparks/Hive Systems Password Table - 2024 Square.png b/Corpus/Sparks/Time for brute force on passwords EN.png similarity index 100% rename from Corpus/Sparks/Hive Systems Password Table - 2024 Square.png rename to Corpus/Sparks/Time for brute force on passwords EN.png diff --git a/Corpus/Sparks/Hive Systems Password Table - 2024_Dutch.png b/Corpus/Sparks/Time for brute force on passwords NL.png similarity index 100% rename from Corpus/Sparks/Hive Systems Password Table - 2024_Dutch.png rename to Corpus/Sparks/Time for brute force on passwords NL.png diff --git a/Corpus/Sparks/How to work the Kanban.md b/Corpus/Sparks/Using a Kanban board for ISMS implementation.md similarity index 97% rename from Corpus/Sparks/How to work the Kanban.md rename to Corpus/Sparks/Using a Kanban board for ISMS implementation.md index 4e76c32..95d7e0e 100644 --- a/Corpus/Sparks/How to work the Kanban.md +++ b/Corpus/Sparks/Using a Kanban board for ISMS implementation.md @@ -1,3 +1,5 @@ +# Using a Kanban board for ISMS implementation + We start with all Clauses and controls on the Backlog. At the end of each session we move controls from the backlog to 'to do' (and maybe some items can move to 'planned for Qn'). diff --git a/Corpus/Sparks/impactgebieden.md b/Corpus/Sparks/impactgebieden.md deleted file mode 100644 index 7346010..0000000 --- a/Corpus/Sparks/impactgebieden.md +++ /dev/null @@ -1,2 +0,0 @@ -# Impact gebieden / Areas of impact - diff --git a/Corpus/Sparks/ISO27DIY benefits.md b/Corpus/Sparks/iso27diy/ISO27DIY benefits.md similarity index 100% rename from Corpus/Sparks/ISO27DIY benefits.md rename to Corpus/Sparks/iso27diy/ISO27DIY benefits.md diff --git a/Corpus/Sparks/Idea Validation.md b/Corpus/Sparks/iso27diy/Idea Validation.md similarity index 100% rename from Corpus/Sparks/Idea Validation.md rename to Corpus/Sparks/iso27diy/Idea Validation.md diff --git a/Corpus/Sparks/List of possible partners.md b/Corpus/Sparks/iso27diy/List of possible partners.md similarity index 80% rename from Corpus/Sparks/List of possible partners.md rename to Corpus/Sparks/iso27diy/List of possible partners.md index 47bdcf1..29d1eed 100644 --- a/Corpus/Sparks/List of possible partners.md +++ b/Corpus/Sparks/iso27diy/List of possible partners.md @@ -1,4 +1,4 @@ -- [The Art of Service](The%20Art%20of%20Service.md) offers topical InfoSec Kanban boards +- [The Art of Service](../The%20Art%20of%20Service.md) offers topical InfoSec Kanban boards - 'Certificeringsadvies' offers independent external audits, they were employed by Networking4all - [Muddassir via Gumroad](https://community.gumroad.com/c/share-your-wins/boring-fields-like-supply-chains-can-be-creative-enough-to-sell-digital-products?login_token=RyhWoyqXw2kT5de2eNp6RYjL6U4NY1aKLPmS#comment_wrapper_4014940). Runs a site on SCM and has offered to cross post content. diff --git a/Corpus/Sparks/iso27diy/iso27DIY-MoC.md b/Corpus/Sparks/iso27diy/iso27DIY-MoC.md new file mode 100644 index 0000000..da9e3a7 --- /dev/null +++ b/Corpus/Sparks/iso27diy/iso27DIY-MoC.md @@ -0,0 +1,59 @@ +--- +tags: +- project/iso27DIY +- type/MoC +--- +## Marketing source material +[ISO27DIY Solution and Components](../../../Marketing/branding/ISO27DIY%20Solution%20and%20Components.md) +[Value Proposition Canvas for iso27DIY](../../../Marketing/branding/Value%20Proposition%20Canvas%20for%20iso27DIY.md) +[Brand Values](../../../Marketing/branding/Brand%20Values.md) +[FUD with Certification](../../../Marketing/branding/FUD%20with%20Certification.md) +[PRD Product Requirements Document for iso27DYI](../../../AuditGlue/PRD%20Product%20Requirements%20Document%20for%20iso27DYI.md) + +[iso27DIY Functional Diagram](../../../AuditGlue/System%20alternative/iso27DIY%20Functional%20Diagram.canvas) +[iso27DIY content modules](../../../AuditGlue/iso27DIY%20content%20modules.canvas) + +## Marketing + +[Pricing](../The%20Psychology%20Behind%20SaaS%20Pricing.md) +[[Pricing Tiers for iso27DIY|Tiers]] +[[SEO guide for Carrd|Website SEO]] +[Idea Validation](Idea%20Validation.md) + +## Method +[Samenhang tussen producten](../Samenhang%20tussen%20producten.md) +[ISO 27001 2023 Processen en Artefacten](../../Standards/ISO27x/OST/ISO%2027001%202023%20Processen%20en%20Artefacten.md) +[Advised Documents for ISO 27001](../iso27DIY-gis/reference/Advised%20Documents%20for%20ISO%2027001.md) +[Examples of Proof for auditors](../Sparks/Examples%20of%20Proof%20for%20auditors.md) +[About ISO27DIY Policy Cards](../💡Permanent%20ideas/About%20ISO27DIY%20Policy%20Cards.md) + +## Design +[Modules Canvas](../../../AuditGlue/iso27DIY%20content%20modules.canvas) +[About the flow](../Sparks/About%20iso27diy/About%20the%20flow.md) +[UI ideas](../../../AuditGlue/System%20alternative/iso27DIY%20UI%20ideas.md) + +### Agents +[Create a proactive conversational agent](../../Various/Create%20a%20proactive%20conversational%20agent.md) +[Create an interview agent](../../Various/Create%20an%20interview%20agent.md) + [Agent Design Intent Card](../../../AuditGlue/System%20alternative/Agent%20Design%20Intent%20Card.md) +[Create a threat analysis chatbot](../../Various/Create%20a%20threat%20analysis%20chatbot.md) +[Instruct an LLM on available tools](../../Various/Instruct%20an%20LLM%20on%20available%20tools.md) +[LLM Prompt types](../../Various/LLM%20Prompt%20types.md) + +## Content +[ISO27DIY Videos list](../🧱%20Projects/iso27DIY%20mk%20I/ISO27DIY%20Videos%20list.md) + +## Platform +[Design Document for ISO 27001 Certification Support Online Service](../../Various/Design%20Document%20for%20ISO%2027001%20Certification%20Support%20Online%20Service.md) +[Personae and Roles](../Personae%20and%20Roles.md) +[TypeDB structure for ISO27DIY](../TypeDB%20structure%20for%20ISO27DIY.md) +[Client segregation in SaaS](../Information%20Security/Client%20segregation%20in%20SaaS.md) +[Building functionality in Supabase](../../Various/Building%20functionality%20in%20Supabase.md) +[SupaBase edge functions portability](../SupaBase%20edge%20functions%20portability.md) +[Connect LLM to Supabase to create content](../../Various/Connect%20LLM%20to%20Supabase%20to%20create%20content.md) +[Application architecture](../../Various/Application%20architecture.md) +[iso27DYI architecture with LLM](../../../AuditGlue/System%20alternative/iso27DYI%20architecture%20with%20LLM.md) +[iso27DIY stack deployment](../../../AuditGlue/System%20alternative/iso27DIY%20stack%20deployment.md) +[SurveyJS](../SurveyJS.md) +[WeWeb Security Pre-Launch Checklist](../weweb_security_checklist.md) + diff --git a/Corpus/Sparks/CleanShot 2024-10-08 at 16.27.06.png b/Corpus/Standards/CIS Controls and Safeguards.png similarity index 100% rename from Corpus/Sparks/CleanShot 2024-10-08 at 16.27.06.png rename to Corpus/Standards/CIS Controls and Safeguards.png diff --git a/Corpus/Sparks/Information Security/CIS Controls.md b/Corpus/Standards/CIS Controls.md similarity index 97% rename from Corpus/Sparks/Information Security/CIS Controls.md rename to Corpus/Standards/CIS Controls.md index c859b12..ea464df 100644 --- a/Corpus/Sparks/Information Security/CIS Controls.md +++ b/Corpus/Standards/CIS Controls.md @@ -8,9 +8,9 @@ CIS are security best practices for strengthening your security posture to defen maps to lots of frameworks Safeguards are identified by attack patterns from the MITRE ATT&CK* framework -we verified that the CIS Controls are effective at defending against 86% of the ATT&CK (sub-)techniques found in the ATT&CK framework. More importantly, the Controls are highly effective against the top five attack types found in industry threat data. +We verified that the CIS Controls are effective at defending against 86% of the ATT&CK (sub-)techniques found in the ATT&CK framework. More importantly, the Controls are highly effective against the top five attack types found in industry threat data. -![](../CleanShot%202024-10-08%20at%2016.10.32.png) +![](CIS%20safeguards%20effectiveness.png) Source: CIS Community Defense Model version 2.0 @@ -31,10 +31,10 @@ IG3 assets contain sensitive information or functions that are subject to regula Safeguards selected for IG3 must abate targeted attacks from a sophisticated adversary and reduce the impact of zero-day attacks. -![](../ISMS/Asset%20classes.png) +![](../Sparks/ISMS/Asset%20classes.png) Source: CIS Controls v8.1 PDF, pp 8-12 -![](../CleanShot%202024-10-08%20at%2016.27.06.png) +![](CIS%20Controls%20and%20Safeguards.png) List of the CIS Controls in v8, and how many Safeguards in each are applicable to each Implementation Group. [source](https://www.cisecurity.org/controls/implementation-groups) See CIS_Controls_Version_8.1_6_24_2024.xlsx for a table that shows all safeguards mapped to the three Implementation Groups. diff --git a/Corpus/Sparks/CleanShot 2024-10-08 at 16.10.32.png b/Corpus/Standards/CIS safeguards effectiveness.png similarity index 100% rename from Corpus/Sparks/CleanShot 2024-10-08 at 16.10.32.png rename to Corpus/Standards/CIS safeguards effectiveness.png diff --git a/Corpus/Sparks/Information Security/Data maturity model NL overheid.md b/Corpus/Standards/Data maturity model NL overheid.md similarity index 100% rename from Corpus/Sparks/Information Security/Data maturity model NL overheid.md rename to Corpus/Standards/Data maturity model NL overheid.md diff --git a/Corpus/Standards/ISO27x/Authentication.md b/Corpus/Standards/ISO27x/Authentication.md index b5c4cbf..275981a 100644 --- a/Corpus/Standards/ISO27x/Authentication.md +++ b/Corpus/Standards/ISO27x/Authentication.md @@ -6,7 +6,7 @@ Authentication is the proof of identity that is achieved through providing crede See also: - [a-8.5-Secure-authentication](OST/27002/EN/a-8.5-Secure-authentication.md) - [Authentication Methods Used for Network Security](../../Literature%20notes/Authentication%20Methods%20Used%20for%20Network%20Security.md) -- [Identity and Access Management (IAM)](../../Sparks/Identity%20and%20Access%20Management%20(IAM).md) +- [Identity and Access Management (IAM)](../../Sparks/Information%20Security/Identity%20and%20Access%20Management%20(IAM).md) - [Authorization](Authorization.md) -- [Identification](../../Sparks/Identification.md) +- [Identification](../../Sparks/Information%20Security/Identification.md) diff --git a/Corpus/Standards/ISO27x/Authorization.md b/Corpus/Standards/ISO27x/Authorization.md index 060c8ec..b63bf14 100644 --- a/Corpus/Standards/ISO27x/Authorization.md +++ b/Corpus/Standards/ISO27x/Authorization.md @@ -5,9 +5,9 @@ See also: - [Authorization vs Access Control](../../Sparks/ISMS/Authorization%20vs%20Access%20Control.md) - [Access Control Models](../../Sparks/ISMS/Access%20Control%20Models.md) - [Authentication](Authentication.md) -- [Identification](../../Sparks/Identification.md) +- [Identification](../../Sparks/Information%20Security/Identification.md) - [CASSM Consumer Authentication Strength Maturity Model](../../Literature%20notes/CASSM%20Consumer%20Authentication%20Strength%20Maturity%20Model.md) -- [Identity and Access Management (IAM)](../../Sparks/Identity%20and%20Access%20Management%20(IAM).md) +- [Identity and Access Management (IAM)](../../Sparks/Information%20Security/Identity%20and%20Access%20Management%20(IAM).md) - [a-5.15-Access-control](OST/27002/EN/a-5.15-Access-control.md) ??? diff --git a/Corpus/Sparks/iso27001_changes_table.jpeg b/Corpus/Standards/ISO27x/Changes in ISO 27001-2022 table.jpeg similarity index 100% rename from Corpus/Sparks/iso27001_changes_table.jpeg rename to Corpus/Standards/ISO27x/Changes in ISO 27001-2022 table.jpeg diff --git a/Corpus/Standards/ISO27x/MoC Roles and responsibilities in ISO 27001.md b/Corpus/Standards/ISO27x/MoC Roles and responsibilities in ISO 27001.md index 801f19f..0a477c0 100644 --- a/Corpus/Standards/ISO27x/MoC Roles and responsibilities in ISO 27001.md +++ b/Corpus/Standards/ISO27x/MoC Roles and responsibilities in ISO 27001.md @@ -13,7 +13,7 @@ Recent: Older: - [Roles and Responsibilities](../../Sparks/Roles%20and%20Responsibilities.md) - [Risk ownership](../../Sparks/Risk%20ownership.md) -- [Ideas on Risk Ownership](../../Sparks/Ideas%20on%20Risk%20Ownership.md) +- [Ideas on Risk Ownership](../../Sparks/ISMS/Ideas%20on%20Risk%20Ownership.md) - [Asset ownership](../../Sparks/Asset%20ownership.md) - [Procuratieregeling](../../Various/Procuratieregeling.md) - [Control ownership](../../Sparks/ISMS/Control%20ownership.md) diff --git a/Corpus/Standards/ISO27x/OST/27001/Detailed comparison between 2017 and 2022.md b/Corpus/Standards/ISO27x/OST/27001/Detailed comparison between 2017 and 2022.md index 773337d..2290207 100644 --- a/Corpus/Standards/ISO27x/OST/27001/Detailed comparison between 2017 and 2022.md +++ b/Corpus/Standards/ISO27x/OST/27001/Detailed comparison between 2017 and 2022.md @@ -2,7 +2,7 @@ According to [Mark Bernard](https://www.linkedin.com/posts/markesbernard_the-changes-to-isoiec-27001-isms-are-not-activity-7344467878198329344-nZN7) , 28 juni 2025, "The changes to ISO/IEC 27001 ISMS are not straightforward. Some believe that the total number of controls was reduced; however, the truth is that new controls were added while existing controls were consolidated and streamlined." -![](../../../../Sparks/iso27001_changes_table.jpeg) +![](../../Changes%20in%20ISO%2027001-2022%20table.jpeg) ## New ISMS Control Objectives - ISO 27001:2022 CLAUSE 4 TO 10 diff --git a/Corpus/Standards/ISO27x/legacy/ISO 27001 2013/ISO 27001 A 8.2.2 Labelling of information.md b/Corpus/Standards/ISO27x/legacy/ISO 27001 2013/ISO 27001 A 8.2.2 Labelling of information.md index b3c042a..e63a35e 100644 --- a/Corpus/Standards/ISO27x/legacy/ISO 27001 2013/ISO 27001 A 8.2.2 Labelling of information.md +++ b/Corpus/Standards/ISO27x/legacy/ISO 27001 2013/ISO 27001 A 8.2.2 Labelling of information.md @@ -3,4 +3,4 @@ An appropriate set of procedures for information labelling shall be developed and implemented in accordance with the information classification scheme adopted by the organization. Related: -- [Labeling of information in the digital domain](../../../../Sparks/Labeling%20of%20information%20in%20the%20digital%20domain.md) \ No newline at end of file +- [Labeling of information in the digital domain](../../../../Sparks/ISMS/Labeling%20of%20information%20in%20the%20digital%20domain.md) \ No newline at end of file diff --git a/Corpus/Standards/ISO27x/legacy/iso27DIY mk I/ISO27DIY Business model.md b/Corpus/Standards/ISO27x/legacy/iso27DIY mk I/ISO27DIY Business model.md index b951581..837eb30 100644 --- a/Corpus/Standards/ISO27x/legacy/iso27DIY mk I/ISO27DIY Business model.md +++ b/Corpus/Standards/ISO27x/legacy/iso27DIY mk I/ISO27DIY Business model.md @@ -3,7 +3,7 @@ Child notes: - [Toegevoegde waarde van ISO27DIY 1](../../../../Sparks/Toegevoegde%20waarde%20van%20ISO27DIY%201.md) - [Friendly targets](../../../../../../💡Permanent%20ideas/Friendly%20targets.md) - [Possible Colabs](../../../../Sparks/Possible%20Colabs.md) -- [List of possible partners 1](../../../../Sparks/List%20of%20possible%20partners%201.md) +- [List of possible partners](../../../../Sparks/iso27diy/List%20of%20possible%20partners.md) - [ISO27DIY Business drivers](ISO27DIY%20Business%20drivers.md) - [AuditGlue Business model](../AuditGlue%20Business%20model.md) - [[### Related notes diff --git a/Corpus/Standards/ISO27x/legacy/iso27DIY mk I/🏺 ISO27DIY Artefacts/ISO 27001 Implementation Plan.md b/Corpus/Standards/ISO27x/legacy/iso27DIY mk I/🏺 ISO27DIY Artefacts/ISO 27001 Implementation Plan.md index 1277376..d915af0 100644 --- a/Corpus/Standards/ISO27x/legacy/iso27DIY mk I/🏺 ISO27DIY Artefacts/ISO 27001 Implementation Plan.md +++ b/Corpus/Standards/ISO27x/legacy/iso27DIY mk I/🏺 ISO27DIY Artefacts/ISO 27001 Implementation Plan.md @@ -2,7 +2,7 @@ Skeleton project plan contents: - [ISO 27001 benefits](../ISO%2027001%20benefits.md) - - [ISO27DIY benefits](../../../../../Sparks/ISO27DIY%20benefits.md) + - [ISO27DIY benefits](../../../../../Sparks/iso27diy/ISO27DIY%20benefits.md) ## Benefits diff --git a/Corpus/Standards/ISO27x/legacy/iso27DIY mk I/🏺 ISO27DIY Artefacts/ISO 27001 Stakeholder Presentation.md b/Corpus/Standards/ISO27x/legacy/iso27DIY mk I/🏺 ISO27DIY Artefacts/ISO 27001 Stakeholder Presentation.md index 412bf6a..3354c4e 100644 --- a/Corpus/Standards/ISO27x/legacy/iso27DIY mk I/🏺 ISO27DIY Artefacts/ISO 27001 Stakeholder Presentation.md +++ b/Corpus/Standards/ISO27x/legacy/iso27DIY mk I/🏺 ISO27DIY Artefacts/ISO 27001 Stakeholder Presentation.md @@ -6,5 +6,5 @@ ## Related: - [ISO 27001 benefits](../ISO%2027001%20benefits.md) -- [ISO27DIY benefits](../../../../../Sparks/ISO27DIY%20benefits.md) +- [ISO27DIY benefits](../../../../../Sparks/iso27diy/ISO27DIY%20benefits.md) diff --git a/Corpus/Various/Elevator Pitch.md b/Corpus/Various/Elevator Pitch.md index e9fe3f3..6da10b2 100644 --- a/Corpus/Various/Elevator Pitch.md +++ b/Corpus/Various/Elevator Pitch.md @@ -11,4 +11,4 @@ Additional resources and support are available on the iso27diy.com website. * No need for external consultants or expensive software -See also [ISO27DIY benefits](../Sparks/ISO27DIY%20benefits.md) \ No newline at end of file +See also [ISO27DIY benefits](../Sparks/iso27diy/ISO27DIY%20benefits.md) \ No newline at end of file diff --git a/Corpus/Sparks/GGUF model for abstracts and categorization.md b/Corpus/Various/GGUF model for abstracts and categorization.md similarity index 100% rename from Corpus/Sparks/GGUF model for abstracts and categorization.md rename to Corpus/Various/GGUF model for abstracts and categorization.md diff --git a/Corpus/Sparks/Instruct an LLM on available tools.md b/Corpus/Various/Instruct an LLM on available tools.md similarity index 100% rename from Corpus/Sparks/Instruct an LLM on available tools.md rename to Corpus/Various/Instruct an LLM on available tools.md diff --git a/Corpus/Sparks/Integrating Ollama Embeddings with AnythingLLM and LM Studio.md b/Corpus/Various/Integrating Ollama Embeddings with AnythingLLM and LM Studio.md similarity index 100% rename from Corpus/Sparks/Integrating Ollama Embeddings with AnythingLLM and LM Studio.md rename to Corpus/Various/Integrating Ollama Embeddings with AnythingLLM and LM Studio.md diff --git a/Corpus/Sparks/JSON validation for Postgres.md b/Corpus/Various/JSON validation for Postgres.md similarity index 100% rename from Corpus/Sparks/JSON validation for Postgres.md rename to Corpus/Various/JSON validation for Postgres.md diff --git a/Corpus/Sparks/Key Areas of Rasa Syntax.md b/Corpus/Various/Key Areas of Rasa Syntax.md similarity index 100% rename from Corpus/Sparks/Key Areas of Rasa Syntax.md rename to Corpus/Various/Key Areas of Rasa Syntax.md diff --git a/Corpus/Sparks/Kilo Code development workflow.md b/Corpus/Various/Kilo Code development workflow.md similarity index 100% rename from Corpus/Sparks/Kilo Code development workflow.md rename to Corpus/Various/Kilo Code development workflow.md diff --git a/Corpus/Sparks/Knowledge Graph Databases.md b/Corpus/Various/Knowledge Graph Databases.md similarity index 100% rename from Corpus/Sparks/Knowledge Graph Databases.md rename to Corpus/Various/Knowledge Graph Databases.md diff --git a/Corpus/Sparks/LLM Prompt types.md b/Corpus/Various/LLM Prompt types.md similarity index 100% rename from Corpus/Sparks/LLM Prompt types.md rename to Corpus/Various/LLM Prompt types.md diff --git a/Corpus/Sparks/MCP Servers for Markdown.md b/Corpus/Various/MCP Servers for Markdown.md similarity index 100% rename from Corpus/Sparks/MCP Servers for Markdown.md rename to Corpus/Various/MCP Servers for Markdown.md diff --git a/Corpus/Sparks/MCP server for Obsidian Vault.md b/Corpus/Various/MCP server for Obsidian Vault.md similarity index 100% rename from Corpus/Sparks/MCP server for Obsidian Vault.md rename to Corpus/Various/MCP server for Obsidian Vault.md diff --git a/Corpus/Sparks/MCP server for creating abstracts.md b/Corpus/Various/MCP server for creating abstracts.md similarity index 100% rename from Corpus/Sparks/MCP server for creating abstracts.md rename to Corpus/Various/MCP server for creating abstracts.md