Cleaning up the Sparks folder
This commit is contained in:
parent
eb610a79b6
commit
96cd8fea7b
78 changed files with 149 additions and 181 deletions
|
|
@ -37,8 +37,8 @@ Frameworks
|
|||
[NIST articles list](Standards/NIST/NIST%20articles%20list.md)
|
||||
[Governance](/Governance.md)
|
||||
[[Hardening]]
|
||||
[Identity and Access Management (IAM)](Sparks/Identity%20and%20Access%20Management%20(IAM).md)
|
||||
[Identification](Sparks/Identification.md)
|
||||
[Identity and Access Management (IAM)](Sparks/Information%20Security/Identity%20and%20Access%20Management%20(IAM).md)
|
||||
[Identification](Sparks/Information%20Security/Identification.md)
|
||||
[Authentication](Standards/ISO27x/Authentication.md)
|
||||
[Authorization](Standards/ISO27x/Authorization.md)
|
||||
Impact
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ Producten:
|
|||
## Literatuur
|
||||
|
||||
- BCP.mindnode op iCloud > Best Practices
|
||||
- evt. [CIS Controls](../Sparks/Information%20Security/CIS%20Controls.md) als raamwerk
|
||||
- evt. [CIS Controls](../Standards/CIS%20Controls.md) als raamwerk
|
||||
- ISO-22301-2019 'Business continuity management systems' en ISO-22313-2020 'Guidance on the use of ISO 22301'
|
||||
- [CISSP, Chapter 3](../Standards/CISSP/CISSP_OSG_Chapter_3.md)
|
||||
|
||||
|
|
@ -17,7 +17,7 @@ Bedrijfscontinuïteitsplanning is een continu proces, met als doel het implement
|
|||
Belangrijke onderdelen van Bedrijfscontinuïteitsplanning zijn de Bedrijfsimpact Analyse ([BIA](../Sparks/ISMS/Business%20Impact%20Analysis%20(BIA).md)) en het Herstelplan ('Disaster Recovery Plan' / [DRP](..//Disaster%20Recovery%20Planning.md)).
|
||||
De BIA richt zich op het identificeren van de impact van verstoringen op de bedrijfsprocessen, en het Herstelplan richt zich op het herstel van de normale bedrijfsprocessen na een verstoring en de eventuele inzet van alternatieve middelen of werkwijzen .
|
||||
|
||||
Zie ook: [Het belang van een Bedrijfscontinuïteitsplan](../Sparks/ISMS/Belang%20van%20een%20BCP.md) / [The importance of having a business continuity plan](../Sparks/Importance%20of%20a%20BCP.md).
|
||||
Zie ook: [Het belang van een Bedrijfscontinuïteitsplan](../Sparks/ISMS/Belang%20van%20een%20BCP.md) / [The importance of having a business continuity plan](../Sparks/Information%20Security/Importance%20of%20a%20BCP.md).
|
||||
|
||||
|
||||
## Aanpak
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ Relevant ISO 27001 clauses/controls:
|
|||
- [ISO 27001 A 18 Compliance](../../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%2018%20Compliance.md)
|
||||
|
||||
Related:
|
||||
- [Identity and Access Management (IAM)](../../Sparks/Identity%20and%20Access%20Management%20(IAM).md)
|
||||
- [Identity and Access Management (IAM)](../../Sparks/Information%20Security/Identity%20and%20Access%20Management%20(IAM).md)
|
||||
|
||||
## Organized by Key Themes: Identity, Access, Cloud, Security, Management, Data, Network, Risk, Development, Project:
|
||||
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
# Chapter 10: Password Management and Multifactor Authentication
|
||||
|
||||
See also: [Identity and Access Management (IAM)](../Sparks/Identity%20and%20Access%20Management%20(IAM).md), [Roles in Identity and Access Management (IAM)](Roles%20in%20Identity%20and%20Access%20Management%20(IAM).md)
|
||||
See also: [Identity and Access Management (IAM)](../Sparks/Information%20Security/Identity%20and%20Access%20Management%20(IAM).md), [Roles in Identity and Access Management (IAM)](Roles%20in%20Identity%20and%20Access%20Management%20(IAM).md)
|
||||
|
||||
## Password practices
|
||||
Password complexity and brute force cracking:
|
||||
|
|
|
|||
|
|
@ -40,7 +40,7 @@ Rules about what to do and what not to do won’t help here. In fact, they usual
|
|||
## Managing the different Risk Categories
|
||||
|
||||
### Managing Preventable Risks
|
||||
See: [Identifying and Managing Preventable Risks](../Sparks/Identifying%20and%20Managing%20Preventable%20Risks.md)
|
||||
See: [Identifying and Managing Preventable Risks](../Sparks/Information%20Security/Identifying%20and%20Managing%20Preventable%20Risks.md)
|
||||
|
||||
### Managing Strategy Risks
|
||||
Over the past 10 years of study, we’ve come across three distinct approaches to managing strategy risks. all three encourage employees to challenge existing assumptions and debate risk information. Which model is appropriate for a given firm depends largely on the context in which an organization operates.
|
||||
|
|
|
|||
|
|
@ -24,5 +24,5 @@ LINDDUN GO
|
|||
|
||||
OWASP
|
||||
RISMAN
|
||||
Data Maturity Models, zie [Data maturity model NL overheid](../Sparks/Information%20Security/Data%20maturity%20model%20NL%20overheid.md)
|
||||
Data Maturity Models, zie [Data maturity model NL overheid](../Standards/Data%20maturity%20model%20NL%20overheid.md)
|
||||
|
||||
|
|
|
|||
|
|
@ -30,7 +30,7 @@ Note that these boards where created with Airtable.com.
|
|||
### Related notes:
|
||||
- [📼 ISO27DIY Video Series](../Standards/ISO27x/legacy/iso27DIY%20mk%20I/📼%20ISO27DIY%20Video%20Series.md)
|
||||
- [ISO27DIY Additional resources](../Standards/ISO27x/legacy/iso27DIY%20mk%20I/ISO27DIY%20Additional%20resources.md)
|
||||
- [List of possible partners 1](../Sparks/List%20of%20possible%20partners%201.md)
|
||||
- [List of possible partners](../Sparks/iso27diy/List%20of%20possible%20partners.md)
|
||||
- [ISO27DIY Workshop Overview template](../Standards/ISO27x/legacy/iso27DIY%20mk%20I/📒%20Templates/ISO27DIY%20Workshop%20Overview%20template.md)
|
||||
- [Advised Documents for ISO 27001](../../../iso27DIY-gis/reference/Advised%20Documents%20for%20ISO%2027001.md)
|
||||
- [💾 AuditGlue software](../Standards/ISO27x/legacy/iso27DIY%20mk%20I/💾%20AuditGlue%20software.md)
|
||||
|
|
|
|||
|
|
@ -1,59 +0,0 @@
|
|||
---
|
||||
tags:
|
||||
- project/iso27DIY
|
||||
- type/MoC
|
||||
---
|
||||
## Marketing source material
|
||||
[ISO27DIY Solution and Components](../../marketing/branding/ISO27DIY%20Solution%20and%20Components.md)
|
||||
[Value Proposition Canvas for iso27DIY](../../marketing/branding/Value%20Proposition%20Canvas%20for%20iso27DIY.md)
|
||||
[Brand Values](../../marketing/branding/Brand%20Values.md)
|
||||
[FUD with Certification](../../marketing/branding/FUD%20with%20Certification.md)
|
||||
[PRD Product Requirements Document for iso27DYI](AuditGlue/PRD%20Product%20Requirements%20Document%20for%20iso27DYI.md)
|
||||
|
||||
[iso27DIY Functional Diagram](AuditGlue/System%20alternative/iso27DIY%20Functional%20Diagram.canvas)
|
||||
[iso27DIY content modules](../../AuditGlue/iso27DIY%20content%20modules.canvas)
|
||||
|
||||
## Marketing
|
||||
|
||||
[Pricing](../Sparks/The%20Psychology%20Behind%20SaaS%20Pricing.md)
|
||||
[[Pricing Tiers for iso27DIY|Tiers]]
|
||||
[[SEO guide for Carrd|Website SEO]]
|
||||
[Idea Validation](../Sparks/Idea%20Validation.md)
|
||||
|
||||
## Method
|
||||
[Samenhang tussen producten](../Sparks/Samenhang%20tussen%20producten.md)
|
||||
[ISO 27001 2023 Processen en Artefacten](../Standards/ISO27x/OST/ISO%2027001%202023%20Processen%20en%20Artefacten.md)
|
||||
[Advised Documents for ISO 27001](../iso27DIY-gis/reference/Advised%20Documents%20for%20ISO%2027001.md)
|
||||
[Examples of Proof for auditors](../Sparks/Examples%20of%20Proof%20for%20auditors.md)
|
||||
[About ISO27DIY Policy Cards](../💡Permanent%20ideas/About%20ISO27DIY%20Policy%20Cards.md)
|
||||
|
||||
## Design
|
||||
[Modules Canvas](../../AuditGlue/iso27DIY%20content%20modules.canvas)
|
||||
[About the flow](../Sparks/About%20iso27diy/About%20the%20flow.md)
|
||||
[UI ideas](AuditGlue/System%20alternative/iso27DIY%20UI%20ideas.md)
|
||||
|
||||
### Agents
|
||||
[Create a proactive conversational agent](../Various/Create%20a%20proactive%20conversational%20agent.md)
|
||||
[Create an interview agent](../Various/Create%20an%20interview%20agent.md)
|
||||
[Agent Design Intent Card](AuditGlue/System%20alternative/Agent%20Design%20Intent%20Card.md)
|
||||
[Create a threat analysis chatbot](../Various/Create%20a%20threat%20analysis%20chatbot.md)
|
||||
[Instruct an LLM on available tools](../Sparks/Instruct%20an%20LLM%20on%20available%20tools.md)
|
||||
[LLM Prompt types](../Sparks/LLM%20Prompt%20types.md)
|
||||
|
||||
## Content
|
||||
[ISO27DIY Videos list](../🧱%20Projects/iso27DIY%20mk%20I/ISO27DIY%20Videos%20list.md)
|
||||
|
||||
## Platform
|
||||
[Design Document for ISO 27001 Certification Support Online Service](../Various/Design%20Document%20for%20ISO%2027001%20Certification%20Support%20Online%20Service.md)
|
||||
[Personae and Roles](../Sparks/Personae%20and%20Roles.md)
|
||||
[TypeDB structure for ISO27DIY](../Sparks/TypeDB%20structure%20for%20ISO27DIY.md)
|
||||
[Client segregation in SaaS](../Sparks/Information%20Security/Client%20segregation%20in%20SaaS.md)
|
||||
[Building functionality in Supabase](../Various/Building%20functionality%20in%20Supabase.md)
|
||||
[SupaBase edge functions portability](../Sparks/SupaBase%20edge%20functions%20portability.md)
|
||||
[Connect LLM to Supabase to create content](../Various/Connect%20LLM%20to%20Supabase%20to%20create%20content.md)
|
||||
[Application architecture](../Various/Application%20architecture.md)
|
||||
[iso27DYI architecture with LLM](AuditGlue/System%20alternative/iso27DYI%20architecture%20with%20LLM.md)
|
||||
[iso27DIY stack deployment](AuditGlue/System%20alternative/iso27DIY%20stack%20deployment.md)
|
||||
[SurveyJS](../Sparks/SurveyJS.md)
|
||||
[WeWeb Security Pre-Launch Checklist](../Sparks/weweb_security_checklist.md)
|
||||
|
||||
|
|
@ -1,8 +0,0 @@
|
|||
---
|
||||
tags:
|
||||
- iso27001
|
||||
- audit
|
||||
---
|
||||
|
||||
|
||||
|
||||
|
|
@ -1,6 +1,6 @@
|
|||
See also:
|
||||
- [Authorization vs Access Control](Authorization%20vs%20Access%20Control.md)
|
||||
- [Identity and Access Management (IAM)](../Identity%20and%20Access%20Management%20(IAM).md)
|
||||
- [Identity and Access Management (IAM)](../Information%20Security/Identity%20and%20Access%20Management%20(IAM).md)
|
||||
- [RBAC Access levels](../../Literature%20notes/RBAC%20Access%20levels.md)
|
||||
- [CRUD Matrices](../Information%20Security/CRUD%20Matrices.md)
|
||||
|
||||
|
|
|
|||
|
|
@ -97,7 +97,7 @@ The source files reference the following related notes in the vault:
|
|||
- [Risk ownership](../Risk%20ownership.md)
|
||||
- [Control ownership](Control%20ownership.md)
|
||||
- [Asset lifecycle](../../Literature%20notes/Asset%20lifecycle.md)
|
||||
- [How to develop an Asset Inventory](../How%20to%20develop%20an%20Asset%20Inventory.md)
|
||||
- [How to develop an Asset Inventory](How%20to%20develop%20an%20Asset%20Inventory.md)
|
||||
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -50,7 +50,7 @@ Leiden University has a tool picker that is publicly available, to help employee
|
|||
It does not solve the classification labeling problem if you have a single mandatory system in mind, but I can imagine that asking them about what goal they want to achieve makes it easier for employees to see classification as helpful and useful.
|
||||
[https://web.universiteitleiden.nl/assets/toolpicker/?lang=en](https://web.universiteitleiden.nl/assets/toolpicker/?lang=en)
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
See also:
|
||||
|
|
@ -58,7 +58,7 @@ See also:
|
|||
[Def_Sec_Handbook_Chapter_2](../../../Literature%20notes/Def_Sec_Handbook_Chapter_2.md#Information%20classification)
|
||||
[ISO 27002:2022 NL A5.12](../../../Standards/ISO27x/OST/27002/NL/a-5.12-Classificeren-van-informatie.md)
|
||||
[Designing an information management scheme](../../../Literature%20notes/Designing%20an%20information%20management%20scheme.md)
|
||||
[Key Topics for a policy on handling classified information](../../Key%20Topics%20for%20a%20policy%20on%20handling%20classified%20information.md)
|
||||
[Key Topics for a policy on handling classified information](../../Policy%20examples/Key%20Topics%20for%20a%20policy%20on%20handling%20classified%20information.md)
|
||||
[Traffic Light Protocol (TLP)](../../../Literature%20notes/Traffic%20Light%20Protocol%20TLP.md)
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -1,11 +1,13 @@
|
|||
# How to develop an asset inventory
|
||||
|
||||
https://www.isms.online/iso-27001/how-to-develop-an-asset-inventory-for-iso-27001/
|
||||
|
||||
Relevant ISO 27001 clauses/controls:
|
||||
- [ISO 27001 A 8.1.1 Inventory of assets](../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%208.1.1%20Inventory%20of%20assets.md)
|
||||
- [ISO 27001 C 6.1.2 Information security risk assessment](../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20C%206.1.2%20Information%20security%20risk%20assessment.md)
|
||||
- [ISO 27001 A 8.1.1 Inventory of assets](../../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%208.1.1%20Inventory%20of%20assets.md)
|
||||
- [ISO 27001 C 6.1.2 Information security risk assessment](../../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20C%206.1.2%20Information%20security%20risk%20assessment.md)
|
||||
|
||||
See also:
|
||||
- [Assets, Vulnerabilities, Threats, Risks](Assets,%20Vulnerabilities,%20Threats,%20Risks.md)
|
||||
- [Assets, Vulnerabilities, Threats, Risks](../../Literature%20notes/Assets,%20Vulnerabilities,%20Threats,%20Risks.md)
|
||||
|
||||
|
||||
# 3D Asset Inventory
|
||||
10
Corpus/Sparks/ISMS/ISMS audit flags.md
Normal file
10
Corpus/Sparks/ISMS/ISMS audit flags.md
Normal file
|
|
@ -0,0 +1,10 @@
|
|||
# ISMS audit flags
|
||||
|
||||
This guideline supports practitioners conducting audits of Information Security Management Systems (ISMSs) built on ISO/IEC 27001. It provides practical reference material organised around two complementary audit tools: green flags — the evidence and documentation an auditor should expect to find in a functioning ISMS — and red flags — the indicators that signal a dysfunctional, failing, or nonconformant system.
|
||||
|
||||
The guideline does not prescribe how to audit, nor does it address the content of individual security controls. Its scope is the management system itself: whether it is properly designed, genuinely operating, and delivering value to the organisation. Because ISO/IEC 27001 is deliberately broad in its requirements, this document fills the interpretive gap with experience-based guidance on what adequate evidence looks like in practice, and what warning signs are worth investigating further.
|
||||
|
||||
Intended primarily for internal auditors and certification auditors working with ISO/IEC 27001-based ISMSs, it is also relevant to those assessing information service providers such as cloud and managed security vendors. The guidance draws on four decades of practitioner experience and is offered as a supplement to — not a replacement for — formal audit checklists and professional judgement.
|
||||
|
||||
|
||||
|
||||
|
Before Width: | Height: | Size: 1.8 MiB After Width: | Height: | Size: 1.8 MiB |
|
|
@ -1,4 +1,5 @@
|
|||
# Ideas about enforcement
|
||||
|
||||
The coverage of [[Enforcement tooling]] will not be complete, if only because their implementation will always be one step behind organizational reality. There will be information assets out of scope, by choice or accident.
|
||||
|
||||
There will be situations where the improper handling of assets is not prevented by such tooling, and employees would need to be aware of, or deduce from content, the classification of those assets, and make an informed decission on the proper handling.
|
||||
|
|
@ -10,4 +11,4 @@ There's also a link here to different stakeholders with different interests. Thi
|
|||
|
||||
Related:
|
||||
- [Labeling of information in the digital domain](Labeling%20of%20information%20in%20the%20digital%20domain.md).
|
||||
- [Stakeholder Analysis](Stakeholder%20Analysis.md)
|
||||
- [Stakeholder Analysis](../Stakeholder%20Analysis.md)
|
||||
|
|
@ -2,7 +2,7 @@
|
|||
tags:
|
||||
- metrics
|
||||
Related:
|
||||
- "[ISO_27002_2022_5.24_PE Information security incident management planning and preparation](../../../iso27DIY-gis/reference/Paraphrased/ISO27002-2022-EN/ISO_27002_2022_5.24_PE%20Information%20security%20incident%20management%20planning%20and%20preparation.md)"
|
||||
- "[ISO_27002_2022_5.24_PE Information security incident management planning and preparation](../../../../iso27DIY-gis/reference/Paraphrased/ISO27002-2022-EN/ISO_27002_2022_5.24_PE%20Information%20security%20incident%20management%20planning%20and%20preparation.md)"
|
||||
---
|
||||
# KPIs in Incident Response
|
||||
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
[ISO 27001 A 8.2.2 Labelling of information](../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%208.2.2%20Labelling%20of%20information.md) makes procedures for information labelling in accordance with the classification scheme mandatory.
|
||||
[ISO 27001 A 8.2.2 Labelling of information](../../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%208.2.2%20Labelling%20of%20information.md) makes procedures for information labelling in accordance with the classification scheme mandatory.
|
||||
|
||||
For physical assets it’s straightforward: a ‘restricted area’ sign on the door to the server room, a ‘classified’ mark on a folder, a ‘privacy sensitive’ sticker on a backup tape, etc.
|
||||
|
||||
|
|
@ -13,11 +13,11 @@ Labeling of digital information assets ‘close to the source’ – e.g. assign
|
|||
Looking at it that way, any metadata that helps ensure the acceptable use and proper handling of information assets could be identified as ‘labeling’. A data dictionary that contains classification information could also be considered to use labeling.
|
||||
|
||||
Related:
|
||||
- [ISO 27001 A 8.2.1 Classification of information](../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%208.2.1%20Classification%20of%20information.md)
|
||||
- [ISO 27001 A 8.1.3 Acceptable use of assets](../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%208.1.3%20Acceptable%20use%20of%20assets.md)
|
||||
- [ISO 27001 A 8.2.1 Classification of information](../../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%208.2.1%20Classification%20of%20information.md)
|
||||
- [ISO 27001 A 8.1.3 Acceptable use of assets](../../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%208.1.3%20Acceptable%20use%20of%20assets.md)
|
||||
- [[Enforcement tooling]]
|
||||
|
||||
[ISO 27001 A 8.2.2 Labelling of information](../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%208.2.2%20Labelling%20of%20information.md) makes procedures for information labelling in accordance with the classification scheme mandatory.
|
||||
[ISO 27001 A 8.2.2 Labelling of information](../../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%208.2.2%20Labelling%20of%20information.md) makes procedures for information labelling in accordance with the classification scheme mandatory.
|
||||
|
||||
For physical assets it’s straightforward: a ‘restricted area’ sign on the door to the server room, a ‘classified’ mark on a folder, a ‘privacy sensitive’ sticker on a backup tape, etc.
|
||||
|
||||
|
|
@ -32,6 +32,6 @@ Labeling of digital information assets ‘close to the source’ – e.g. assign
|
|||
Looking at it that way, any metadata that helps ensure the acceptable use and proper handling of information assets could be identified as ‘labeling’. A data dictionary that contains classification information could also be considered to use labeling.
|
||||
|
||||
Related:
|
||||
- [ISO 27001 A 8.2.1 Classification of information](../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%208.2.1%20Classification%20of%20information.md)
|
||||
- [ISO 27001 A 8.1.3 Acceptable use of assets](../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%208.1.3%20Acceptable%20use%20of%20assets.md)
|
||||
- [ISO 27001 A 8.2.1 Classification of information](../../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%208.2.1%20Classification%20of%20information.md)
|
||||
- [ISO 27001 A 8.1.3 Acceptable use of assets](../../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%208.1.3%20Acceptable%20use%20of%20assets.md)
|
||||
- [[Enforcement tooling]]
|
||||
|
|
@ -1,13 +0,0 @@
|
|||
# Ideas about enforcement
|
||||
The coverage of [[Enforcement tooling]] will not be complete, if only because their implementation will always be one step behind organizational reality. There will be information assets out of scope, by choice or accident.
|
||||
|
||||
There will be situations where the improper handling of assets is not prevented by such tooling, and employees would need to be aware of, or deduce from content, the classification of those assets, and make an informed decission on the proper handling.
|
||||
|
||||
The underlying idea is that I personally prefer that people have freedom of choice and be supported in making informed decissions.
|
||||
that is not only morally preferable, but it's a necessigty precisely because there will always be situations in which they *need* to decide for themselves.
|
||||
|
||||
There's also a link here to different stakeholders with different interests. Think of your stereotypical IT Guy, who wants to screw everything down, and Marketing Guy, who wants maximum freedom in the data lake.
|
||||
|
||||
Related:
|
||||
- [Labeling of information in the digital domain](Labeling%20of%20information%20in%20the%20digital%20domain.md).
|
||||
- [Stakeholder Analysis](Stakeholder%20Analysis.md)
|
||||
|
|
@ -1,8 +0,0 @@
|
|||
## Impact of Disruption
|
||||
|
||||
|
||||
[](../Attachments/TLP_Impact_matrix_NL.xlsx)
|
||||
|
||||
[BCP_Bedrijfscontinuïteitsplanning](../📚️%20Literature%20notes/BCP_Bedrijfscontinuïteitsplanning.md)
|
||||
[Business Impact Analysis (BIA)](..//Business%20Impact%20Analysis%20(BIA).md)
|
||||
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
- [Information security concepts MoC](../Information%20security%20concepts%20MoC.md)
|
||||
- [Standards and Regulations for information security](../Standards/other/Standards%20and%20Regulations%20for%20information%20security.md)
|
||||
|
||||
|
|
@ -1,9 +1,9 @@
|
|||
# Cracking passwords in 2024
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -1,3 +1,5 @@
|
|||
# Frameworks for defining roles and responsibilities in IT
|
||||
|
||||
Several established frameworks exist for defining roles and responsibilities within IT departments. Here are the most widely used ones:
|
||||
|
||||
**RACI Matrix (Responsible, Accountable, Consulted, Informed)**
|
||||
|
|
@ -1,15 +1,16 @@
|
|||
# Identification
|
||||
|
||||
Identification is the claim of a subject of its identity.
|
||||
|
||||
See also:
|
||||
- [Authentication](../Standards/ISO27x/Authentication.md)
|
||||
- [Authorization](../Standards/ISO27x/Authorization.md)
|
||||
- [Authentication](../../Standards/ISO27x/Authentication.md)
|
||||
- [Authorization](../../Standards/ISO27x/Authorization.md)
|
||||
- [Identity and Access Management (IAM)](Identity%20and%20Access%20Management%20(IAM).md)
|
||||
|
||||
# Identification
|
||||
Identification is the claim of a subject of its identity.
|
||||
|
||||
See also:
|
||||
- [Authentication](../Standards/ISO27x/Authentication.md)
|
||||
- [Authorization](../Standards/ISO27x/Authorization.md)
|
||||
- [Authentication](../../Standards/ISO27x/Authentication.md)
|
||||
- [Authorization](../../Standards/ISO27x/Authorization.md)
|
||||
- [Identity and Access Management (IAM)](Identity%20and%20Access%20Management%20(IAM).md)
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
Sidebar from [Managing Risks - A New Framework](../Literature%20notes/Managing%20Risks%20-%20A%20New%20Framework.md)
|
||||
Sidebar from [Managing Risks - A New Framework](../../Literature%20notes/Managing%20Risks%20-%20A%20New%20Framework.md)
|
||||
|
||||
Companies cannot anticipate every circumstance or conflict of interest that an employee might encounter. Thus, the first line of defense against preventable risk events is to provide guidelines clarifying the company’s goals and values.
|
||||
|
||||
|
|
@ -8,10 +8,10 @@ An _allow policy_, also known as an _IAM policy_, defines and enforces what ro
|
|||
|
||||
See:
|
||||
- [Identification](Identification.md) – "This is who I am"
|
||||
- [Authentication](../Standards/ISO27x/Authentication.md) – "This is how I prove it"
|
||||
- [Authorization](../Standards/ISO27x/Authorization.md) – "... then this is what you get access to"
|
||||
- [CISSP_Domain_5_1](../Standards/CISSP/CISSP_Domain_5_1.md), [CISSP_Domain_5_2](../Standards/CISSP/CISSP_Domain_5_2.md)
|
||||
- [Roles in Identity and Access Management (IAM)](../Literature%20notes/Roles%20in%20Identity%20and%20Access%20Management%20(IAM).md)
|
||||
- [Authentication](../../Standards/ISO27x/Authentication.md) – "This is how I prove it"
|
||||
- [Authorization](../../Standards/ISO27x/Authorization.md) – "... then this is what you get access to"
|
||||
- [CISSP_Domain_5_1](../../Standards/CISSP/CISSP_Domain_5_1.md), [CISSP_Domain_5_2](../../Standards/CISSP/CISSP_Domain_5_2.md)
|
||||
- [Roles in Identity and Access Management (IAM)](../../Literature%20notes/Roles%20in%20Identity%20and%20Access%20Management%20(IAM).md)
|
||||
|
||||
## How IAM works
|
||||
|
||||
|
|
@ -23,7 +23,7 @@ An _allow policy_, also known as an _IAM policy_, defines and enforces what ro
|
|||
|
||||
See:
|
||||
- [Identification](Identification.md) – "This is who I am"
|
||||
- [Authentication](../Standards/ISO27x/Authentication.md) – "This is how I prove it"
|
||||
- [Authorization](../Standards/ISO27x/Authorization.md) – "... then this is what you get access to"
|
||||
- [CISSP_Domain_5_1](../Standards/CISSP/CISSP_Domain_5_1.md), [CISSP_Domain_5_2](../Standards/CISSP/CISSP_Domain_5_2.md)
|
||||
- [Roles in Identity and Access Management (IAM)](../Literature%20notes/Roles%20in%20Identity%20and%20Access%20Management%20(IAM).md)
|
||||
- [Authentication](../../Standards/ISO27x/Authentication.md) – "This is how I prove it"
|
||||
- [Authorization](../../Standards/ISO27x/Authorization.md) – "... then this is what you get access to"
|
||||
- [CISSP_Domain_5_1](../../Standards/CISSP/CISSP_Domain_5_1.md), [CISSP_Domain_5_2](../../Standards/CISSP/CISSP_Domain_5_2.md)
|
||||
- [Roles in Identity and Access Management (IAM)](../../Literature%20notes/Roles%20in%20Identity%20and%20Access%20Management%20(IAM).md)
|
||||
|
|
@ -1,15 +1,15 @@
|
|||
[SANS Incident Response Plan](../Standards/SANS/SANS%20Incident%20Response%20Plan.md)
|
||||
[SANS Incident Response Plan](../../Standards/SANS/SANS%20Incident%20Response%20Plan.md)
|
||||
|
||||
[Checklist for auditing Incident Response Plan](../Literature%20notes/Checklists%20Gerardus%20Blokdyk/Checklist%20for%20auditing%20Incident%20Response%20Plan.md)
|
||||
[Checklist for auditing Incident Response Plan](../../Literature%20notes/Checklists%20Gerardus%20Blokdyk/Checklist%20for%20auditing%20Incident%20Response%20Plan.md)
|
||||
|
||||
See also:
|
||||
- [Ransomware Playbook](Ransomware%20Playbook.md)
|
||||
- [a-5.30-ICT-readiness-for-business-continuity](../Standards/ISO27x/OST/27002/EN/a-5.30-ICT-readiness-for-business-continuity.md)
|
||||
- [Ransomware Playbook](../Ransomware%20Playbook.md)
|
||||
- [a-5.30-ICT-readiness-for-business-continuity](../../Standards/ISO27x/OST/27002/EN/a-5.30-ICT-readiness-for-business-continuity.md)
|
||||
- [BCP_Bedrijfscontinuïteitsplanning](../📚️%20Literature%20notes/BCP_Bedrijfscontinuïteitsplanning.md)
|
||||
|
||||
|
||||
|
||||
ISO 27002 5.24 Planning and preparation [PE](../../../iso27DIY-gis/reference/Paraphrased/ISO27002-2022-EN/ISO_27002_2022_5.24_PE%20Information%20security%20incident%20management%20planning%20and%20preparation.md)/ [OT](../Standards/ISO27x/OST/27002/EN/a-5.24-Information-security-incident-management-planning-and-preparation.md)
|
||||
ISO 27002 5.24 Planning and preparation [PE](../../../../iso27DIY-gis/reference/Paraphrased/ISO27002-2022-EN/ISO_27002_2022_5.24_PE%20Information%20security%20incident%20management%20planning%20and%20preparation.md)/ [OT](../../Standards/ISO27x/OST/27002/EN/a-5.24-Information-security-incident-management-planning-and-preparation.md)
|
||||
|
||||
CISSP Incident Response Steps[^1]:
|
||||
|
||||
|
|
@ -26,7 +26,7 @@ CISSP Incident Response Steps[^1]:
|
|||
- Remediation
|
||||
- root cause analysis
|
||||
- Lessons Learned
|
||||
- ISO 27002 5.27 [PE](../../../iso27DIY-gis/reference/Paraphrased/ISO27002-2022-EN/ISO_27002_2022_5.27_PE%20Learning%20from%20information%20security%20incidents.md) / [OT](../Standards/ISO27x/OST/27002/EN/a-5.27-Learning-from-information-security-incidents.md)
|
||||
- ISO 27002 5.27 [PE](../../../../iso27DIY-gis/reference/Paraphrased/ISO27002-2022-EN/ISO_27002_2022_5.27_PE%20Learning%20from%20information%20security%20incidents.md) / [OT](../../Standards/ISO27x/OST/27002/EN/a-5.27-Learning-from-information-security-incidents.md)
|
||||
- prevent from re-occurring
|
||||
- improve incident response
|
||||
|
||||
|
|
@ -1,13 +0,0 @@
|
|||
# Introduction for Organizational Structures
|
||||
|
||||
Identifying information security requirements, according to ISO 27000:2018 C.4.5.2:
|
||||
|
||||
Information security requirements can be identified through an understanding of the following:
|
||||
|
||||
a) identified information assets and their value;
|
||||
|
||||
b) business needs for information processing, storage and communication;
|
||||
|
||||
c) legal, regulatory, and contractual requirements.
|
||||
|
||||
Conducting a methodical assessment of the risks associated with the organization’s information assets involves analysing threats to information assets, vulnerabilities to and the likelihood of a threat materializing to information assets, and the potential impact of any information security incident on information assets. The expenditure on relevant controls is expected to be proportionate to the perceived business impact of the risk materializing.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
- [The Art of Service](The%20Art%20of%20Service.md) offers topical InfoSec Kanban boards
|
||||
- 'Certificeringsadvies' offers independent external audits, they were employed by Networking4all
|
||||
- [Muddassir via Gumroad](https://community.gumroad.com/c/share-your-wins/boring-fields-like-supply-chains-can-be-creative-enough-to-sell-digital-products?login_token=RyhWoyqXw2kT5de2eNp6RYjL6U4NY1aKLPmS#comment_wrapper_4014940). Runs a site on SCM and has offered to cross post content.
|
||||
|
||||
|
|
@ -1,7 +1,6 @@
|
|||
A [List of Post-Mortems](https://github.com/danluu/post-mortems) on Github
|
||||
# Risico's uit de praktijk
|
||||
|
||||
[Incident Response Planning](Incident%20Response%20Planning.md)
|
||||
[Business Continuity Planning (BCP)](../📚️%20Literature%20notes/BCP_Bedrijfscontinuïteitsplanning.md)
|
||||
A [List of Post-Mortems](https://github.com/danluu/post-mortems) on Github
|
||||
|
||||
Search terms: Human Risk Human Error Breaches Incidents
|
||||
|
||||
|
|
@ -21,7 +21,7 @@ Zie ook:
|
|||
[](Open%20Group%20Risk%20Taxonomy%20Standard%203.01.pdf)
|
||||
[OWASP Top 10 CI-CD Security Risks](../Standards/other/OWASP%20Top%2010%20CI-CD%20Security%20Risks.md)
|
||||
[Splunk Top 50 Security threats](https://www.splunk.com/pdfs/ebooks/top-50-security-threats.pdf)
|
||||
[Austin Songer's risk catalogue](https://songer.pro/risk-catalogue/), seemingly based on SCF's [SCF's SP-RMM Risk Management Model](SP-RMM%20Risk%20Management%20Model.pdf), which is also used in the [Hyperproof Risk Register Template](Hyperproof%20Risk%20Register%20Template.xlsx).
|
||||
[Austin Songer's risk catalogue](https://songer.pro/risk-catalogue/), seemingly based on SCF's [SCF's SP-RMM Risk Management Model](SP-RMM%20Risk%20Management%20Model.pdf), which is also used in the [Risk Register Template Hyperproof](Risk%20Register%20Template%20Hyperproof.xlsx).
|
||||
|
||||
|
||||
[Risks of using personal email accounts in the workplace](Risks%20of%20using%20personal%20email%20accounts%20in%20the%20workplace.md)
|
||||
|
|
|
|||
|
Before Width: | Height: | Size: 87 KiB After Width: | Height: | Size: 87 KiB |
|
|
@ -3,5 +3,7 @@
|
|||
|
||||
Risks, threats and vulnerabilities are commonly misunderstood.
|
||||
|
||||
Fundamentally, vulnerability and risk management practices exist to achieve a minimum level of protection for an organization, which equates to a reduction in the total risk due to the protections offered by implemented controls. This can be conceptualized as a "risk management ecosystem" as it pertains to an organization's overall cybersecurity & data protection efforts. These ecosystem components have unique meanings that need to be understood to reasonably protect people, processes, technology and data, as shown below:
|
||||
|
||||
Fundamentally, vulnerability and risk management practices exist to achieve a minimum level of protection for an organization, which equates to a reduction in the total risk due to the protections offered by implemented controls. This can be conceptualized as a "risk management ecosystem" as it pertains to an organization's overall cybersecurity & data protection efforts.
|
||||
|
||||
These ecosystem components have unique meanings that need to be understood to reasonably protect people, processes, technology and data, as shown below:
|
||||
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@
|
|||
Bron: [SURF website](https://sec.surf.nl/asset/toolkit-risicobeoordeling/)
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
**Powerpoint voor workshop**
|
||||
|
|
@ -20,7 +20,7 @@ Met tabbladen voor:
|
|||
- Risico evaluatie
|
||||
|
||||
**Kaartjes**
|
||||
|
||||
|
||||
Workshop kaartjes voor:
|
||||
- Actoren
|
||||
- Motieven
|
||||
|
|
|
|||
|
|
@ -94,7 +94,7 @@ graph TD
|
|||
Strategie --> Informatiebeveiligingsbeleid
|
||||
```
|
||||
|
||||
|
||||
|
||||
|
||||
I’d put ‘policies and documentation’ on the right, business processes on the left, context, strategy and planning at the top, and controls at the bottom. RM/PDCA cycles at the center.
|
||||
|
||||
|
|
|
|||
|
Before Width: | Height: | Size: 539 KiB After Width: | Height: | Size: 539 KiB |
|
Before Width: | Height: | Size: 848 KiB After Width: | Height: | Size: 848 KiB |
|
|
@ -1,3 +1,5 @@
|
|||
# Using a Kanban board for ISMS implementation
|
||||
|
||||
We start with all Clauses and controls on the Backlog.
|
||||
At the end of each session we move controls from the backlog to 'to do' (and maybe some items can move to 'planned for Qn').
|
||||
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
# Impact gebieden / Areas of impact
|
||||
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
- [The Art of Service](The%20Art%20of%20Service.md) offers topical InfoSec Kanban boards
|
||||
- [The Art of Service](../The%20Art%20of%20Service.md) offers topical InfoSec Kanban boards
|
||||
- 'Certificeringsadvies' offers independent external audits, they were employed by Networking4all
|
||||
- [Muddassir via Gumroad](https://community.gumroad.com/c/share-your-wins/boring-fields-like-supply-chains-can-be-creative-enough-to-sell-digital-products?login_token=RyhWoyqXw2kT5de2eNp6RYjL6U4NY1aKLPmS#comment_wrapper_4014940). Runs a site on SCM and has offered to cross post content.
|
||||
|
||||
59
Corpus/Sparks/iso27diy/iso27DIY-MoC.md
Normal file
59
Corpus/Sparks/iso27diy/iso27DIY-MoC.md
Normal file
|
|
@ -0,0 +1,59 @@
|
|||
---
|
||||
tags:
|
||||
- project/iso27DIY
|
||||
- type/MoC
|
||||
---
|
||||
## Marketing source material
|
||||
[ISO27DIY Solution and Components](../../../Marketing/branding/ISO27DIY%20Solution%20and%20Components.md)
|
||||
[Value Proposition Canvas for iso27DIY](../../../Marketing/branding/Value%20Proposition%20Canvas%20for%20iso27DIY.md)
|
||||
[Brand Values](../../../Marketing/branding/Brand%20Values.md)
|
||||
[FUD with Certification](../../../Marketing/branding/FUD%20with%20Certification.md)
|
||||
[PRD Product Requirements Document for iso27DYI](../../../AuditGlue/PRD%20Product%20Requirements%20Document%20for%20iso27DYI.md)
|
||||
|
||||
[iso27DIY Functional Diagram](../../../AuditGlue/System%20alternative/iso27DIY%20Functional%20Diagram.canvas)
|
||||
[iso27DIY content modules](../../../AuditGlue/iso27DIY%20content%20modules.canvas)
|
||||
|
||||
## Marketing
|
||||
|
||||
[Pricing](../The%20Psychology%20Behind%20SaaS%20Pricing.md)
|
||||
[[Pricing Tiers for iso27DIY|Tiers]]
|
||||
[[SEO guide for Carrd|Website SEO]]
|
||||
[Idea Validation](Idea%20Validation.md)
|
||||
|
||||
## Method
|
||||
[Samenhang tussen producten](../Samenhang%20tussen%20producten.md)
|
||||
[ISO 27001 2023 Processen en Artefacten](../../Standards/ISO27x/OST/ISO%2027001%202023%20Processen%20en%20Artefacten.md)
|
||||
[Advised Documents for ISO 27001](../iso27DIY-gis/reference/Advised%20Documents%20for%20ISO%2027001.md)
|
||||
[Examples of Proof for auditors](../Sparks/Examples%20of%20Proof%20for%20auditors.md)
|
||||
[About ISO27DIY Policy Cards](../💡Permanent%20ideas/About%20ISO27DIY%20Policy%20Cards.md)
|
||||
|
||||
## Design
|
||||
[Modules Canvas](../../../AuditGlue/iso27DIY%20content%20modules.canvas)
|
||||
[About the flow](../Sparks/About%20iso27diy/About%20the%20flow.md)
|
||||
[UI ideas](../../../AuditGlue/System%20alternative/iso27DIY%20UI%20ideas.md)
|
||||
|
||||
### Agents
|
||||
[Create a proactive conversational agent](../../Various/Create%20a%20proactive%20conversational%20agent.md)
|
||||
[Create an interview agent](../../Various/Create%20an%20interview%20agent.md)
|
||||
[Agent Design Intent Card](../../../AuditGlue/System%20alternative/Agent%20Design%20Intent%20Card.md)
|
||||
[Create a threat analysis chatbot](../../Various/Create%20a%20threat%20analysis%20chatbot.md)
|
||||
[Instruct an LLM on available tools](../../Various/Instruct%20an%20LLM%20on%20available%20tools.md)
|
||||
[LLM Prompt types](../../Various/LLM%20Prompt%20types.md)
|
||||
|
||||
## Content
|
||||
[ISO27DIY Videos list](../🧱%20Projects/iso27DIY%20mk%20I/ISO27DIY%20Videos%20list.md)
|
||||
|
||||
## Platform
|
||||
[Design Document for ISO 27001 Certification Support Online Service](../../Various/Design%20Document%20for%20ISO%2027001%20Certification%20Support%20Online%20Service.md)
|
||||
[Personae and Roles](../Personae%20and%20Roles.md)
|
||||
[TypeDB structure for ISO27DIY](../TypeDB%20structure%20for%20ISO27DIY.md)
|
||||
[Client segregation in SaaS](../Information%20Security/Client%20segregation%20in%20SaaS.md)
|
||||
[Building functionality in Supabase](../../Various/Building%20functionality%20in%20Supabase.md)
|
||||
[SupaBase edge functions portability](../SupaBase%20edge%20functions%20portability.md)
|
||||
[Connect LLM to Supabase to create content](../../Various/Connect%20LLM%20to%20Supabase%20to%20create%20content.md)
|
||||
[Application architecture](../../Various/Application%20architecture.md)
|
||||
[iso27DYI architecture with LLM](../../../AuditGlue/System%20alternative/iso27DYI%20architecture%20with%20LLM.md)
|
||||
[iso27DIY stack deployment](../../../AuditGlue/System%20alternative/iso27DIY%20stack%20deployment.md)
|
||||
[SurveyJS](../SurveyJS.md)
|
||||
[WeWeb Security Pre-Launch Checklist](../weweb_security_checklist.md)
|
||||
|
||||
|
Before Width: | Height: | Size: 286 KiB After Width: | Height: | Size: 286 KiB |
|
|
@ -8,9 +8,9 @@ CIS are security best practices for strengthening your security posture to defen
|
|||
maps to lots of frameworks
|
||||
|
||||
Safeguards are identified by attack patterns from the MITRE ATT&CK* framework
|
||||
we verified that the CIS Controls are effective at defending against 86% of the ATT&CK (sub-)techniques found in the ATT&CK framework. More importantly, the Controls are highly effective against the top five attack types found in industry threat data.
|
||||
We verified that the CIS Controls are effective at defending against 86% of the ATT&CK (sub-)techniques found in the ATT&CK framework. More importantly, the Controls are highly effective against the top five attack types found in industry threat data.
|
||||
|
||||
|
||||
|
||||
Source: CIS Community Defense Model version 2.0
|
||||
|
||||
|
||||
|
|
@ -31,10 +31,10 @@ IG3 assets contain sensitive information or functions that are subject to regula
|
|||
Safeguards selected for IG3 must abate targeted attacks from a sophisticated adversary and reduce the impact of zero-day attacks.
|
||||
|
||||
|
||||
|
||||
|
||||
Source: CIS Controls v8.1 PDF, pp 8-12
|
||||
|
||||
|
||||
|
||||
List of the CIS Controls in v8, and how many Safeguards in each are applicable to each Implementation Group. [source](https://www.cisecurity.org/controls/implementation-groups)
|
||||
|
||||
See CIS_Controls_Version_8.1_6_24_2024.xlsx for a table that shows all safeguards mapped to the three Implementation Groups.
|
||||
|
Before Width: | Height: | Size: 57 KiB After Width: | Height: | Size: 57 KiB |
|
|
@ -6,7 +6,7 @@ Authentication is the proof of identity that is achieved through providing crede
|
|||
See also:
|
||||
- [a-8.5-Secure-authentication](OST/27002/EN/a-8.5-Secure-authentication.md)
|
||||
- [Authentication Methods Used for Network Security](../../Literature%20notes/Authentication%20Methods%20Used%20for%20Network%20Security.md)
|
||||
- [Identity and Access Management (IAM)](../../Sparks/Identity%20and%20Access%20Management%20(IAM).md)
|
||||
- [Identity and Access Management (IAM)](../../Sparks/Information%20Security/Identity%20and%20Access%20Management%20(IAM).md)
|
||||
- [Authorization](Authorization.md)
|
||||
- [Identification](../../Sparks/Identification.md)
|
||||
- [Identification](../../Sparks/Information%20Security/Identification.md)
|
||||
|
||||
|
|
|
|||
|
|
@ -5,9 +5,9 @@ See also:
|
|||
- [Authorization vs Access Control](../../Sparks/ISMS/Authorization%20vs%20Access%20Control.md)
|
||||
- [Access Control Models](../../Sparks/ISMS/Access%20Control%20Models.md)
|
||||
- [Authentication](Authentication.md)
|
||||
- [Identification](../../Sparks/Identification.md)
|
||||
- [Identification](../../Sparks/Information%20Security/Identification.md)
|
||||
- [CASSM Consumer Authentication Strength Maturity Model](../../Literature%20notes/CASSM%20Consumer%20Authentication%20Strength%20Maturity%20Model.md)
|
||||
- [Identity and Access Management (IAM)](../../Sparks/Identity%20and%20Access%20Management%20(IAM).md)
|
||||
- [Identity and Access Management (IAM)](../../Sparks/Information%20Security/Identity%20and%20Access%20Management%20(IAM).md)
|
||||
- [a-5.15-Access-control](OST/27002/EN/a-5.15-Access-control.md) ???
|
||||
|
||||
|
||||
|
|
|
|||
|
Before Width: | Height: | Size: 115 KiB After Width: | Height: | Size: 115 KiB |
|
|
@ -13,7 +13,7 @@ Recent:
|
|||
Older:
|
||||
- [Roles and Responsibilities](../../Sparks/Roles%20and%20Responsibilities.md)
|
||||
- [Risk ownership](../../Sparks/Risk%20ownership.md)
|
||||
- [Ideas on Risk Ownership](../../Sparks/Ideas%20on%20Risk%20Ownership.md)
|
||||
- [Ideas on Risk Ownership](../../Sparks/ISMS/Ideas%20on%20Risk%20Ownership.md)
|
||||
- [Asset ownership](../../Sparks/Asset%20ownership.md)
|
||||
- [Procuratieregeling](../../Various/Procuratieregeling.md)
|
||||
- [Control ownership](../../Sparks/ISMS/Control%20ownership.md)
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
According to [Mark Bernard](https://www.linkedin.com/posts/markesbernard_the-changes-to-isoiec-27001-isms-are-not-activity-7344467878198329344-nZN7) , 28 juni 2025, "The changes to ISO/IEC 27001 ISMS are not straightforward. Some believe that the total number of controls was reduced; however, the truth is that new controls were added while existing controls were consolidated and streamlined."
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
## New ISMS Control Objectives - ISO 27001:2022 CLAUSE 4 TO 10
|
||||
|
|
|
|||
|
|
@ -3,4 +3,4 @@
|
|||
An appropriate set of procedures for information labelling shall be developed and implemented in accordance with the information classification scheme adopted by the organization.
|
||||
|
||||
Related:
|
||||
- [Labeling of information in the digital domain](../../../../Sparks/Labeling%20of%20information%20in%20the%20digital%20domain.md)
|
||||
- [Labeling of information in the digital domain](../../../../Sparks/ISMS/Labeling%20of%20information%20in%20the%20digital%20domain.md)
|
||||
|
|
@ -3,7 +3,7 @@ Child notes:
|
|||
- [Toegevoegde waarde van ISO27DIY 1](../../../../Sparks/Toegevoegde%20waarde%20van%20ISO27DIY%201.md)
|
||||
- [Friendly targets](../../../../../../💡Permanent%20ideas/Friendly%20targets.md)
|
||||
- [Possible Colabs](../../../../Sparks/Possible%20Colabs.md)
|
||||
- [List of possible partners 1](../../../../Sparks/List%20of%20possible%20partners%201.md)
|
||||
- [List of possible partners](../../../../Sparks/iso27diy/List%20of%20possible%20partners.md)
|
||||
- [ISO27DIY Business drivers](ISO27DIY%20Business%20drivers.md)
|
||||
- [AuditGlue Business model](../AuditGlue%20Business%20model.md)
|
||||
- [[### Related notes
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
Skeleton project plan contents:
|
||||
- [ISO 27001 benefits](../ISO%2027001%20benefits.md)
|
||||
- [ISO27DIY benefits](../../../../../Sparks/ISO27DIY%20benefits.md)
|
||||
- [ISO27DIY benefits](../../../../../Sparks/iso27diy/ISO27DIY%20benefits.md)
|
||||
|
||||
|
||||
## Benefits
|
||||
|
|
|
|||
|
|
@ -6,5 +6,5 @@
|
|||
|
||||
## Related:
|
||||
- [ISO 27001 benefits](../ISO%2027001%20benefits.md)
|
||||
- [ISO27DIY benefits](../../../../../Sparks/ISO27DIY%20benefits.md)
|
||||
- [ISO27DIY benefits](../../../../../Sparks/iso27diy/ISO27DIY%20benefits.md)
|
||||
|
||||
|
|
|
|||
|
|
@ -11,4 +11,4 @@ Additional resources and support are available on the iso27diy.com website.
|
|||
* No need for external consultants or expensive software
|
||||
|
||||
|
||||
See also [ISO27DIY benefits](../Sparks/ISO27DIY%20benefits.md)
|
||||
See also [ISO27DIY benefits](../Sparks/iso27diy/ISO27DIY%20benefits.md)
|
||||
Loading…
Add table
Add a link
Reference in a new issue