replaced links and paths

2026-04-20 13:27:09 +02:00 · 2026-04-20 13:27:09 +02:00 · 99203c6dc5
commit 99203c6dc5
parent 2fbe163fff
154 changed files with 542 additions and 542 deletions
--- a/AuditGlue/GIS-content-map.md
+++ b/AuditGlue/GIS-content-map.md
@ -1,74 +1,74 @@
 # GIS Content Map

 - **m100: Implementing with ISO27DIY**
-	- [[m100s010-Modules-and-Sessions|m100s010]]: Modules and Sessions
-	- [[m100s020-about-AuditGlue|m100s020]]: About AuditGlue
+	- [m100s010](../../iso27DIY-gis/guide/m100/m100s010-Modules-and-Sessions.md): Modules and Sessions
+	- [m100s020](../../iso27DIY-gis/guide/m100/m100s020-about-AuditGlue.md): About AuditGlue
 - **m200: About ISO 27001**
-	- [[m200s010-about-ISO27001|m200s010]]: About ISO 27001
+	- [m200s010](../../iso27DIY-gis/guide/m200/m200s010-about-ISO27001.md): About ISO 27001
 - **m300: Strategy, Risks and Leadership**
-	- [[m300s010-introduction|m300s010]]: Introduction to Strategy, Risks and Leadership
-	- [[m310s010-organizational-goals|m310s010]]: Organizational Goals
-	- [[m310s020-threat-landscape|m310s020]]: The Threat Landscape
-	- [[m310s030-Identifying-Strategic-Risks|m310s030]]: Identifying Strategic Risks
-	- [[m310s040-qualifying-risks|m310s040]]: Qualifying Risks
-	- [[m310s050-qualifying-impact|m310s050]]: Qualifying Impact
-	- [[m310s060-creating-the-risk-matrix|m310s060]]: Creating the Risk Matrix
-	- [[m310s070-Governance-model|m310s070]]: Governance model
-	- m310s080: Information Security Policy ([[ISO_27001_2022_5.2_MoC Policy|C5.2]])
+	- [m300s010](../../iso27DIY-gis/guide/m300/m300s010-introduction.md): Introduction to Strategy, Risks and Leadership
+	- [m310s010](../../iso27DIY-gis/guide/m310/m310s010-organizational-goals.md): Organizational Goals
+	- [m310s020](../../iso27DIY-gis/guide/m310/m310s020-threat-landscape.md): The Threat Landscape
+	- [m310s030](../../iso27DIY-gis/guide/m310/m310s030-Identifying-Strategic-Risks.md): Identifying Strategic Risks
+	- [m310s040](../../iso27DIY-gis/guide/m310/m310s040-qualifying-risks.md): Qualifying Risks
+	- [m310s050](../../iso27DIY-gis/guide/m310/m310s050-qualifying-impact.md): Qualifying Impact
+	- [m310s060](../../iso27DIY-gis/guide/m310/m310s060-creating-the-risk-matrix.md): Creating the Risk Matrix
+	- [m310s070](../../iso27DIY-gis/guide/m310/m310s070-Governance-model.md): Governance model
+	- m310s080: Information Security Policy ([C5.2](../Corpus/Standards/MoCs/ISO_27001_2022_5.2_MoC%20Policy.md))
 - **m400: Context of the Organization** 
-	- [[m400s010-introduction|m400s010]]: Introduction: Why Context Matters
-	- m400s020: Standards, Laws and Regulations  ([[ISO_27001_2022_4.2_MoC Understanding the needs and expectations of interested parties|C4.2]], [[ISO_27002_2022_5.31_MoC Legal, statutory, regulatory and contractual requirements|A5.31]], [[ISO_27002_2022_5.34_MoC Privacy and protection of PII|A5.34]])
-	- m400s030: [[iso27diy-git-SYNC!/m300/m300s520-DESTEP-analysis|m300s520]]: **DESTEP analysis**  ([[ISO_27001_2022_4.2_MoC Understanding the needs and expectations of interested parties|C4.2]])
-	- m400s040: [[iso27diy-m300s510|m300s510]]:  **SWOT analysis** ([[ISO_27001_2022_4.1_MoC Understanding the organization and its context|C4.1]])
-	- m400s050: Stakeholder Analysis ([[ISO_27001_2022_4.2_MoC Understanding the needs and expectations of interested parties|C4.2]])
+	- [m400s010](../../iso27DIY-gis/guide/m400/m400s010-introduction.md): Introduction: Why Context Matters
+	- m400s020: Standards, Laws and Regulations  ([C4.2](../Corpus/Standards/MoCs/ISO_27001_2022_4.2_MoC%20Understanding%20the%20needs%20and%20expectations%20of%20interested%20parties.md), [A5.31](../Corpus/Standards/MoCs/ISO_27002_2022_5.31_MoC%20Legal,%20statutory,%20regulatory%20and%20contractual%20requirements.md), [A5.34](../Corpus/Standards/MoCs/ISO_27002_2022_5.34_MoC%20Privacy%20and%20protection%20of%20PII.md))
+	- m400s030: [[iso27diy-git-SYNC!/m300/m300s520-DESTEP-analysis|m300s520]]: **DESTEP analysis**  ([C4.2](../Corpus/Standards/MoCs/ISO_27001_2022_4.2_MoC%20Understanding%20the%20needs%20and%20expectations%20of%20interested%20parties.md))
+	- m400s040: [[iso27diy-m300s510|m300s510]]:  **SWOT analysis** ([C4.1](../Corpus/Standards/MoCs/ISO_27001_2022_4.1_MoC%20Understanding%20the%20organization%20and%20its%20context.md))
+	- m400s050: Stakeholder Analysis ([C4.2](../Corpus/Standards/MoCs/ISO_27001_2022_4.2_MoC%20Understanding%20the%20needs%20and%20expectations%20of%20interested%20parties.md))
 	- **m410:Organizational Structures**
-		- [[Introduction for Organizational Structures]]
-		- Organizational processes ([[ISO_27001_2022_4.1_MoC Understanding the organization and its context|C4.1]])
-		- Organization Chart ([[ISO_27001_2022_4.1_MoC Understanding the organization and its context|C4.1]])
-		- Job architecture ([[ISO_27001_2022_4.1_MoC Understanding the organization and its context|C4.1]])
-		- Physical context (sites, buildings, areas) ([[ISO_27002_2022_7.1_MoC Physical security perimeters|A7.1]])
-		- Asset identification ([[ISO_27002_2022_5.9_MoC Inventory of information and other associated assets|A5.9]], [[ISO_27002_2022_5.32_MoC Intellectual property rights|A5.32]])
+		- [Introduction for Organizational Structures](../../🎇%20Sparks/Introduction%20for%20Organizational%20Structures.md)
+		- Organizational processes ([C4.1](../Corpus/Standards/MoCs/ISO_27001_2022_4.1_MoC%20Understanding%20the%20organization%20and%20its%20context.md))
+		- Organization Chart ([C4.1](../Corpus/Standards/MoCs/ISO_27001_2022_4.1_MoC%20Understanding%20the%20organization%20and%20its%20context.md))
+		- Job architecture ([C4.1](../Corpus/Standards/MoCs/ISO_27001_2022_4.1_MoC%20Understanding%20the%20organization%20and%20its%20context.md))
+		- Physical context (sites, buildings, areas) ([A7.1](../Corpus/Standards/MoCs/ISO_27002_2022_7.1_MoC%20Physical%20security%20perimeters.md))
+		- Asset identification ([A5.9](../../ISO_27002_2022_5.9_MoC%20Inventory%20of%20information%20and%20other%20associated%20assets.md), [A5.32](../Corpus/Standards/MoCs/ISO_27002_2022_5.32_MoC%20Intellectual%20property%20rights.md))
 	- **420: Planning the Implementation**
-		- [[m300s120-Setting-ISMS-Objectives|m300s120]]: Setting ISMS Objectives
+		- [m300s120](../../iso27DIY-gis/guide/m300/m300s120-Setting-ISMS-Objectives.md): Setting ISMS Objectives
 		- [[iso27diy-git-SYNC!/m300/m300s200-scope|m300s200]]: Setting the Scope
-		- Planning the ISMS implementation ([[ISO_27001_2022_6.1.1_MoC General|C6.1.1]])
+		- Planning the ISMS implementation ([C6.1.1](../Corpus/Standards/MoCs/ISO_27001_2022_6.1.1_MoC%20General.md))
 - **m500: Risks and Measures**
-	- Risk identification ([[ISO_27001_2022_6.1.2_MoC Information security risk assessment|C6.1.2]])
-	- Risk analysis ([[ISO_27001_2022_6.1.2_MoC Information security risk assessment|C6.1.2]])
-	- Data classification ([[ISO_27002_2022_5.12_MoC Classification of information|A5.12]])
-	- Technical vulnerabilities Test ([[ISO_27002_2022_8.8_MoC Management of technical vulnerabilities|A8.8]])
-	- Threat analysis (technical) ([[ISO_27001_2022_6.1.2_MoC Information security risk assessment|C6.1.2]], [[ISO_27002_2022_5.7_MoC Threat intelligence|A5.7]], [[ISO_27002_2022_5.6_MoC Contact with special interest groups|A5.6]])
-	- Controls identification ([[ISO_27001_2022_6.1.3_MoC Information security risk treatment|C6.1.3]])
-	- Roles and responsibilities ([[ISO_27001_2022_5.2_MoC Policy|C5.2]], [[ISO_27001_2022_5.3_MoC Organizational roles, responsibilities and authorities|C5.3]], [[ISO_27002_2022_5.4_MoC Management responsibilities|A5.4]], [[ISO_27002_2022_5.3_MoC Segregation of duties|A5.3]], [[ISO_27002_2022_5.5_MoC Contact with authorities|A5.5]]) – see [[m400-more-governance]]
-	- Planning Controls implementation ([[ISO_27001_2022_8.1_MoC Operational planning and control|C8.1]])
-	- Risk Management ([[ISO_27001_2022_8.1_MoC Operational planning and control|C8.1]], [[ISO_27001_2022_8.2_MoC Information security risk assessment|C8.2]], [[ISO_27001_2022_8.3_MoC Information security risk treatment|C8.3]], [[ISO_27001_2022_10.1_MoC Continual improvement|C10.1]])
-	- Controls implementation ([[ISO_27001_2022_8.3_MoC Information security risk treatment|C8.3]])
+	- Risk identification ([C6.1.2](../Corpus/Standards/MoCs/ISO_27001_2022_6.1.2_MoC%20Information%20security%20risk%20assessment.md))
+	- Risk analysis ([C6.1.2](../Corpus/Standards/MoCs/ISO_27001_2022_6.1.2_MoC%20Information%20security%20risk%20assessment.md))
+	- Data classification ([A5.12](../Corpus/Standards/MoCs/ISO_27002_2022_5.12_MoC%20Classification%20of%20information.md))
+	- Technical vulnerabilities Test ([A8.8](../Corpus/Standards/MoCs/ISO_27002_2022_8.8_MoC%20Management%20of%20technical%20vulnerabilities.md))
+	- Threat analysis (technical) ([C6.1.2](../Corpus/Standards/MoCs/ISO_27001_2022_6.1.2_MoC%20Information%20security%20risk%20assessment.md), [A5.7](../Corpus/Standards/MoCs/ISO_27002_2022_5.7_MoC%20Threat%20intelligence.md), [A5.6](../Corpus/Standards/MoCs/ISO_27002_2022_5.6_MoC%20Contact%20with%20special%20interest%20groups.md))
+	- Controls identification ([C6.1.3](../Corpus/Standards/MoCs/ISO_27001_2022_6.1.3_MoC%20Information%20security%20risk%20treatment.md))
+	- Roles and responsibilities ([C5.2](../Corpus/Standards/MoCs/ISO_27001_2022_5.2_MoC%20Policy.md), [C5.3](../Corpus/Standards/MoCs/ISO_27001_2022_5.3_MoC%20Organizational%20roles,%20responsibilities%20and%20authorities.md), [A5.4](../Corpus/Standards/MoCs/ISO_27002_2022_5.4_MoC%20Management%20responsibilities.md), [A5.3](../Corpus/Standards/MoCs/ISO_27002_2022_5.3_MoC%20Segregation%20of%20duties.md), [A5.5](../Corpus/Standards/MoCs/ISO_27002_2022_5.5_MoC%20Contact%20with%20authorities.md)) – see [m400-more-governance](../../iso27DIY-gis/guide/m400/m400-more-governance.md)
+	- Planning Controls implementation ([C8.1](../Corpus/Standards/MoCs/ISO_27001_2022_8.1_MoC%20Operational%20planning%20and%20control.md))
+	- Risk Management ([C8.1](../Corpus/Standards/MoCs/ISO_27001_2022_8.1_MoC%20Operational%20planning%20and%20control.md), [C8.2](../Corpus/Standards/MoCs/ISO_27001_2022_8.2_MoC%20Information%20security%20risk%20assessment.md), [C8.3](../Corpus/Standards/MoCs/ISO_27001_2022_8.3_MoC%20Information%20security%20risk%20treatment.md), [C10.1](../Corpus/Standards/MoCs/ISO_27001_2022_10.1_MoC%20Continual%20improvement.md))
+	- Controls implementation ([C8.3](../Corpus/Standards/MoCs/ISO_27001_2022_8.3_MoC%20Information%20security%20risk%20treatment.md))
 - **m600: Supporting the ISMS**
-	- Resources ([[ISO_27001_2022_7.1_MoC Resources|C7.1]]) 
-	- Competencies ([[ISO_27001_2022_7.2_MoC Competence|C7.2]])
-	- Documentation ([[ISO_27002_2022_5.33_MoC Protection of records|A5.33]], [[ISO_27001_2022_7.5.2_MoC Creating and updating|C7.5.2]])
-	- Policies ([[ISO_27002_2022_5.1_MoC Policies for information security|A5.1]])
-	- Review calendar ([[ISO_27002_2022_5.35_MoC Independent review of information security|A5.35]], [[ISO_27001_2022_7.5.2_MoC Creating and updating|C7.5.2]])
-	- Communication and Awareness ([[ISO_27001_2022_7.3_MoC Awareness|C7.3]], [[ISO_27001_2022_7.4_MoC Communication|C7.4]])
+	- Resources ([C7.1](../Corpus/Standards/MoCs/ISO_27001_2022_7.1_MoC%20Resources.md)) 
+	- Competencies ([C7.2](../Corpus/Standards/MoCs/ISO_27001_2022_7.2_MoC%20Competence.md))
+	- Documentation ([A5.33](../Corpus/Standards/MoCs/ISO_27002_2022_5.33_MoC%20Protection%20of%20records.md), [C7.5.2](../Corpus/Standards/MoCs/ISO_27001_2022_7.5.2_MoC%20Creating%20and%20updating.md))
+	- Policies ([A5.1](../../🧱%20Projects/iso27DIY%20mk%20I/ISO_27002_2022_5.1_MoC%20Policies%20for%20information%20security.md))
+	- Review calendar ([A5.35](../Corpus/Standards/MoCs/ISO_27002_2022_5.35_MoC%20Independent%20review%20of%20information%20security.md), [C7.5.2](../Corpus/Standards/MoCs/ISO_27001_2022_7.5.2_MoC%20Creating%20and%20updating.md))
+	- Communication and Awareness ([C7.3](../Corpus/Standards/MoCs/ISO_27001_2022_7.3_MoC%20Awareness.md), [C7.4](../Corpus/Standards/MoCs/ISO_27001_2022_7.4_MoC%20Communication.md))
 - **m700: Securing the Business**
 	- m710: Business Continuity
-		- Incident management ([[ISO_27002_2022_5.24_MoC Information security incident management planning and preparation|A5.24]], [[ISO_27002_2022_5.25_MoC Assessment and decision on information security events|A5.25]], [[ISO_27002_2022_5.26_MoC Response to information security incidents|A5.26]], [[ISO_27002_2022_5.27_MoC Learning from information security incidents|A5.27]], [[ISO_27002_2022_5.28_MoC Collection of evidence|A5.28]], [[ISO_27002_2022_5.29_MoC Information security during disruption|A5.29]], [[ISO_27002_2022_5.5_MoC Contact with authorities|A5.5]], [[ISO_27002_2022_5.6_MoC Contact with special interest groups|A5.6]])
-		- Business Impact Analyses ([[ISO_27002_2022_5.29_MoC Information security during disruption|A5.29]], [[ISO_27002_2022_5.30_MoC ICT readiness for business continuity|A5.30]])
-		- Business Continuity Planning ([[ISO_27002_2022_5.29_MoC Information security during disruption|A5.29]], [[ISO_27002_2022_5.30_MoC ICT readiness for business continuity|A5.30]], [[ISO_27002_2022_7.11_MoC Supporting utilities|A7.11]], [[ISO_27002_2022_5.5_MoC Contact with authorities|A5.5]])
+		- Incident management ([A5.24](../Corpus/Standards/MoCs/ISO_27002_2022_5.24_MoC%20Information%20security%20incident%20management%20planning%20and%20preparation.md), [A5.25](../Corpus/Standards/MoCs/ISO_27002_2022_5.25_MoC%20Assessment%20and%20decision%20on%20information%20security%20events.md), [A5.26](../Corpus/Standards/MoCs/ISO_27002_2022_5.26_MoC%20Response%20to%20information%20security%20incidents.md), [A5.27](../Corpus/Standards/MoCs/ISO_27002_2022_5.27_MoC%20Learning%20from%20information%20security%20incidents.md), [A5.28](../Corpus/Standards/MoCs/ISO_27002_2022_5.28_MoC%20Collection%20of%20evidence.md), [A5.29](../Corpus/Standards/MoCs/ISO_27002_2022_5.29_MoC%20Information%20security%20during%20disruption.md), [A5.5](../Corpus/Standards/MoCs/ISO_27002_2022_5.5_MoC%20Contact%20with%20authorities.md), [A5.6](../Corpus/Standards/MoCs/ISO_27002_2022_5.6_MoC%20Contact%20with%20special%20interest%20groups.md))
+		- Business Impact Analyses ([A5.29](../Corpus/Standards/MoCs/ISO_27002_2022_5.29_MoC%20Information%20security%20during%20disruption.md), [A5.30](../Corpus/Standards/MoCs/ISO_27002_2022_5.30_MoC%20ICT%20readiness%20for%20business%20continuity.md))
+		- Business Continuity Planning ([A5.29](../Corpus/Standards/MoCs/ISO_27002_2022_5.29_MoC%20Information%20security%20during%20disruption.md), [A5.30](../Corpus/Standards/MoCs/ISO_27002_2022_5.30_MoC%20ICT%20readiness%20for%20business%20continuity.md), [A7.11](../Corpus/Standards/MoCs/ISO_27002_2022_7.11_MoC%20Supporting%20utilities.md), [A5.5](../Corpus/Standards/MoCs/ISO_27002_2022_5.5_MoC%20Contact%20with%20authorities.md))
 	- m720: People Processes
-		- HR Policies ([[ISO_27002_2022_6.1_MoC Screening|A6.1]], [[ISO_27002_2022_6.2_MoC Terms and conditions of employment|A6.2]], [[ISO_27002_2022_6.3_MoC Information security awareness, education and training|A6.3]], [[ISO_27002_2022_6.4_MoC Disciplinary process|A6.4]], [[ISO_27002_2022_6.5_MoC Responsibilities after termination or change of employment|A6.5]], [[ISO_27002_2022_6.6_MoC Confidentiality or non-disclosure agreements|A6.6]])
-		- User policies ([[ISO_27002_2022_5.10_MoC Acceptable use of information and other associated assets|A5.10]], [[ISO_27002_2022_5.11_MoC Return of assets|A5.11]], [[ISO_27002_2022_5.12_MoC Classification of information|A5.12]], [[ISO_27002_2022_5.13_MoC Labelling of information|A5.13]], [[ISO_27002_2022_5.14_MoC Information transfer|A5.14]], [[ISO_27002_2022_5.37_MoC Documented operating procedures|A5.37]], [[ISO_27002_2022_6.7_MoC Remote working|A6.7]], [[ISO_27002_2022_6.8_MoC Information security event reporting|A6.8]], [[ISO_27002_2022_7.7_MoC Clear desk and clear screen|A7.7]], [[ISO_27002_2022_8.24_MoC Use of cryptography|A8.24]])
-		- Training ([[ISO_27002_2022_6.3_MoC Information security awareness, education and training|A6.3]])
+		- HR Policies ([A6.1](../Corpus/Standards/MoCs/ISO_27002_2022_6.1_MoC%20Screening.md), [A6.2](../Corpus/Standards/MoCs/ISO_27002_2022_6.2_MoC%20Terms%20and%20conditions%20of%20employment.md), [A6.3](../Corpus/Standards/MoCs/ISO_27002_2022_6.3_MoC%20Information%20security%20awareness,%20education%20and%20training.md), [A6.4](../Corpus/Standards/MoCs/ISO_27002_2022_6.4_MoC%20Disciplinary%20process.md), [A6.5](../Corpus/Standards/MoCs/ISO_27002_2022_6.5_MoC%20Responsibilities%20after%20termination%20or%20change%20of%20employment.md), [A6.6](../Corpus/Standards/MoCs/ISO_27002_2022_6.6_MoC%20Confidentiality%20or%20non-disclosure%20agreements.md))
+		- User policies ([A5.10](../Corpus/Standards/MoCs/ISO_27002_2022_5.10_MoC%20Acceptable%20use%20of%20information%20and%20other%20associated%20assets.md), [A5.11](../Corpus/Standards/MoCs/ISO_27002_2022_5.11_MoC%20Return%20of%20assets.md), [A5.12](../Corpus/Standards/MoCs/ISO_27002_2022_5.12_MoC%20Classification%20of%20information.md), [A5.13](../Corpus/Standards/MoCs/ISO_27002_2022_5.13_MoC%20Labelling%20of%20information.md), [A5.14](../Corpus/Standards/MoCs/ISO_27002_2022_5.14_MoC%20Information%20transfer.md), [A5.37](../Corpus/Standards/MoCs/ISO_27002_2022_5.37_MoC%20Documented%20operating%20procedures.md), [A6.7](../Corpus/Standards/MoCs/ISO_27002_2022_6.7_MoC%20Remote%20working.md), [A6.8](../Corpus/Standards/MoCs/ISO_27002_2022_6.8_MoC%20Information%20security%20event%20reporting.md), [A7.7](../Corpus/Standards/MoCs/ISO_27002_2022_7.7_MoC%20Clear%20desk%20and%20clear%20screen.md), [A8.24](../Corpus/Standards/MoCs/ISO_27002_2022_8.24_MoC%20Use%20of%20cryptography.md))
+		- Training ([A6.3](../Corpus/Standards/MoCs/ISO_27002_2022_6.3_MoC%20Information%20security%20awareness,%20education%20and%20training.md))
 	- 730: Technology processes
-		- Access Control ([[ISO_27002_2022_5.15_MoC Access control|A5.15]], [[ISO_27002_2022_5.16_MoC Identity management|A5.16]], [[ISO_27002_2022_5.17_MoC Authentication information|A5.17]], [[ISO_27002_2022_5.18_MoC Access rights|A5.18]], [[ISO_27002_2022_8.2_MoC Privileged access rights|A8.2]], [[ISO_27002_2022_8.3_MoC Information access restriction|A8.3]], [[ISO_27002_2022_8.4_MoC Access to source code|A8.4]], [[ISO_27002_2022_8.5_MoC Secure authentication|A8.5]])
-		- Technologies lifecycle ([[ISO_27002_2022_5.8_MoC Information security in project management|A5.8]], [[ISO_27002_2022_5.23_MoC Information security for use of cloud services|A5.23]], [[ISO_27002_2022_8.26_MoC Application security requirements|A8.26]], [[ISO_27002_2022_8.27_MoC Secure system architecture and engineering principles|A8.27]], [[ISO_27002_2022_8.28_MoC Secure coding|A8.28]], [[ISO_27002_2022_8.29_MoC Security testing in development and acceptance|A8.29]], [[ISO_27002_2022_8.30_MoC Outsourced development|A8.30]], [[ISO_27002_2022_8.31_MoC Separation of development, test and production environments|A8.31]], [[ISO_27002_2022_8.32_MoC Change management|A8.32]], [[ISO_27002_2022_8.33_MoC Test information|A8.33]], [[ISO_27002_2022_7.13_MoC Equipment maintenance|A7.13]], [[ISO_27002_2022_7.14_MoC Secure disposal or re-use of equipment|A7.14]], [[ISO_27002_2022_8.6_MoC Capacity management|A8.6]])
-		- Vendor management ([[ISO_27002_2022_5.19_MoC Information security in supplier relationships|A5.19]], [[ISO_27002_2022_5.20_MoC Addressing information security within supplier agreements|A5.20]], [[ISO_27002_2022_5.21_MoC Managing information security in the ICT supply chain|A5.21]], [[ISO_27002_2022_5.22_MoC Monitoring, review and change management of supplier services|A5.22]], [[ISO_27002_2022_5.23_MoC Information security for use of cloud services|A5.23]], [[ISO_27002_2022_8.29_MoC Security testing in development and acceptance|A8.29]])
-		- Device management ([[ISO_27002_2022_7.9_MoC Security of assets off-premises|A7.9]], [[ISO_27002_2022_7.10_MoC Storage media|A7.10]], [[ISO_27002_2022_8.1_MoC User endpoint devices|A8.1]], [[ISO_27002_2022_8.7_MoC Protection against malware|A8.7]])
-		- IT administration ([[ISO_27002_2022_8.7_MoC Protection against malware|A8.7]], [[ISO_27002_2022_8.8_MoC Management of technical vulnerabilities|A8.8]], [[ISO_27002_2022_8.9_MoC Configuration management|A8.9]], [[ISO_27002_2022_8.10_MoC Information deletion|A8.10]], [[ISO_27002_2022_8.11_MoC Data masking|A8.11]], [[ISO_27002_2022_8.12_MoC Data leakage prevention|A8.12]], [[ISO_27002_2022_8.13_MoC Information backup|A8.13]], [[ISO_27002_2022_8.14_MoC Redundancy of information processing facilities|A8.14]], [[ISO_27002_2022_8.15_MoC Logging|A8.15]], [[ISO_27002_2022_8.16_MoC Monitoring activities|A8.16]], [[ISO_27002_2022_8.17_MoC Clock synchronization|A8.17]], [[ISO_27002_2022_8.18_MoC Use of privileged utility programs|A8.18]], [[ISO_27002_2022_8.19_MoC Installation of software on operational systems|A8.19]], [[ISO_27002_2022_8.20_MoC Networks security|A8.20]], [[ISO_27002_2022_8.21_MoC Security of network services|A8.21]], [[ISO_27002_2022_8.22_MoC Segregation of networks|A8.22]], [[ISO_27002_2022_8.23_MoC Web filtering|A8.23]], [[ISO_27002_2022_8.24_MoC Use of cryptography|A8.24]], [[ISO_27002_2022_8.25_MoC Secure development life cycle|A8.25]], [[ISO_27002_2022_8.26_MoC Application security requirements|A8.26]], [[ISO_27002_2022_8.27_MoC Secure system architecture and engineering principles|A8.27]], [[ISO_27002_2022_8.28_MoC Secure coding|A8.28]], [[ISO_27002_2022_8.29_MoC Security testing in development and acceptance|A8.29]], [[ISO_27002_2022_8.30_MoC Outsourced development|A8.30]], [[ISO_27002_2022_8.31_MoC Separation of development, test and production environments|A8.31]], [[ISO_27002_2022_8.32_MoC Change management|A8.32]], [[ISO_27002_2022_8.33_MoC Test information|A8.33]], [[ISO_27002_2022_8.34_MoC Protection of information systems during audit testing|A8.34]], [[ISO_27002_2022_5.6_MoC Contact with special interest groups|A5.6]]) 
-		- Physical security ([[ISO_27002_2022_7.1_MoC Physical security perimeters|A7.1]], [[ISO_27002_2022_7.2_MoC Physical entry|A7.2]], [[ISO_27002_2022_7.3_MoC Securing offices, rooms and facilities|A7.3]], [[ISO_27002_2022_7.4_MoC Physical security monitoring|A7.4]], [[ISO_27002_2022_7.5_MoC Protecting against physical and environmental threats|A7.5]], [[ISO_27002_2022_7.6_MoC Working in secure areas|A7.6]], [[ISO_27002_2022_7.7_MoC Clear desk and clear screen|A7.7]], [[ISO_27002_2022_7.8_MoC Equipment siting and protection|A7.8]], [[ISO_27002_2022_7.12_MoC Cabling security|A7.12]])
- **800: Evaluate and Improve** ([[ISO_27001_2022_9_MoC Performance evaluation|C9]], [[ISO_27001_2022_10_MoC Improvement|C10]])
-	- Audits and Reviews ([[ISO_27001_2022_9.2_MoC Internal audit|C9.2]], [[ISO_27002_2022_5.35_MoC Independent review of information security|A5.35]], [[ISO_27002_2022_5.36_MoC Compliance with policies, rules and standards for information security|A5.36]])
-	- Management Reviews ([[ISO_27001_2022_9.3_MoC Management review|C9.3]])
-	- Planning of Changes ([[ISO_27001_2022_6.3_MoC Planning of changes|C6.3]])
+		- Access Control ([A5.15](../Corpus/Standards/MoCs/ISO_27002_2022_5.15_MoC%20Access%20control.md), [A5.16](../Corpus/Standards/MoCs/ISO_27002_2022_5.16_MoC%20Identity%20management.md), [A5.17](../Corpus/Standards/MoCs/ISO_27002_2022_5.17_MoC%20Authentication%20information.md), [A5.18](../Corpus/Standards/MoCs/ISO_27002_2022_5.18_MoC%20Access%20rights.md), [A8.2](../Corpus/Standards/MoCs/ISO_27002_2022_8.2_MoC%20Privileged%20access%20rights.md), [A8.3](../Corpus/Standards/MoCs/ISO_27002_2022_8.3_MoC%20Information%20access%20restriction.md), [A8.4](../Corpus/Standards/MoCs/ISO_27002_2022_8.4_MoC%20Access%20to%20source%20code.md), [A8.5](../Corpus/Standards/MoCs/ISO_27002_2022_8.5_MoC%20Secure%20authentication.md))
+		- Technologies lifecycle ([A5.8](../Corpus/Standards/MoCs/ISO_27002_2022_5.8_MoC%20Information%20security%20in%20project%20management.md), [A5.23](../Corpus/Standards/MoCs/ISO_27002_2022_5.23_MoC%20Information%20security%20for%20use%20of%20cloud%20services.md), [A8.26](../Corpus/Standards/MoCs/ISO_27002_2022_8.26_MoC%20Application%20security%20requirements.md), [A8.27](../Corpus/Standards/MoCs/ISO_27002_2022_8.27_MoC%20Secure%20system%20architecture%20and%20engineering%20principles.md), [A8.28](../Corpus/Standards/MoCs/ISO_27002_2022_8.28_MoC%20Secure%20coding.md), [A8.29](../Corpus/Standards/MoCs/ISO_27002_2022_8.29_MoC%20Security%20testing%20in%20development%20and%20acceptance.md), [A8.30](../Corpus/Standards/MoCs/ISO_27002_2022_8.30_MoC%20Outsourced%20development.md), [A8.31](../Corpus/Standards/MoCs/ISO_27002_2022_8.31_MoC%20Separation%20of%20development,%20test%20and%20production%20environments.md), [A8.32](../Corpus/Standards/MoCs/ISO_27002_2022_8.32_MoC%20Change%20management.md), [A8.33](../Corpus/Standards/MoCs/ISO_27002_2022_8.33_MoC%20Test%20information.md), [A7.13](../Corpus/Standards/MoCs/ISO_27002_2022_7.13_MoC%20Equipment%20maintenance.md), [A7.14](../Corpus/Standards/MoCs/ISO_27002_2022_7.14_MoC%20Secure%20disposal%20or%20re-use%20of%20equipment.md), [A8.6](../Corpus/Standards/MoCs/ISO_27002_2022_8.6_MoC%20Capacity%20management.md))
+		- Vendor management ([A5.19](../Corpus/Standards/MoCs/ISO_27002_2022_5.19_MoC%20Information%20security%20in%20supplier%20relationships.md), [A5.20](../Corpus/Standards/MoCs/ISO_27002_2022_5.20_MoC%20Addressing%20information%20security%20within%20supplier%20agreements.md), [A5.21](../Corpus/Standards/MoCs/ISO_27002_2022_5.21_MoC%20Managing%20information%20security%20in%20the%20ICT%20supply%20chain.md), [A5.22](../Corpus/Standards/MoCs/ISO_27002_2022_5.22_MoC%20Monitoring,%20review%20and%20change%20management%20of%20supplier%20services.md), [A5.23](../Corpus/Standards/MoCs/ISO_27002_2022_5.23_MoC%20Information%20security%20for%20use%20of%20cloud%20services.md), [A8.29](../Corpus/Standards/MoCs/ISO_27002_2022_8.29_MoC%20Security%20testing%20in%20development%20and%20acceptance.md))
+		- Device management ([A7.9](../Corpus/Standards/MoCs/ISO_27002_2022_7.9_MoC%20Security%20of%20assets%20off-premises.md), [A7.10](../Corpus/Standards/MoCs/ISO_27002_2022_7.10_MoC%20Storage%20media.md), [A8.1](../Corpus/Standards/MoCs/ISO_27002_2022_8.1_MoC%20User%20endpoint%20devices.md), [A8.7](../Corpus/Standards/MoCs/ISO_27002_2022_8.7_MoC%20Protection%20against%20malware.md))
+		- IT administration ([A8.7](../Corpus/Standards/MoCs/ISO_27002_2022_8.7_MoC%20Protection%20against%20malware.md), [A8.8](../Corpus/Standards/MoCs/ISO_27002_2022_8.8_MoC%20Management%20of%20technical%20vulnerabilities.md), [A8.9](../Corpus/Standards/MoCs/ISO_27002_2022_8.9_MoC%20Configuration%20management.md), [A8.10](../Corpus/Standards/MoCs/ISO_27002_2022_8.10_MoC%20Information%20deletion.md), [A8.11](../Corpus/Standards/MoCs/ISO_27002_2022_8.11_MoC%20Data%20masking.md), [A8.12](../Corpus/Standards/MoCs/ISO_27002_2022_8.12_MoC%20Data%20leakage%20prevention.md), [A8.13](../Corpus/Standards/MoCs/ISO_27002_2022_8.13_MoC%20Information%20backup.md), [A8.14](../Corpus/Standards/MoCs/ISO_27002_2022_8.14_MoC%20Redundancy%20of%20information%20processing%20facilities.md), [A8.15](../Corpus/Standards/MoCs/ISO_27002_2022_8.15_MoC%20Logging.md), [A8.16](../Corpus/Standards/MoCs/ISO_27002_2022_8.16_MoC%20Monitoring%20activities.md), [A8.17](../Corpus/Standards/MoCs/ISO_27002_2022_8.17_MoC%20Clock%20synchronization.md), [A8.18](../Corpus/Standards/MoCs/ISO_27002_2022_8.18_MoC%20Use%20of%20privileged%20utility%20programs.md), [A8.19](../Corpus/Standards/MoCs/ISO_27002_2022_8.19_MoC%20Installation%20of%20software%20on%20operational%20systems.md), [A8.20](../Corpus/Standards/MoCs/ISO_27002_2022_8.20_MoC%20Networks%20security.md), [A8.21](../Corpus/Standards/MoCs/ISO_27002_2022_8.21_MoC%20Security%20of%20network%20services.md), [A8.22](../Corpus/Standards/MoCs/ISO_27002_2022_8.22_MoC%20Segregation%20of%20networks.md), [A8.23](../Corpus/Standards/MoCs/ISO_27002_2022_8.23_MoC%20Web%20filtering.md), [A8.24](../Corpus/Standards/MoCs/ISO_27002_2022_8.24_MoC%20Use%20of%20cryptography.md), [A8.25](../Corpus/Standards/MoCs/ISO_27002_2022_8.25_MoC%20Secure%20development%20life%20cycle.md), [A8.26](../Corpus/Standards/MoCs/ISO_27002_2022_8.26_MoC%20Application%20security%20requirements.md), [A8.27](../Corpus/Standards/MoCs/ISO_27002_2022_8.27_MoC%20Secure%20system%20architecture%20and%20engineering%20principles.md), [A8.28](../Corpus/Standards/MoCs/ISO_27002_2022_8.28_MoC%20Secure%20coding.md), [A8.29](../Corpus/Standards/MoCs/ISO_27002_2022_8.29_MoC%20Security%20testing%20in%20development%20and%20acceptance.md), [A8.30](../Corpus/Standards/MoCs/ISO_27002_2022_8.30_MoC%20Outsourced%20development.md), [A8.31](../Corpus/Standards/MoCs/ISO_27002_2022_8.31_MoC%20Separation%20of%20development,%20test%20and%20production%20environments.md), [A8.32](../Corpus/Standards/MoCs/ISO_27002_2022_8.32_MoC%20Change%20management.md), [A8.33](../Corpus/Standards/MoCs/ISO_27002_2022_8.33_MoC%20Test%20information.md), [A8.34](../Corpus/Standards/MoCs/ISO_27002_2022_8.34_MoC%20Protection%20of%20information%20systems%20during%20audit%20testing.md), [A5.6](../Corpus/Standards/MoCs/ISO_27002_2022_5.6_MoC%20Contact%20with%20special%20interest%20groups.md)) 
+		- Physical security ([A7.1](../Corpus/Standards/MoCs/ISO_27002_2022_7.1_MoC%20Physical%20security%20perimeters.md), [A7.2](../Corpus/Standards/MoCs/ISO_27002_2022_7.2_MoC%20Physical%20entry.md), [A7.3](../Corpus/Standards/MoCs/ISO_27002_2022_7.3_MoC%20Securing%20offices,%20rooms%20and%20facilities.md), [A7.4](../Corpus/Standards/MoCs/ISO_27002_2022_7.4_MoC%20Physical%20security%20monitoring.md), [A7.5](../Corpus/Standards/MoCs/ISO_27002_2022_7.5_MoC%20Protecting%20against%20physical%20and%20environmental%20threats.md), [A7.6](../Corpus/Standards/MoCs/ISO_27002_2022_7.6_MoC%20Working%20in%20secure%20areas.md), [A7.7](../Corpus/Standards/MoCs/ISO_27002_2022_7.7_MoC%20Clear%20desk%20and%20clear%20screen.md), [A7.8](../Corpus/Standards/MoCs/ISO_27002_2022_7.8_MoC%20Equipment%20siting%20and%20protection.md), [A7.12](../Corpus/Standards/MoCs/ISO_27002_2022_7.12_MoC%20Cabling%20security.md))
+- **800: Evaluate and Improve** ([C9](../Corpus/Standards/MoCs/ISO_27001_2022_9_MoC%20Performance%20evaluation.md), [C10](../Corpus/Standards/MoCs/ISO_27001_2022_10_MoC%20Improvement.md))
+	- Audits and Reviews ([C9.2](../Corpus/Standards/MoCs/ISO_27001_2022_9.2_MoC%20Internal%20audit.md), [A5.35](../Corpus/Standards/MoCs/ISO_27002_2022_5.35_MoC%20Independent%20review%20of%20information%20security.md), [A5.36](../Corpus/Standards/MoCs/ISO_27002_2022_5.36_MoC%20Compliance%20with%20policies,%20rules%20and%20standards%20for%20information%20security.md))
+	- Management Reviews ([C9.3](../Corpus/Standards/MoCs/ISO_27001_2022_9.3_MoC%20Management%20review.md))
+	- Planning of Changes ([C6.3](../Corpus/Standards/MoCs/ISO_27001_2022_6.3_MoC%20Planning%20of%20changes.md))
 - **900: ISO 27001 Audits**
-	- Afwijkingen en Correcties ([[ISO_27001_2022_10.1_MoC Continual improvement|C10.1]])
+	- Afwijkingen en Correcties ([C10.1](../Corpus/Standards/MoCs/ISO_27001_2022_10.1_MoC%20Continual%20improvement.md))
--- a/AuditGlue/PRD
+++ b/AuditGlue/PRD
@ -73,7 +73,7 @@ Management interfaces must be added to the system to allow employees of Thinking

 ## Functional Diagram

-![[CleanShot 2025-07-17 at 10.45.16.png]]
+![](../../📎%20Attachments/CleanShot%202025-07-17%20at%2010.45.16.png)

 ## iso72DYI Technical Requirements

--- a/alternative/Agent
+++ b/alternative/Agent
@ -8,7 +8,7 @@ tags:
 [Cognigy course](https://academy.cognigy.com/courses/take/conversation-design-course/lessons/24748613-request-and-reply) Proceed with 4.3

 **Agent Design Intent Card**
-![[Agent Design Intent Card.png]]
+![](../../../📎%20Attachments/Agent%20Design%20Intent%20Card.png)

 Notice:
 - Who = the user
--- a/alternative/Using
+++ b/alternative/Using
@ -22,7 +22,7 @@ Examples:
 4. develop interventions based on these differences

 **Threat analysis**
- do a threat analysis, see [[Create a threat analysis chatbot]]
+- do a threat analysis, see [Create a threat analysis chatbot](../../Drafts%20and%20Ideas/Controls/Create%20a%20threat%20analysis%20chatbot.md)


 **Policy drafting**
--- a/alternative/iso27DIY
+++ b/alternative/iso27DIY
@ -9,13 +9,13 @@ https://advisera.com/conformio/

 **academy.cognigy.com**
 Video courses for conversation design
-![[Cognigy.png|1000]]
+![1000](../../../📎%20Attachments/Cognigy.png)

 **PECB eLearning** 

-![[CleanShot 2025-07-01 at 13.59.22 1.png|1000]]
+![1000](../../../📎%20Attachments/CleanShot%202025-07-01%20at%2013.59.22%201.png)

 **Writing assistant made with Base44**

-![[screenshot 1.png]]
+![](../../../📎%20Attachments/screenshot%201.png)