Cleaning up the Sparks folder
This commit is contained in:
parent
eb610a79b6
commit
96cd8fea7b
78 changed files with 149 additions and 181 deletions
BIN
Corpus/Standards/CIS Controls and Safeguards.png
Normal file
BIN
Corpus/Standards/CIS Controls and Safeguards.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 286 KiB |
84
Corpus/Standards/CIS Controls.md
Normal file
84
Corpus/Standards/CIS Controls.md
Normal file
|
|
@ -0,0 +1,84 @@
|
|||
# CIS Critical Security Controls
|
||||
|
||||
https://www.cisecurity.org/controls
|
||||
|
||||
Cyber attacks exploit bad cyber hygiene
|
||||
CIS are security best practices for strengthening your security posture to defend agains top threats
|
||||
|
||||
maps to lots of frameworks
|
||||
|
||||
Safeguards are identified by attack patterns from the MITRE ATT&CK* framework
|
||||
We verified that the CIS Controls are effective at defending against 86% of the ATT&CK (sub-)techniques found in the ATT&CK framework. More importantly, the Controls are highly effective against the top five attack types found in industry threat data.
|
||||
|
||||
|
||||
Source: CIS Community Defense Model version 2.0
|
||||
|
||||
|
||||
3 levels:
|
||||
IG1, 2 and 3
|
||||
These CIS Controls Implementation Groups (IGs) are ment as a guidance to prioritize implementation.
|
||||
|
||||
IG1 is defined as “essential cyber hygiene”, targeted to small to medium-sized enterprises with limited IT and cybersecurity expertise.
|
||||
Their main concern is operational continuity.
|
||||
IG1 Safeguards are aimed to thwart general, non-targeted attacks.
|
||||
|
||||
IG2 enterprises have dedicated security staff, multiple departments with differing risk profiles, and regulatory compliance burdens.
|
||||
A major concern is loss of public confidence if a breach occurs.
|
||||
IG2 Safeguards help security teams cope with increased operational complexity.
|
||||
|
||||
IG3 enterprises employ security experts that specialize in the different facets of cybersecurity.
|
||||
IG3 assets contain sensitive information or functions that are subject to regulatory and compliance oversight. An IG3 enterprise must address availability of services and the confidentiality and integrity of sensitive data. Successful attacks can cause significant harm to the public welfare.
|
||||
Safeguards selected for IG3 must abate targeted attacks from a sophisticated adversary and reduce the impact of zero-day attacks.
|
||||
|
||||
|
||||
|
||||
Source: CIS Controls v8.1 PDF, pp 8-12
|
||||
|
||||
|
||||
List of the CIS Controls in v8, and how many Safeguards in each are applicable to each Implementation Group. [source](https://www.cisecurity.org/controls/implementation-groups)
|
||||
|
||||
See CIS_Controls_Version_8.1_6_24_2024.xlsx for a table that shows all safeguards mapped to the three Implementation Groups.
|
||||
|
||||
### CIS version 8 has 18 controls, you only gave me 9. Can you make this complete?
|
||||
|
||||
Certainly! Here's a complete table including all 18 CIS Controls in Version 8, with simplified implementation group indications. This serves as a high-level overview and the specifics for each safeguard would need to be obtained from the official CIS documentation.
|
||||
|
||||
| CIS Control | Safeguard (Control ID) | IG 1 | IG 2 | IG 3 |
|
||||
| --------------------------------------------------------- | ---------------------------------------- | ---- | ---- | ---- |
|
||||
| 1. Inventory and Control of Enterprise Assets | 1.1 Inventory of Assets | ✓ | ✓ | ✓ |
|
||||
| | 1.2 Address Unauthorized Assets | ✓ | ✓ | ✓ |
|
||||
| 2. Inventory and Control of Software Assets | 2.1 Inventory of Software | ✓ | ✓ | ✓ |
|
||||
| | 2.2 Address Unauthorized Software | ✓ | ✓ | ✓ |
|
||||
| 3. Data Protection | 3.1 Data Management | ✓ | ✓ | ✓ |
|
||||
| | 3.2 Data Recovery | | ✓ | ✓ |
|
||||
| 4. Secure Configuration of Enterprise Assets and Software | 4.1 Establish Secure Configurations | ✓ | ✓ | ✓ |
|
||||
| | 4.2 Secure Configuration Management | | ✓ | ✓ |
|
||||
| 5. Account Management | 5.1 Account Inventory | ✓ | ✓ | ✓ |
|
||||
| | 5.2 Admin Account Management | ✓ | ✓ | ✓ |
|
||||
| 6. Access Control Management | 6.1 Access Control Policy | ✓ | ✓ | ✓ |
|
||||
| | 6.2 Access Granting | ✓ | ✓ | ✓ |
|
||||
| 7. Continuous Vulnerability Management | 7.1 Vulnerability Scanning | ✓ | ✓ | ✓ |
|
||||
| | 7.2 Vulnerability Remediation | | ✓ | ✓ |
|
||||
| 8. Audit Log Management | 8.1 Log Retention and Management | ✓ | ✓ | ✓ |
|
||||
| | 8.2 Log Review | | ✓ | ✓ |
|
||||
| 9. Email and Web Browser Protection | 9.1 Email Protection | ✓ | ✓ | ✓ |
|
||||
| | 9.2 Web Browser Protection | ✓ | ✓ | ✓ |
|
||||
| 10. Malware Defenses | 10.1 Malicious Code Detection | ✓ | ✓ | ✓ |
|
||||
| | 10.2 Malware Defenses | ✓ | ✓ | ✓ |
|
||||
| 11. Data Recovery | 11.1 Data Recovery Mechanisms | ✓ | ✓ | ✓ |
|
||||
| 12. Network Infrastructure Management | 12.1 Network Inventory | ✓ | ✓ | ✓ |
|
||||
| | 12.2 Network Segmentation | | ✓ | ✓ |
|
||||
| 13. Security Awareness and Skills Training | 13.1 Security Awareness Program | ✓ | ✓ | ✓ |
|
||||
| | 13.2 Training and Exercises | | ✓ | ✓ |
|
||||
| 14. Security Operations Center (SOC) Functions | 14.1 Threat Detection | ✓ | ✓ | ✓ |
|
||||
| 15. Security Incident Management | 15.1 Incident Response Planning | ✓ | ✓ | ✓ |
|
||||
| | 15.2 Incident Response Testing | | ✓ | ✓ |
|
||||
| 16. Application Software Security | 16.1 Software Development Security | ✓ | ✓ | ✓ |
|
||||
| | 16.2 Application Testing | | ✓ | ✓ |
|
||||
| 17. Penetration Testing | 17.1 Penetration Testing and Red Teaming | | ✓ | ✓ |
|
||||
| 18. Cloud Security | 18.1 Cloud Security Posture Management | ✓ | ✓ | ✓ |
|
||||
| | 18.2 Cloud Workload Protection | | ✓ | ✓ |
|
||||
|
||||
```
|
||||
|
||||
This table presents an overview of the CIS Controls with a basic distinction of which implementation groups might adopt each safeguard as part of their cybersecurity strategy. The tick marks (✓) are placed based on the assumption that lower IG numbers cover more fundamental controls, while higher IG numbers represent more sophisticated measures. Always refer to the official CIS documents for precise guidelines and safeguards as they relate to your organization's needs.
|
||||
BIN
Corpus/Standards/CIS safeguards effectiveness.png
Normal file
BIN
Corpus/Standards/CIS safeguards effectiveness.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 57 KiB |
10
Corpus/Standards/Data maturity model NL overheid.md
Normal file
10
Corpus/Standards/Data maturity model NL overheid.md
Normal file
|
|
@ -0,0 +1,10 @@
|
|||
# Data maturity model NL overheid
|
||||
|
||||
Een data maturity model helpt Nederlandse overheidsorganisaties bij het beoordelen, verbeteren en volwassen maken van hun datamanagementpraktijken. Het model dient als een raamwerk om de huidige status van een organisatie op het gebied van data te beoordelen en verbeterplannen te identificeren.
|
||||
|
||||
### Elaboratie:
|
||||
* Data Management Maturity Model (DMM):
Dit model, ontwikkeld door de ~[Realisatie IBDS](https://realisatieibds.nl/groups/view/c23ab74c-adb4-424e-917d-773a37968efe/kenniscentrum-van-de-ibds/wiki/view/2986e2c2-77c0-4624-8a4b-7bde2c56b70a/data-management-maturity-dmm)~, biedt een systematische benadering om de data management capaciteiten van overheidsorganisaties te verbeteren. Het helpt organisaties bij het beoordelen van hun huidige datamanagement en het identificeren van kansen voor verbetering.
|
||||
* Data Governance Maturity Model:
~[Sprinto](https://sprinto.com.en2nl.search.translate.goog/blog/data-governance-maturity-model/)~ beschrijft de volwassenheidsniveaus van data governance programma's. Het model helpt organisaties bij het beoordelen van hun huidige staat en bij het identificeren van stappen om hun data governance te verbeteren.
|
||||
* Data Maturity Assessment for Government:
Dit model, ook van ~[Realisatie IBDS](https://realisatieibds.nl/kennisbank/scan-datavolwassenheid)~, biedt een raamwerk om de gezondheid en sterkte van het data-ecosysteem van een overheidsorganisatie te meten en te verbeteren. Het helpt organisaties bij het identificeren van strategische verbeterpunten en bij het prioriteren van investeringen.
|
||||
* Morgens Data Maturity Model:
Dit model, ~[www.morgens.nl](https://www.morgens.nl/actueel/groei-in-datavolwassenheid-met-het-morgens-data-maturity-model/)~, helpt publieke sector organisaties bij het in kaart brengen van hun datavolwassenheid en het identificeren van stappen voor verbetering.
|
||||
* Data-Analytics Maturity Model:
Berenschot, in samenwerking met het A&O Fonds en de VNG, ontwikkelde een model dat helpt bij het beoordelen van de bereidheid van een organisatie om datagedreven te gaan werken.
|
||||
|
|
@ -6,7 +6,7 @@ Authentication is the proof of identity that is achieved through providing crede
|
|||
See also:
|
||||
- [a-8.5-Secure-authentication](OST/27002/EN/a-8.5-Secure-authentication.md)
|
||||
- [Authentication Methods Used for Network Security](../../Literature%20notes/Authentication%20Methods%20Used%20for%20Network%20Security.md)
|
||||
- [Identity and Access Management (IAM)](../../Sparks/Identity%20and%20Access%20Management%20(IAM).md)
|
||||
- [Identity and Access Management (IAM)](../../Sparks/Information%20Security/Identity%20and%20Access%20Management%20(IAM).md)
|
||||
- [Authorization](Authorization.md)
|
||||
- [Identification](../../Sparks/Identification.md)
|
||||
- [Identification](../../Sparks/Information%20Security/Identification.md)
|
||||
|
||||
|
|
|
|||
|
|
@ -5,9 +5,9 @@ See also:
|
|||
- [Authorization vs Access Control](../../Sparks/ISMS/Authorization%20vs%20Access%20Control.md)
|
||||
- [Access Control Models](../../Sparks/ISMS/Access%20Control%20Models.md)
|
||||
- [Authentication](Authentication.md)
|
||||
- [Identification](../../Sparks/Identification.md)
|
||||
- [Identification](../../Sparks/Information%20Security/Identification.md)
|
||||
- [CASSM Consumer Authentication Strength Maturity Model](../../Literature%20notes/CASSM%20Consumer%20Authentication%20Strength%20Maturity%20Model.md)
|
||||
- [Identity and Access Management (IAM)](../../Sparks/Identity%20and%20Access%20Management%20(IAM).md)
|
||||
- [Identity and Access Management (IAM)](../../Sparks/Information%20Security/Identity%20and%20Access%20Management%20(IAM).md)
|
||||
- [a-5.15-Access-control](OST/27002/EN/a-5.15-Access-control.md) ???
|
||||
|
||||
|
||||
|
|
|
|||
BIN
Corpus/Standards/ISO27x/Changes in ISO 27001-2022 table.jpeg
Normal file
BIN
Corpus/Standards/ISO27x/Changes in ISO 27001-2022 table.jpeg
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 115 KiB |
|
|
@ -13,7 +13,7 @@ Recent:
|
|||
Older:
|
||||
- [Roles and Responsibilities](../../Sparks/Roles%20and%20Responsibilities.md)
|
||||
- [Risk ownership](../../Sparks/Risk%20ownership.md)
|
||||
- [Ideas on Risk Ownership](../../Sparks/Ideas%20on%20Risk%20Ownership.md)
|
||||
- [Ideas on Risk Ownership](../../Sparks/ISMS/Ideas%20on%20Risk%20Ownership.md)
|
||||
- [Asset ownership](../../Sparks/Asset%20ownership.md)
|
||||
- [Procuratieregeling](../../Various/Procuratieregeling.md)
|
||||
- [Control ownership](../../Sparks/ISMS/Control%20ownership.md)
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
According to [Mark Bernard](https://www.linkedin.com/posts/markesbernard_the-changes-to-isoiec-27001-isms-are-not-activity-7344467878198329344-nZN7) , 28 juni 2025, "The changes to ISO/IEC 27001 ISMS are not straightforward. Some believe that the total number of controls was reduced; however, the truth is that new controls were added while existing controls were consolidated and streamlined."
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
## New ISMS Control Objectives - ISO 27001:2022 CLAUSE 4 TO 10
|
||||
|
|
|
|||
|
|
@ -3,4 +3,4 @@
|
|||
An appropriate set of procedures for information labelling shall be developed and implemented in accordance with the information classification scheme adopted by the organization.
|
||||
|
||||
Related:
|
||||
- [Labeling of information in the digital domain](../../../../Sparks/Labeling%20of%20information%20in%20the%20digital%20domain.md)
|
||||
- [Labeling of information in the digital domain](../../../../Sparks/ISMS/Labeling%20of%20information%20in%20the%20digital%20domain.md)
|
||||
|
|
@ -3,7 +3,7 @@ Child notes:
|
|||
- [Toegevoegde waarde van ISO27DIY 1](../../../../Sparks/Toegevoegde%20waarde%20van%20ISO27DIY%201.md)
|
||||
- [Friendly targets](../../../../../../💡Permanent%20ideas/Friendly%20targets.md)
|
||||
- [Possible Colabs](../../../../Sparks/Possible%20Colabs.md)
|
||||
- [List of possible partners 1](../../../../Sparks/List%20of%20possible%20partners%201.md)
|
||||
- [List of possible partners](../../../../Sparks/iso27diy/List%20of%20possible%20partners.md)
|
||||
- [ISO27DIY Business drivers](ISO27DIY%20Business%20drivers.md)
|
||||
- [AuditGlue Business model](../AuditGlue%20Business%20model.md)
|
||||
- [[### Related notes
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
Skeleton project plan contents:
|
||||
- [ISO 27001 benefits](../ISO%2027001%20benefits.md)
|
||||
- [ISO27DIY benefits](../../../../../Sparks/ISO27DIY%20benefits.md)
|
||||
- [ISO27DIY benefits](../../../../../Sparks/iso27diy/ISO27DIY%20benefits.md)
|
||||
|
||||
|
||||
## Benefits
|
||||
|
|
|
|||
|
|
@ -6,5 +6,5 @@
|
|||
|
||||
## Related:
|
||||
- [ISO 27001 benefits](../ISO%2027001%20benefits.md)
|
||||
- [ISO27DIY benefits](../../../../../Sparks/ISO27DIY%20benefits.md)
|
||||
- [ISO27DIY benefits](../../../../../Sparks/iso27diy/ISO27DIY%20benefits.md)
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue