From 984ccff4e4719a03fe87d5dd680adba799524142 Mon Sep 17 00:00:00 2001 From: Richard Kranendonk Date: Fri, 1 May 2026 17:01:25 +0200 Subject: [PATCH] Let kilo remove bof cruft --- ...erms-definitions-and-abbreviated-terms.md} | 6 +- .../a-5.12-Classification-of-information.md | 2 - .../OST/27002/EN/a-5.15-Access-control.md | 2 - .../EN/a-5.17-Authentication-information.md | 1 - ...tion-security-in-supplier-relationships.md | 1 - ...ion-security-within-supplier-agreements.md | 1 - ...mation-security-in-the-ICT-supply-chain.md | 3 - ...-change-management-of-supplier-services.md | 2 +- ...tion-security-for-use-of-cloud-services.md | 1 - ...ent-management-planning-and-preparation.md | 1 - ...ing-from-information-security-incidents.md | 1 - ...-Information-security-during-disruption.md | 1 - .../27002/EN/a-5.3-Segregation-of-duties.md | 1 - ...0-ICT-readiness-for-business-continuity.md | 7 +- .../EN/a-5.32-Intellectual-property-rights.md | 1 - .../a-5.37-Documented-operating-procedures.md | 2 - .../EN/a-5.4-Management-responsibilities.md | 1 - .../EN/a-5.5-Contact-with-authorities.md | 1 - ....6-Contact-with-special-interest-groups.md | 1 - .../OST/27002/EN/a-5.7-Threat-intelligence.md | 1 - ...ormation-security-in-project-management.md | 1 - ...information-and-other-associated-assets.md | 2 - .../ISO27x/OST/27002/EN/a-6.1-Screening.md | 2 +- ...curity-awareness-education-and-training.md | 2 - ...ter-termination-or-change-of-employment.md | 2 - ...dentiality-or-non-disclosure-agreements.md | 2 - ....8-Information-security-event-reporting.md | 2 - .../EN/a-7.1-Physical-security-perimeters.md | 2 - ...3-Securing-offices-rooms-and-facilities.md | 2 - .../EN/a-7.4-Physical-security-monitoring.md | 2 - .../OST/27002/EN/a-8.13-Information-backup.md | 1 - .../ISO27x/OST/27002/EN/a-8.15-Logging.md | 2 - .../27002/EN/a-8.16-Monitoring-activities.md | 1 - ...tion-of-software-on-operational-systems.md | 1 - .../EN/a-8.2-Privileged-access-rights.md | 2 - .../EN/a-8.21-Security-of-network-services.md | 2 - .../EN/a-8.22-Segregation-of-networks.md | 2 - .../27002/EN/a-8.24-Use-of-cryptography.md | 6 - .../a-8.25-Secure-development-life-cycle.md | 5 - ...-8.26-Application-security-requirements.md | 1 - ...architecture-and-engineering-principles.md | 5 - .../OST/27002/EN/a-8.28-Secure-coding.md | 11 - ...y-testing-in-development-and-acceptance.md | 2 - .../OST/27002/EN/a-8.32-Change-management.md | 1 - .../27002/EN/a-8.5-Secure-authentication.md | 2 - .../EN/a-8.7-Protection-against-malware.md | 4 +- ...Management-of-technical-vulnerabilities.md | 2 - .../EN/a-8.9-Configuration-management.md | 1 - .../📗 Information security concepts MoC.md | 2 +- prepend_frontmatter.py | 2320 +++++++++++++++++ 50 files changed, 2326 insertions(+), 103 deletions(-) rename Corpus/Standards/ISO27x/OST/27002/EN/{ISO_27002_OT 3 Terms, definitions and abbreviated terms.md => a-3-Terms-definitions-and-abbreviated-terms.md} (99%) create mode 100644 prepend_frontmatter.py diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/ISO_27002_OT 3 Terms, definitions and abbreviated terms.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-3-Terms-definitions-and-abbreviated-terms.md similarity index 99% rename from Corpus/Standards/ISO27x/OST/27002/EN/ISO_27002_OT 3 Terms, definitions and abbreviated terms.md rename to Corpus/Standards/ISO27x/OST/27002/EN/a-3-Terms-definitions-and-abbreviated-terms.md index 4ac17cb..52546db 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/ISO_27002_OT 3 Terms, definitions and abbreviated terms.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-3-Terms-definitions-and-abbreviated-terms.md @@ -1,9 +1,5 @@ -#iso27002/2022/EN - -**3.1** **Terms** **and** **definitions** - - +## 3.1 Terms and definitions For the purposes of this document, the following terms and definitions apply. diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.12-Classification-of-information.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.12-Classification-of-information.md index 0ea107a..338d711 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.12-Classification-of-information.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.12-Classification-of-information.md @@ -1,5 +1,3 @@ -#iso27002/2022/EN - ## 5.12 Classification of information | Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains | diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.15-Access-control.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.15-Access-control.md index bfe1808..a55aa6e 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.15-Access-control.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.15-Access-control.md @@ -1,5 +1,3 @@ -#iso27002/2022/EN - ## 5.15 Access control | Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains | diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.17-Authentication-information.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.17-Authentication-information.md index debc788..50be34b 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.17-Authentication-information.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.17-Authentication-information.md @@ -1,4 +1,3 @@ -#iso27002/2022/EN ## 5.17 Authentication information ### Control diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.19-Information-security-in-supplier-relationships.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.19-Information-security-in-supplier-relationships.md index 11664ac..a614244 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.19-Information-security-in-supplier-relationships.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.19-Information-security-in-supplier-relationships.md @@ -1,4 +1,3 @@ -#iso27002/2022/EN ## 5.19 Information security in supplier relationships **Control** diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.20-Addressing-information-security-within-supplier-agreements.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.20-Addressing-information-security-within-supplier-agreements.md index 55e407d..3eecb00 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.20-Addressing-information-security-within-supplier-agreements.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.20-Addressing-information-security-within-supplier-agreements.md @@ -1,4 +1,3 @@ -#iso27002/2022/EN ## 5.20 Addressing information security within supplier agreements **Control** diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.21-Managing-information-security-in-the-ICT-supply-chain.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.21-Managing-information-security-in-the-ICT-supply-chain.md index bed7514..5d9418c 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.21-Managing-information-security-in-the-ICT-supply-chain.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.21-Managing-information-security-in-the-ICT-supply-chain.md @@ -1,6 +1,3 @@ -#iso27002/2022/EN -[[ISO_27002_PE 5.21 Managing information security in the ICT supply chain]] - ## 5.21 Managing information security in the ICT supply chain **Control** diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.22-Monitoring-review-and-change-management-of-supplier-services.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.22-Monitoring-review-and-change-management-of-supplier-services.md index 6f842b7..885d951 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.22-Monitoring-review-and-change-management-of-supplier-services.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.22-Monitoring-review-and-change-management-of-supplier-services.md @@ -1,4 +1,4 @@ -#iso27002/2022/EN +## 5.22 Monitoring, review, and change management of supplier services **Control** The organization should regularly monitor, review, evaluate and manage change in supplier information security practices and service delivery. diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.23-Information-security-for-use-of-cloud-services.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.23-Information-security-for-use-of-cloud-services.md index 4b5329c..e13d64d 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.23-Information-security-for-use-of-cloud-services.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.23-Information-security-for-use-of-cloud-services.md @@ -1,4 +1,3 @@ -#iso27002/2022/EN ## 5.23 Information security for use of cloud services #### Control diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.24-Information-security-incident-management-planning-and-preparation.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.24-Information-security-incident-management-planning-and-preparation.md index f8fac08..a2bd547 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.24-Information-security-incident-management-planning-and-preparation.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.24-Information-security-incident-management-planning-and-preparation.md @@ -1,4 +1,3 @@ -#iso27002/2022/EN ## 5.24 Information security incident management planning and preparation #### Control diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.27-Learning-from-information-security-incidents.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.27-Learning-from-information-security-incidents.md index 6b32db2..089f267 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.27-Learning-from-information-security-incidents.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.27-Learning-from-information-security-incidents.md @@ -1,4 +1,3 @@ -#iso27002/2022/EN ## 5.27 Learning from information security incidents #### Control diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.29-Information-security-during-disruption.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.29-Information-security-during-disruption.md index c37ffcf..24172cd 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.29-Information-security-during-disruption.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.29-Information-security-during-disruption.md @@ -1,4 +1,3 @@ -#iso27002/2022/EN ## 5.29 Information security during disruption | Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains | diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.3-Segregation-of-duties.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.3-Segregation-of-duties.md index 9895400..fa228d7 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.3-Segregation-of-duties.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.3-Segregation-of-duties.md @@ -1,4 +1,3 @@ -#iso27002/2022/EN ## 5.3 Segregation of duties ### Control diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.30-ICT-readiness-for-business-continuity.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.30-ICT-readiness-for-business-continuity.md index 57a9d36..0c3c50a 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.30-ICT-readiness-for-business-continuity.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.30-ICT-readiness-for-business-continuity.md @@ -1,9 +1,4 @@ -#iso27002/2022/EN -See also: -- [BCP_Bedrijfscontinuïteitsplanning](../../../../../📚️%20Literature%20notes/BCP_Bedrijfscontinuïteitsplanning.md) -- [Disaster Recovery Planning](../../../../../🎇%20Sparks/Disaster%20Recovery%20Planning.md) - -# **5.30** **ICT** **readiness** **for** **business** continuity +## **5.30** **ICT** **readiness** **for** **business** continuity ## Purpose diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.32-Intellectual-property-rights.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.32-Intellectual-property-rights.md index 74e38b0..6637786 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.32-Intellectual-property-rights.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.32-Intellectual-property-rights.md @@ -1,4 +1,3 @@ -#iso27002/2022/EN ## 5.32 Intellectual property rights **Control** diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.37-Documented-operating-procedures.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.37-Documented-operating-procedures.md index 141da41..741a191 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.37-Documented-operating-procedures.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.37-Documented-operating-procedures.md @@ -1,5 +1,3 @@ - - ## 5.37 Documented operating procedures | Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains | diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.4-Management-responsibilities.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.4-Management-responsibilities.md index 2f50de6..113f2e7 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.4-Management-responsibilities.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.4-Management-responsibilities.md @@ -1,4 +1,3 @@ -#iso27002/2022/EN ## 5.4 Management responsibilities #### Control diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.5-Contact-with-authorities.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.5-Contact-with-authorities.md index 423a885..a6fcb18 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.5-Contact-with-authorities.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.5-Contact-with-authorities.md @@ -1,4 +1,3 @@ -#iso27002/2022/EN ## 5.5 Contact with authorities #### Control diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.6-Contact-with-special-interest-groups.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.6-Contact-with-special-interest-groups.md index ad461d2..3756091 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.6-Contact-with-special-interest-groups.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.6-Contact-with-special-interest-groups.md @@ -1,4 +1,3 @@ -#iso27002/2022/EN ## 5.6 Contact with special interest groups #### Control diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.7-Threat-intelligence.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.7-Threat-intelligence.md index 538e7c8..ff4ee61 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.7-Threat-intelligence.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.7-Threat-intelligence.md @@ -1,4 +1,3 @@ -#iso27002/2022/EN ## 5.7 Threat intelligence #### Control diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.8-Information-security-in-project-management.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.8-Information-security-in-project-management.md index 1cded2c..7d9150b 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.8-Information-security-in-project-management.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.8-Information-security-in-project-management.md @@ -1,4 +1,3 @@ -#iso27002/2022/EN ## 5.8 Information security in project management #### Control diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.9-Inventory-of-information-and-other-associated-assets.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.9-Inventory-of-information-and-other-associated-assets.md index 8168224..26c260a 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.9-Inventory-of-information-and-other-associated-assets.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.9-Inventory-of-information-and-other-associated-assets.md @@ -1,5 +1,3 @@ -#iso27002/2022/EN - ## 5.9 Inventory of information and other associated assets | Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains | diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-6.1-Screening.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-6.1-Screening.md index 640bc60..a6b01a2 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-6.1-Screening.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-6.1-Screening.md @@ -1,4 +1,4 @@ -# Control 6.1 Screening +## Control 6.1 Screening diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-6.3-Information-security-awareness-education-and-training.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-6.3-Information-security-awareness-education-and-training.md index 5994f8f..f290ca1 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-6.3-Information-security-awareness-education-and-training.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-6.3-Information-security-awareness-education-and-training.md @@ -1,5 +1,3 @@ -#iso27002/2022/EN - ## 6.3 Information security awareness, education and training | **Control type** | **Information security properties** | **Cybersecurity concepts** | **Operational capabilities** | **Security domains** | diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-6.5-Responsibilities-after-termination-or-change-of-employment.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-6.5-Responsibilities-after-termination-or-change-of-employment.md index 172277d..e8e029d 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-6.5-Responsibilities-after-termination-or-change-of-employment.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-6.5-Responsibilities-after-termination-or-change-of-employment.md @@ -1,5 +1,3 @@ - - ## 6.5 Responsibilities after termination or change of employment | **Control type** | **Information security properties** | **Cybersecurity concepts** | **Operational capabilities** | **Security domains** | diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-6.6-Confidentiality-or-non-disclosure-agreements.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-6.6-Confidentiality-or-non-disclosure-agreements.md index b669405..be79fae 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-6.6-Confidentiality-or-non-disclosure-agreements.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-6.6-Confidentiality-or-non-disclosure-agreements.md @@ -1,5 +1,3 @@ - - ## 6.6 Confidentiality or non-disclosure agreements diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-6.8-Information-security-event-reporting.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-6.8-Information-security-event-reporting.md index 0b00a6c..0c1aec9 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-6.8-Information-security-event-reporting.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-6.8-Information-security-event-reporting.md @@ -1,5 +1,3 @@ - - ## 6.8 Information security event reporting diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-7.1-Physical-security-perimeters.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-7.1-Physical-security-perimeters.md index 216097e..2f6f13a 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-7.1-Physical-security-perimeters.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-7.1-Physical-security-perimeters.md @@ -1,5 +1,3 @@ - - ## 7.1 Physical security perimeters | **Control type** | **Information security properties** | **Cybersecurity concepts** | **Operational capabilities** | **Security domains** | diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-7.3-Securing-offices-rooms-and-facilities.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-7.3-Securing-offices-rooms-and-facilities.md index 3868b43..1b83685 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-7.3-Securing-offices-rooms-and-facilities.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-7.3-Securing-offices-rooms-and-facilities.md @@ -1,5 +1,3 @@ - - ## 7.3 Securing offices, rooms and facilities diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-7.4-Physical-security-monitoring.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-7.4-Physical-security-monitoring.md index bec1efd..ab30fdb 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-7.4-Physical-security-monitoring.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-7.4-Physical-security-monitoring.md @@ -1,5 +1,3 @@ - - ## 7.4 Physical security monitoring diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.13-Information-backup.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.13-Information-backup.md index e978a2d..f3baf55 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.13-Information-backup.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.13-Information-backup.md @@ -1,4 +1,3 @@ -#iso27002/2022/EN ## 8.13 Information backup | Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains | diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.15-Logging.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.15-Logging.md index cfdfc06..2fe1db6 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.15-Logging.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.15-Logging.md @@ -1,5 +1,3 @@ -#iso27002/2022/EN - ## 8.15 Logging | **Control type** | **Information security properties** | **Cybersecurity concepts** | **Operational capabilities** | **Security domains** | diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.16-Monitoring-activities.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.16-Monitoring-activities.md index b7d3de8..f2df294 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.16-Monitoring-activities.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.16-Monitoring-activities.md @@ -1,4 +1,3 @@ -#iso27002/2022/EN ## 8.16 Monitoring activities | **Control type** | **Information security properties** | **Cybersecurity concepts** | **Operational capabilities** | **Security domains** | diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.19-Installation-of-software-on-operational-systems.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.19-Installation-of-software-on-operational-systems.md index 4282a53..cf3feb6 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.19-Installation-of-software-on-operational-systems.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.19-Installation-of-software-on-operational-systems.md @@ -1,4 +1,3 @@ -#iso27002/2022/EN ## 8.19 Installation of software on operational systems | Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains | diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.2-Privileged-access-rights.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.2-Privileged-access-rights.md index 9cbe003..e9422e8 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.2-Privileged-access-rights.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.2-Privileged-access-rights.md @@ -1,5 +1,3 @@ -#iso27002/2022/EN - ## 8.2 Privileged access rights | Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains | diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.21-Security-of-network-services.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.21-Security-of-network-services.md index 9ec3b9f..66c0216 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.21-Security-of-network-services.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.21-Security-of-network-services.md @@ -1,5 +1,3 @@ - - ## 8.21 Security of network services | Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains | diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.22-Segregation-of-networks.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.22-Segregation-of-networks.md index 61f0528..9449c18 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.22-Segregation-of-networks.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.22-Segregation-of-networks.md @@ -1,5 +1,3 @@ -#iso27002/2022/EN - ## 8.22 Segregation of networks | Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains | diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.24-Use-of-cryptography.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.24-Use-of-cryptography.md index e3b584b..2b5eb7a 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.24-Use-of-cryptography.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.24-Use-of-cryptography.md @@ -1,9 +1,3 @@ ---- -tags: - - iso27001/2022/EN ---- - - ## 8.24 Use of cryptography diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.25-Secure-development-life-cycle.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.25-Secure-development-life-cycle.md index 661a1a2..6a9422e 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.25-Secure-development-life-cycle.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.25-Secure-development-life-cycle.md @@ -1,8 +1,3 @@ ---- -tags: - - iso27001/2022/EN ---- - ## 8.25 Secure development life cycle | Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains | diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.26-Application-security-requirements.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.26-Application-security-requirements.md index f83b078..43a9ca1 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.26-Application-security-requirements.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.26-Application-security-requirements.md @@ -1,4 +1,3 @@ -#iso27002/2022/EN ## 8.26 Application security requirements | Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains | diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.27-Secure-system-architecture-and-engineering-principles.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.27-Secure-system-architecture-and-engineering-principles.md index 130b1a0..8795494 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.27-Secure-system-architecture-and-engineering-principles.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.27-Secure-system-architecture-and-engineering-principles.md @@ -1,8 +1,3 @@ ---- -tags: - - iso27001/2022/EN ---- - ## 8.27 Secure system architecture and engineering principles | Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains | diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.28-Secure-coding.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.28-Secure-coding.md index 1d24c99..6e6ba21 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.28-Secure-coding.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.28-Secure-coding.md @@ -1,14 +1,3 @@ ---- -tags: - - iso27001/2022/EN ---- - - -| Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains | -| ------------ | ----------------------------------------- | ---------------------- | -------------------------------------------------- | ---------------- | -| #Preventive | #Confidentiality #Integrity #Availability | #Protect | #Application_security #System_and_network_security | #Protection | - - ## 8.28 Secure coding #### Control diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.29-Security-testing-in-development-and-acceptance.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.29-Security-testing-in-development-and-acceptance.md index e386602..dabba50 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.29-Security-testing-in-development-and-acceptance.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.29-Security-testing-in-development-and-acceptance.md @@ -1,5 +1,3 @@ -#iso27002/2022/EN - ## 8.29 Security testing in development and acceptance | Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains | diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.32-Change-management.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.32-Change-management.md index eb8b550..7154dcb 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.32-Change-management.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.32-Change-management.md @@ -1,4 +1,3 @@ -#iso27002/2022/EN ## 8.32 Change management | Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains | diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.5-Secure-authentication.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.5-Secure-authentication.md index 6355aa3..111ab8b 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.5-Secure-authentication.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.5-Secure-authentication.md @@ -1,5 +1,3 @@ -#iso27002/2022/EN - ## 8.5 Secure authentication | Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains | diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.7-Protection-against-malware.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.7-Protection-against-malware.md index 8ed499e..292a238 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.7-Protection-against-malware.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.7-Protection-against-malware.md @@ -1,6 +1,4 @@ -#iso27002/2022/EN - -# 8.7  **Protection** **against** **malware** +## 8.7  Protection against malware ## Control Protection against malware should be implemented and supported by appropriate user awareness. diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.8-Management-of-technical-vulnerabilities.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.8-Management-of-technical-vulnerabilities.md index 77430c6..245b592 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.8-Management-of-technical-vulnerabilities.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.8-Management-of-technical-vulnerabilities.md @@ -1,5 +1,3 @@ -#iso27002/2022/EN -x ## 8.8 Management of technical vulnerabilities diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.9-Configuration-management.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.9-Configuration-management.md index 518d996..6287b0f 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-8.9-Configuration-management.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-8.9-Configuration-management.md @@ -1,4 +1,3 @@ -#iso27002/2022/EN ## 8.9 Configuration management ### Control diff --git a/Corpus/📗 Information security concepts MoC.md b/Corpus/📗 Information security concepts MoC.md index b2c42c7..bc5c4d8 100644 --- a/Corpus/📗 Information security concepts MoC.md +++ b/Corpus/📗 Information security concepts MoC.md @@ -1,6 +1,6 @@ --- Related: - - "[ISO\\_27002\\_OT 3 Terms, definitions and abbreviated terms](Standards/ISO27x/OST/27002/EN/ISO_27002_OT%203%20Terms,%20definitions%20and%20abbreviated%20terms.md)" + - "[ISO\\_27002\\_OT 3 Terms, definitions and abbreviated terms](Standards/ISO27x/OST/27002/EN/a-3-Terms-definitions-and-abbreviated-terms.md)" - https://csiac.org/databases/acronyms/ tags: - type/MoC diff --git a/prepend_frontmatter.py b/prepend_frontmatter.py new file mode 100644 index 0000000..0827aae --- /dev/null +++ b/prepend_frontmatter.py @@ -0,0 +1,2320 @@ +#!/usr/bin/env python3 +""" +prepend_frontmatter.py + +For each ISO 27002 control note in the target folder: +- Skips files that already have YAML frontmatter (starts with ---) +- Skips a-3-Terms* +- Prepends the correct frontmatter block and writes the file back + +Run from anywhere: + python3 prepend_frontmatter.py + +Requires Python 3.6+. No dependencies. +""" + +import os + +VAULT_DIR = "/Users/rico/src/iso27diy-corp/Corpus/Standards/ISO27x/OST/27002/EN" + +FRONTMATTER = { + "a-5.1-Policies-for-information-security.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.1" +title: "Policies for information security" +theme: Organizational +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Identify] +operational_capabilities: [Governance] +security_domains: + - Governance_and_Ecosystem + - Resilience +tags: + - iso27002/2022/EN +status: active +---""", + + "a-5.2-Information-security-roles-and-responsibilities.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.2" +title: "Information security roles and responsibilities" +theme: Organizational +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Identify] +operational_capabilities: [Governance] +security_domains: + - Governance_and_Ecosystem + - Protection + - Resilience +tags: + - iso27002/2022/EN +status: active +---""", + + "a-5.3-Segregation-of-duties.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.3" +title: "Segregation of duties" +theme: Organizational +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: + - Governance + - Identity_and_access_management +security_domains: [Governance_and_Ecosystem] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-5.4-Management-responsibilities.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.4" +title: "Management responsibilities" +theme: Organizational +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Identify] +operational_capabilities: [Governance] +security_domains: [Governance_and_Ecosystem] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-5.5-Contact-with-authorities.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.5" +title: "Contact with authorities" +theme: Organizational +control_type: + - Preventive + - Corrective +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: + - Identify + - Protect + - Respond + - Recover +operational_capabilities: [Governance] +security_domains: + - Defence + - Resilience +tags: + - iso27002/2022/EN +status: active +---""", + + "a-5.6-Contact-with-special-interest-groups.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.6" +title: "Contact with special interest groups" +theme: Organizational +control_type: + - Preventive + - Corrective +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: + - Protect + - Respond + - Recover +operational_capabilities: [Governance] +security_domains: [Defence] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-5.7-Threat-intelligence.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.7" +title: "Threat intelligence" +theme: Organizational +control_type: + - Preventive + - Detective + - Corrective +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: + - Identify + - Detect + - Respond +operational_capabilities: [Threat_and_vulnerability_management] +security_domains: + - Defence + - Resilience +tags: + - iso27002/2022/EN +status: active +---""", + + "a-5.8-Information-security-in-project-management.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.8" +title: "Information security in project management" +theme: Organizational +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: + - Identify + - Protect +operational_capabilities: [Governance] +security_domains: + - Governance_and_Ecosystem + - Protection +tags: + - iso27002/2022/EN +status: active +---""", + + "a-5.9-Inventory-of-information-and-other-associated-assets.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.9" +title: "Inventory of information and other associated assets" +theme: Organizational +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Identify] +operational_capabilities: [Asset_management] +security_domains: + - Governance_and_Ecosystem + - Protection +tags: + - iso27002/2022/EN +status: active +---""", + + "a-5.10-Acceptable-use-of-information-and-other-associated-assets.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.10" +title: "Acceptable use of information and other associated assets" +theme: Organizational +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: + - Asset_management + - Information_protection +security_domains: + - Governance_and_Ecosystem + - Protection +tags: + - iso27002/2022/EN +status: active +---""", + + "a-5.11-Return-of-assets.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.11" +title: "Return of assets" +theme: Organizational +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: [Asset_management] +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-5.12-Classification-of-information.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.12" +title: "Classification of information" +theme: Organizational +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Identify] +operational_capabilities: [Information_protection] +security_domains: + - Protection + - Defence +tags: + - iso27002/2022/EN +status: active +---""", + + "a-5.13-Labelling-of-information.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.13" +title: "Labelling of information" +theme: Organizational +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: [Information_protection] +security_domains: + - Defence + - Protection +tags: + - iso27002/2022/EN +status: active +---""", + + "a-5.14-Information-transfer.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.14" +title: "Information transfer" +theme: Organizational +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: + - Asset_management + - Information_protection +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-5.15-Access-control.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.15" +title: "Access control" +theme: Organizational +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: [Identity_and_access_management] +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-5.16-Identity-management.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.16" +title: "Identity management" +theme: Organizational +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: [Identity_and_access_management] +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-5.17-Authentication-information.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.17" +title: "Authentication information" +theme: Organizational +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: [Identity_and_access_management] +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-5.18-Access-rights.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.18" +title: "Access rights" +theme: Organizational +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: [Identity_and_access_management] +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-5.19-Information-security-in-supplier-relationships.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.19" +title: "Information security in supplier relationships" +theme: Organizational +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Identify] +operational_capabilities: [Supplier_relationships_security] +security_domains: + - Governance_and_Ecosystem + - Protection +tags: + - iso27002/2022/EN +status: active +---""", + + "a-5.20-Addressing-information-security-within-supplier-agreements.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.20" +title: "Addressing information security within supplier agreements" +theme: Organizational +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Identify] +operational_capabilities: [Supplier_relationships_security] +security_domains: + - Governance_and_Ecosystem + - Protection +tags: + - iso27002/2022/EN +status: active +---""", + + "a-5.21-Managing-information-security-in-the-ICT-supply-chain.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.21" +title: "Managing information security in the ICT supply chain" +theme: Organizational +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Identify] +operational_capabilities: [Supplier_relationships_security] +security_domains: + - Governance_and_Ecosystem + - Protection +tags: + - iso27002/2022/EN +status: active +---""", + + "a-5.22-Monitoring-review-and-change-management-of-supplier-services.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.22" +title: "Monitoring, review and change management of supplier services" +theme: Organizational +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Identify] +operational_capabilities: [Supplier_relationships_security] +security_domains: + - Governance_and_Ecosystem + - Protection + - Defence + - Information_security_assurance +tags: + - iso27002/2022/EN +status: active +---""", + + "a-5.23-Information-security-for-use-of-cloud-services.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.23" +title: "Information security for use of cloud services" +theme: Organizational +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: [Supplier_relationships_security] +security_domains: + - Governance_and_Ecosystem + - Protection +tags: + - iso27002/2022/EN +status: active +---""", + + "a-5.24-Information-security-incident-management-planning-and-preparation.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.24" +title: "Information security incident management planning and preparation" +theme: Organizational +control_type: [Corrective] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: + - Respond + - Recover +operational_capabilities: + - Governance + - Information_security_event_management +security_domains: [Defence] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-5.25-Assessment-and-decision-on-information-security-events.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.25" +title: "Assessment and decision on information security events" +theme: Organizational +control_type: [Detective] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: + - Detect + - Respond +operational_capabilities: [Information_security_event_management] +security_domains: [Defence] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-5.26-Response-to-information-security-incidents.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.26" +title: "Response to information security incidents" +theme: Organizational +control_type: [Corrective] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: + - Respond + - Recover +operational_capabilities: [Information_security_event_management] +security_domains: [Defence] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-5.27-Learning-from-information-security-incidents.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.27" +title: "Learning from information security incidents" +theme: Organizational +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: + - Identify + - Protect +operational_capabilities: [Information_security_event_management] +security_domains: [Defence] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-5.28-Collection-of-evidence.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.28" +title: "Collection of evidence" +theme: Organizational +control_type: [Corrective] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: + - Detect + - Respond +operational_capabilities: [Information_security_event_management] +security_domains: [Defence] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-5.29-Information-security-during-disruption.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.29" +title: "Information security during disruption" +theme: Organizational +control_type: + - Preventive + - Corrective +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: + - Protect + - Respond +operational_capabilities: [Continuity] +security_domains: + - Protection + - Resilience +tags: + - iso27002/2022/EN +status: active +---""", + + "a-5.30-ICT-readiness-for-business-continuity.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.30" +title: "ICT readiness for business continuity" +theme: Organizational +control_type: [Corrective] +information_security_properties: [Availability] +cybersecurity_concepts: [Respond] +operational_capabilities: [Continuity] +security_domains: [Resilience] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-5.31-Legal-statutory-regulatory-and-contractual-requirements.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.31" +title: "Legal, statutory, regulatory and contractual requirements" +theme: Organizational +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Identify] +operational_capabilities: [Legal_and_compliance] +security_domains: + - Governance_and_Ecosystem + - Protection +tags: + - iso27002/2022/EN +status: active +---""", + + "a-5.32-Intellectual-property-rights.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.32" +title: "Intellectual property rights" +theme: Organizational +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Identify] +operational_capabilities: [Legal_and_compliance] +security_domains: [Governance_and_Ecosystem] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-5.33-Protection-of-records.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.33" +title: "Protection of records" +theme: Organizational +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: + - Identify + - Protect +operational_capabilities: + - Legal_and_compliance + - Asset_management + - Information_protection +security_domains: [Defence] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-5.34-Privacy-and-protection-of-PII.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.34" +title: "Privacy and protection of PII" +theme: Organizational +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: + - Identify + - Protect +operational_capabilities: + - Information_protection + - Legal_and_compliance +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-5.35-Independent-review-of-information-security.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.35" +title: "Independent review of information security" +theme: Organizational +control_type: + - Preventive + - Corrective +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: + - Identify + - Protect +operational_capabilities: [Information_security_assurance] +security_domains: [Governance_and_Ecosystem] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-5.36-Compliance-with-policies-rules-and-standards-for-information-security.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.36" +title: "Compliance with policies, rules and standards for information security" +theme: Organizational +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: + - Identify + - Protect +operational_capabilities: + - Legal_and_compliance + - Information_security_assurance +security_domains: [Governance_and_Ecosystem] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-5.37-Documented-operating-procedures.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.5.37" +title: "Documented operating procedures" +theme: Organizational +control_type: + - Preventive + - Corrective +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: + - Protect + - Recover +operational_capabilities: + - Asset_management + - Physical_security + - System_and_network_security + - Application_security + - Secure_configuration + - Identity_and_access_management + - Threat_and_vulnerability_management + - Continuity + - Information_security_event_management +security_domains: + - Governance_and_Ecosystem + - Protection + - Defence +tags: + - iso27002/2022/EN +status: active +---""", + + "a-6.1-Screening.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.6.1" +title: "Screening" +theme: People +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: [Human_resource_security] +security_domains: [Governance_and_Ecosystem] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-6.2-Terms-and-conditions-of-employment.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.6.2" +title: "Terms and conditions of employment" +theme: People +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: [Human_resource_security] +security_domains: [Governance_and_Ecosystem] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-6.3-Information-security-awareness-education-and-training.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.6.3" +title: "Information security awareness, education and training" +theme: People +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: [Human_resource_security] +security_domains: [Governance_and_Ecosystem] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-6.4-Disciplinary-process.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.6.4" +title: "Disciplinary process" +theme: People +control_type: + - Preventive + - Corrective +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: + - Protect + - Respond +operational_capabilities: [Human_resource_security] +security_domains: [Governance_and_Ecosystem] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-6.5-Responsibilities-after-termination-or-change-of-employment.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.6.5" +title: "Responsibilities after termination or change of employment" +theme: People +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: + - Human_resource_security + - Asset_management +security_domains: [Governance_and_Ecosystem] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-6.6-Confidentiality-or-non-disclosure-agreements.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.6.6" +title: "Confidentiality or non-disclosure agreements" +theme: People +control_type: [Preventive] +information_security_properties: [Confidentiality] +cybersecurity_concepts: [Protect] +operational_capabilities: + - Human_resource_security + - Information_protection + - Supplier_relationships_security +security_domains: [Governance_and_Ecosystem] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-6.7-Remote-working.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.6.7" +title: "Remote working" +theme: People +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: + - Asset_management + - Information_protection + - Physical_security + - System_and_network_security +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-6.8-Information-security-event-reporting.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.6.8" +title: "Information security event reporting" +theme: People +control_type: [Detective] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Detect] +operational_capabilities: [Information_security_event_management] +security_domains: [Defence] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-7.1-Physical-security-perimeters.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.7.1" +title: "Physical security perimeters" +theme: Physical +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: [Physical_security] +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-7.2-Physical-entry.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.7.2" +title: "Physical entry" +theme: Physical +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: + - Physical_security + - Identity_and_access_management +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-7.3-Securing-offices-rooms-and-facilities.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.7.3" +title: "Securing offices, rooms and facilities" +theme: Physical +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: + - Physical_security + - Asset_management +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-7.4-Physical-security-monitoring.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.7.4" +title: "Physical security monitoring" +theme: Physical +control_type: + - Preventive + - Detective +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: + - Protect + - Detect +operational_capabilities: [Physical_security] +security_domains: + - Protection + - Defence +tags: + - iso27002/2022/EN +status: active +---""", + + "a-7.5-Protecting-against-physical-and-environmental-threats.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.7.5" +title: "Protecting against physical and environmental threats" +theme: Physical +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: [Physical_security] +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-7.6-Working-in-secure-areas.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.7.6" +title: "Working in secure areas" +theme: Physical +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: [Physical_security] +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-7.7-Clear-desk-and-clear-screen.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.7.7" +title: "Clear desk and clear screen" +theme: Physical +control_type: [Preventive] +information_security_properties: [Confidentiality] +cybersecurity_concepts: [Protect] +operational_capabilities: [Physical_security] +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-7.8-Equipment-siting-and-protection.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.7.8" +title: "Equipment siting and protection" +theme: Physical +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: + - Physical_security + - Asset_management +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-7.9-Security-of-assets-off-premises.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.7.9" +title: "Security of assets off-premises" +theme: Physical +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: + - Physical_security + - Asset_management +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-7.10-Storage-media.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.7.10" +title: "Storage media" +theme: Physical +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: + - Physical_security + - Asset_management +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-7.11-Supporting-utilities.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.7.11" +title: "Supporting utilities" +theme: Physical +control_type: + - Preventive + - Detective +information_security_properties: + - Integrity + - Availability +cybersecurity_concepts: + - Protect + - Detect +operational_capabilities: [Physical_security] +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-7.12-Cabling-security.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.7.12" +title: "Cabling security" +theme: Physical +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: [Physical_security] +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-7.13-Equipment-maintenance.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.7.13" +title: "Equipment maintenance" +theme: Physical +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: + - Physical_security + - Asset_management +security_domains: + - Protection + - Resilience +tags: + - iso27002/2022/EN +status: active +---""", + + "a-7.14-Secure-disposal-or-re-use-of-equipment.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.7.14" +title: "Secure disposal or re-use of equipment" +theme: Physical +control_type: [Preventive] +information_security_properties: [Confidentiality] +cybersecurity_concepts: [Protect] +operational_capabilities: + - Physical_security + - Asset_management +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-8.1-User-endpoint-devices.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.1" +title: "User endpoint devices" +theme: Technological +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: + - Asset_management + - Information_protection +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-8.2-Privileged-access-rights.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.2" +title: "Privileged access rights" +theme: Technological +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: [Identity_and_access_management] +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-8.3-Information-access-restriction.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.3" +title: "Information access restriction" +theme: Technological +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: [Identity_and_access_management] +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-8.4-Access-to-source-code.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.4" +title: "Access to source code" +theme: Technological +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: + - Identity_and_access_management + - Application_security + - Secure_configuration +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-8.5-Secure-authentication.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.5" +title: "Secure authentication" +theme: Technological +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: [Identity_and_access_management] +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-8.6-Capacity-management.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.6" +title: "Capacity management" +theme: Technological +control_type: + - Preventive + - Detective +information_security_properties: + - Integrity + - Availability +cybersecurity_concepts: + - Identify + - Protect + - Detect +operational_capabilities: [Continuity] +security_domains: + - Governance_and_Ecosystem + - Protection +tags: + - iso27002/2022/EN +status: active +---""", + + "a-8.7-Protection-against-malware.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.7" +title: "Protection against malware" +theme: Technological +control_type: + - Preventive + - Detective + - Corrective +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: + - Protect + - Detect +operational_capabilities: + - System_and_network_security + - Information_protection +security_domains: + - Protection + - Defence +tags: + - iso27002/2022/EN +status: active +---""", + + "a-8.8-Management-of-technical-vulnerabilities.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.8" +title: "Management of technical vulnerabilities" +theme: Technological +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: + - Identify + - Protect +operational_capabilities: [Threat_and_vulnerability_management] +security_domains: + - Governance_and_Ecosystem + - Protection + - Defence +tags: + - iso27002/2022/EN +status: active +---""", + + "a-8.9-Configuration-management.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.9" +title: "Configuration management" +theme: Technological +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: [Secure_configuration] +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-8.10-Information-deletion.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.10" +title: "Information deletion" +theme: Technological +control_type: [Preventive] +information_security_properties: [Confidentiality] +cybersecurity_concepts: [Protect] +operational_capabilities: + - Information_protection + - Legal_and_compliance +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-8.11-Data-masking.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.11" +title: "Data masking" +theme: Technological +control_type: [Preventive] +information_security_properties: [Confidentiality] +cybersecurity_concepts: [Protect] +operational_capabilities: [Information_protection] +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-8.12-Data-leakage-prevention.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.12" +title: "Data leakage prevention" +theme: Technological +control_type: + - Preventive + - Detective +information_security_properties: [Confidentiality] +cybersecurity_concepts: + - Protect + - Detect +operational_capabilities: [Information_protection] +security_domains: + - Protection + - Defence +tags: + - iso27002/2022/EN +status: active +---""", + + "a-8.13-Information-backup.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.13" +title: "Information backup" +theme: Technological +control_type: [Corrective] +information_security_properties: + - Integrity + - Availability +cybersecurity_concepts: [Recover] +operational_capabilities: [Continuity] +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-8.14-Redundancy-of-information-processing-facilities.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.14" +title: "Redundancy of information processing facilities" +theme: Technological +control_type: [Preventive] +information_security_properties: [Availability] +cybersecurity_concepts: [Protect] +operational_capabilities: + - Continuity + - Asset_management +security_domains: + - Protection + - Resilience +tags: + - iso27002/2022/EN +status: active +---""", + + "a-8.15-Logging.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.15" +title: "Logging" +theme: Technological +control_type: [Detective] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Detect] +operational_capabilities: [Information_security_event_management] +security_domains: + - Protection + - Defence +tags: + - iso27002/2022/EN +status: active +---""", + + "a-8.16-Monitoring-activities.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.16" +title: "Monitoring activities" +theme: Technological +control_type: + - Detective + - Corrective +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: + - Detect + - Respond +operational_capabilities: [Information_security_event_management] +security_domains: [Defence] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-8.17-Clock-synchronization.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.17" +title: "Clock synchronization" +theme: Technological +control_type: [Detective] +information_security_properties: [Integrity] +cybersecurity_concepts: + - Protect + - Detect +operational_capabilities: [Information_security_event_management] +security_domains: + - Protection + - Defence +tags: + - iso27002/2022/EN +status: active +---""", + + "a-8.18-Use-of-privileged-utility-programs.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.18" +title: "Use of privileged utility programs" +theme: Technological +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: + - System_and_network_security + - Secure_configuration + - Application_security +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-8.19-Installation-of-software-on-operational-systems.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.19" +title: "Installation of software on operational systems" +theme: Technological +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: + - Secure_configuration + - Application_security +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-8.20-Networks-security.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.20" +title: "Networks security" +theme: Technological +control_type: + - Preventive + - Detective +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: + - Protect + - Detect +operational_capabilities: [System_and_network_security] +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-8.21-Security-of-network-services.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.21" +title: "Security of network services" +theme: Technological +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: [System_and_network_security] +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-8.22-Segregation-of-networks.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.22" +title: "Segregation of networks" +theme: Technological +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: [System_and_network_security] +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-8.23-Web-filtering.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.23" +title: "Web filtering" +theme: Technological +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: [System_and_network_security] +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-8.24-Use-of-cryptography.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.24" +title: "Use of cryptography" +theme: Technological +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: [Secure_configuration] +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-8.25-Secure-development-life-cycle.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.25" +title: "Secure development life cycle" +theme: Technological +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: + - Application_security + - System_and_network_security +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-8.26-Application-security-requirements.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.26" +title: "Application security requirements" +theme: Technological +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: + - Application_security + - System_and_network_security +security_domains: + - Protection + - Defence +tags: + - iso27002/2022/EN +status: active +---""", + + "a-8.27-Secure-system-architecture-and-engineering-principles.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.27" +title: "Secure system architecture and engineering principles" +theme: Technological +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: + - Application_security + - System_and_network_security +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-8.28-Secure-coding.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.28" +title: "Secure coding" +theme: Technological +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: + - Application_security + - System_and_network_security +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-8.29-Security-testing-in-development-and-acceptance.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.29" +title: "Security testing in development and acceptance" +theme: Technological +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Identify] +operational_capabilities: + - Application_security + - Information_security_assurance + - System_and_network_security +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-8.30-Outsourced-development.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.30" +title: "Outsourced development" +theme: Technological +control_type: + - Preventive + - Detective +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: + - Identify + - Protect + - Detect +operational_capabilities: + - System_and_network_security + - Application_security + - Supplier_relationships_security +security_domains: + - Governance_and_Ecosystem + - Protection +tags: + - iso27002/2022/EN +status: active +---""", + + "a-8.31-Separation-of-development-test-and-production-environments.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.31" +title: "Separation of development, test and production environments" +theme: Technological +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: + - Application_security + - System_and_network_security +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-8.32-Change-management.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.32" +title: "Change management" +theme: Technological +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: + - Application_security + - System_and_network_security +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-8.33-Test-information.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.33" +title: "Test information" +theme: Technological +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity +cybersecurity_concepts: [Protect] +operational_capabilities: [Information_protection] +security_domains: [Protection] +tags: + - iso27002/2022/EN +status: active +---""", + + "a-8.34-Protection-of-information-systems-during-audit-testing.md": """--- +notetype: sourcetext +standard: ISO 27002 +version: 2022 +language: EN +type: control +id: "A.8.34" +title: "Protection of information systems during audit testing" +theme: Technological +control_type: [Preventive] +information_security_properties: + - Confidentiality + - Integrity + - Availability +cybersecurity_concepts: [Protect] +operational_capabilities: + - System_and_network_security + - Information_protection +security_domains: + - Governance_and_Ecosystem + - Protection +tags: + - iso27002/2022/EN +status: active +---""", +} + + +def main(): + written = [] + skipped_fm = [] + skipped_missing = [] + errors = [] + + for filename, frontmatter in sorted(FRONTMATTER.items()): + filepath = os.path.join(VAULT_DIR, filename) + + if not os.path.exists(filepath): + skipped_missing.append(filename) + continue + + with open(filepath, "r", encoding="utf-8") as f: + content = f.read() + + if content.startswith("---"): + skipped_fm.append(filename) + continue + + new_content = frontmatter + "\n\n" + content + + with open(filepath, "w", encoding="utf-8") as f: + f.write(new_content) + + written.append(filename) + + print(f"Written: {len(written)}") + print(f"Already had FM: {len(skipped_fm)}") + print(f"File not found: {len(skipped_missing)}") + print(f"Errors: {len(errors)}") + + if skipped_fm: + print("\nAlready had frontmatter (skipped):") + for f in skipped_fm: + print(f" {f}") + if skipped_missing: + print("\nNot found (skipped):") + for f in skipped_missing: + print(f" {f}") + if errors: + print("\nErrors:") + for e in errors: + print(f" {e}") + + +if __name__ == "__main__": + main() \ No newline at end of file