richardk/iso27diy-corp
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

replaced links and paths

Browse source
This commit is contained in:
Richard Kranendonk 2026-04-20 13:27:09 +02:00
parent 2fbe163fff
commit 99203c6dc5
154 changed files with 542 additions and 542 deletions
Download patch file Download diff file Expand all files Collapse all files

10
Corpus/MoCs/Change management MoC.md
View file

@ -1,11 +1,11 @@
#iso27002/2022/EN
Change Management in ISO 27002:
- [[ISO_27002_2022_5.8_MoC Information security in project management|5.8:]] Information security in project management
- [[ISO_27002_2022_5.22_MoC Monitoring, review and change management of supplier services|5.22:]] Monitoring, review and change management of supplier services
- [[ISO_27002_2022_8.28_MoC Secure coding|8.28:]] Secure coding
- [[ISO_27002_2022_8.29_MoC Security testing in development and acceptance|8.29:]] Security testing in development and acceptance
- [[ISO_27002_2022_8.32_MoC Change management|8.32:]] Change management
- [5.8:](../Standards/MoCs/ISO_27002_2022_5.8_MoC%20Information%20security%20in%20project%20management.md) Information security in project management
- [5.22:](../Standards/MoCs/ISO_27002_2022_5.22_MoC%20Monitoring,%20review%20and%20change%20management%20of%20supplier%20services.md) Monitoring, review and change management of supplier services
- [8.28:](../Standards/MoCs/ISO_27002_2022_8.28_MoC%20Secure%20coding.md) Secure coding
- [8.29:](../Standards/MoCs/ISO_27002_2022_8.29_MoC%20Security%20testing%20in%20development%20and%20acceptance.md) Security testing in development and acceptance
- [8.32:](../Standards/MoCs/ISO_27002_2022_8.32_MoC%20Change%20management.md) Change management
Also check the topic of risk / impact assessment.

2
Corpus/Standards/ISO-27001-OST/ISO27001-EN-2022/ISO_27001_2022_OT 4.1 Understanding the organization and its context.md
View file

@ -2,5 +2,5 @@
The organization shall determine external and internal issues that are relevant to its purpose and that affect its ability to achieve the intended outcome(s) of its information security management system.
NOTE Determining these issues refers to establishing the external and internal context of the organization considered in [[ISO_31000_OT 5.4.1 Understanding the organization and its context|Clause 5.4.1]] of ISO 31000:2018.
NOTE Determining these issues refers to establishing the external and internal context of the organization considered in [Clause 5.4.1](../../ISO_31000_OT%205.4.1%20Understanding%20the%20organization%20and%20its%20context.md) of ISO 31000:2018.

4
Corpus/Standards/ISO-27001-OST/ISO27001-EN-2022/ISO_27001_2022_OT 4.3 Determining the scope of the information security management system.md
View file

@ -5,9 +5,9 @@ The organization shall determine the boundaries and applicability of the informa
When determining this scope, the organization shall consider:
a\) the external and internal issues referred to in [[ISO_27001_2022_OT 4.1 Understanding the organization and its context|4.1]];
a\) the external and internal issues referred to in [4.1](ISO_27001_2022_OT%204.1%20Understanding%20the%20organization%20and%20its%20context.md);
b\) the requirements referred to in [[ISO_27001_2022_4.2_MoC Understanding the needs and expectations of interested parties|4.2]];
b\) the requirements referred to in [4.2](../../MoCs/ISO_27001_2022_4.2_MoC%20Understanding%20the%20needs%20and%20expectations%20of%20interested%20parties.md);
c\) interfaces and dependencies between activities performed by the organization, and those that are performed by other organizations.

2
Corpus/Standards/ISO-27001-OST/ISO27001-EN-2022/ISO_27001_2022_OT 5.2 Policy.md
View file

@ -5,7 +5,7 @@ Top management shall establish an information security policy that:
a\) is appropriate to the purpose of the organization;
b\) includes information security objectives (see [[ISO_27001_OT 6.2 Information security objectives and planning to achieve them|6.2]]) or provides the framework for setting information security objectives;
b\) includes information security objectives (see [6.2](ISO_27001_OT%206.2%20Information%20security%20objectives%20and%20planning%20to%20achieve%20them.md)) or provides the framework for setting information security objectives;
c\) includes a commitment to satisfy applicable requirements related to information security;

2
Corpus/Standards/ISO-27001-OST/ISO27001-EN-2022/ISO_27001_OT 6.1.1 General.md
View file

@ -1,6 +1,6 @@
### 6.1.1 General
When planning for the information security management system, the organization shall consider the issues referred to in [[ISO_27001_2022_OT 4.1 Understanding the organization and its context|4.1]] and the requirements referred to in [[ISO_27001_2022_OT 4.2 Understanding the needs and expectations of interested parties|4.2]] and determine the risks and opportunities that need to be addressed to:
When planning for the information security management system, the organization shall consider the issues referred to in [4.1](ISO_27001_2022_OT%204.1%20Understanding%20the%20organization%20and%20its%20context.md) and the requirements referred to in [4.2](ISO_27001_2022_OT%204.2%20Understanding%20the%20needs%20and%20expectations%20of%20interested%20parties.md) and determine the risks and opportunities that need to be addressed to:
a\) ensure the information security management system can achieve its intended outcome(s);

2
Corpus/Standards/ISO-27001-OST/ISO27001-EN-2022/ISO_27001_OT 8.2 Information security risk assessment.md
View file

@ -1,6 +1,6 @@
#iso27001/2022/EN
# Clause 8.2: Information security risk assessment
The organization shall perform information security risk assessments at planned intervals or when significant changes are proposed or occur, taking account of the criteria established in [[ISO_27001_OT 6.1.2 Information security risk assessment|6.1.2a]].
The organization shall perform information security risk assessments at planned intervals or when significant changes are proposed or occur, taking account of the criteria established in [6.1.2a](ISO_27001_OT%206.1.2%20Information%20security%20risk%20assessment.md).
The organization shall retain documented information of the results of the information security risk assessments.

2
Corpus/Standards/ISO-27001-OST/ISO27001-EN-2022/ISO_27001_OT Terms and definitions.md
View file

@ -5,4 +5,4 @@
For the purposes of this document, the terms and definitions given in
ISO/IEC 27000 apply.
[[ISO 27000 MoC]]
[ISO 27000 MoC](../../../../../👩🏼‍⚖️%20Standards%20and%20Regulations/ISO%2027K/ISO%2027000%20MoC.md)

2
Corpus/Standards/ISO-27001-OST/ISO27001-NL-2023/ISO_27001_2023_NL_Index.md
View file

@ -7,7 +7,7 @@ Publicatiedatum: augustus 2023
| **0** | **Inleiding** | [[ISO_27001_2023_NL_BT 0 Inzicht in de organisatie en haar context \|BT]] | [[ISO_27001_2023_NL_NN 0 Inzicht in de organisatie en haar context \|NN]] |
| **1** | **Onderwerp en toepassingsgebied** | [[ISO_27001_2023_NL_BT 1 Onderwerp en toepassingsgebied \|BT]] | [[ISO_27001_2023_NL_NN 1 Onderwerp en toepassingsgebied \|NN]] |
| **2** | **Normatieve verwijzingen** | [[ISO_27001_2023_NL_BT 2 Normatieve verwijzingen \|BT]] | [[ISO_27001_2023_NL_NN 2 Normatieve verwijzingen \|NN]] |
| **3** | **Termen en definities** | [[ISO_27001_2023_NL_BT 3 Termen en definities \|BT]] | [[ISO_27001_2023_NL_NN 3 Termen en definities \|NN]] |
| **3** | **Termen en definities** | [BT](ISO_27001_2023_NL_BT%203%20Termen%20en%20definities.md) | [[ISO_27001_2023_NL_NN 3 Termen en definities \|NN]] |
| **4** | **Context van de organisatie** | | |
| 4.1 | Inzicht in de organisatie en haar context | [[ISO_27001_2023_NL_BT 4.1 Inzicht in de organisatie en haar context \|BT]] | [[ISO_27001_2023_NL_NN 4.1 Inzicht in de organisatie en haar context \|NN]] |
| 4.2 | Inzicht in de behoeften en verwachtingen van belanghebbenden | [[ISO_27001_2023_NL_BT 4.2 Inzicht in de behoeften en verwachtingen van belanghebbenden \|BT]] | [[ISO_27001_2023_NL_NN 4.2 Inzicht in de behoeften en verwachtingen van belanghebbenden \|NN]] |

2
Corpus/Standards/ISO-27001-OST/ISO27001-NL-2023/ISO_27001_2023_NL_PDF.md
View file

@ -1,6 +1,6 @@
#iso27001/2023/NL
# ISO 27001 2023 NL
![[ISO_IEC_27001_2023_NL.pdf]]
![](../../../../../📎%20Attachments/ISO_IEC_27001_2023_NL.pdf)

4
Corpus/Standards/ISO-27002-OST/ISO27002-EN-2022/ISO_27002_2022_5.30_OT ICT readiness for business continuity.md
View file

@ -1,7 +1,7 @@
#iso27002/2022/EN
See also:
- [[BCP_Bedrijfscontinuïteitsplanning]]
- [[Disaster Recovery Planning]]
- [BCP_Bedrijfscontinuïteitsplanning](../../../../../📚️%20Literature%20notes/BCP_Bedrijfscontinuïteitsplanning.md)
- [Disaster Recovery Planning](../../../../../🎇%20Sparks/Disaster%20Recovery%20Planning.md)
# **5.30** **ICT** **readiness** **for** **business** continuity

2
Corpus/Standards/ISO-27002-OST/ISO27002-EN-2022/ISO_27002_2022_5.7_OT Threat intelligence.md
View file

@ -44,5 +44,5 @@ c)  as input to the information security test processes and techniques.
The organization should share threat intelligence with other organizations on a mutual basis in order to improve overall threat intelligence.
# Related:
- [[Threat Intelligence]]
- [Threat Intelligence](../../../../../🎇%20Sparks/Threat%20Intelligence.md)
- [[ISO_27002_PE 5.7 Threat intelligence]]

2
Corpus/Standards/ISO-27002-OST/ISO27002-NL-2022/ISO_27002_2022_NL_4.2_BT Thema's en attributen.md
View file

@ -44,4 +44,4 @@ Beveiligingsdomeinen is een attribuut om beheersmaatregelen te bekijken vanuit h
De in dit document vermelde attributen zijn gekozen op basis van het feit dat ze als generiek genoeg worden beschouwd om door verschillende soorten organisaties te worden gebruiktrganisaties kunnen ervoor kiezen een of meer van de in dit document vermelde attributen buiten beschouwing te latene kunnen ook zelf attributen (met de bijbehorende attribuutwaarden) aanmaken om hun eigen organisatieoverzichten te maken. Hoofdstuk A.2 bevat voorbeelden van dergelijke attributen.
Zie ook: [[ISO_27002_NL_Template_Attribuuttabel]]
Zie ook: [ISO_27002_NL_Template_Attribuuttabel](../../../../../📒%20Templates/ISO_27002_NL_Template_Attribuuttabel.md)

62
Corpus/Standards/ISO-27002-OST/ISO27002-NL-2022/ISO_27002_2022_NL_Index.md
View file

@ -6,42 +6,42 @@
| :------ | :---------------------------------------------------------------------------- | :---------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------- |
| **3** | **Termen, definities en afgekorte termen** | | |
| 3.1 | Termen en definities | [[ISO_27002_2022_NL_3.1_BT Termen en definities \|BT]] | [[ISO_27002_2022_NL_NN 3.1 Termen en definities \|NN]] |
| 3.2 | Afgekorte termen | [[ISO_27002_2022_NL_3.2_BT Afgekorte termen \|BT]] | [[ISO_27002_2022_NL_NN 3.2 Afgekorte termen \|NN]] |
| 3.2 | Afgekorte termen | [BT](ISO_27002_2022_NL_3.2_BT%20Afgekorte%20termen.md) | [[ISO_27002_2022_NL_NN 3.2 Afgekorte termen \|NN]] |
| **4** | **Structuur van dit document** | _ | |
| 4.1 | Hoofdstukken | [[ISO_27002_2022_NL_4.1_BT Hoofdstukken \|BT]] | [[ISO_27002_2022_NL_NN 4.1 Hoofdstukken \|NN]] |
| 4.2 | Thema's en attributen | [[ISO_27002_2022_NL_4.2_BT Thema's en attributen \|BT]] | [[ISO_27002_2022_NL_NN 4.2 Thema's en attributen \|NN]] |
| 4.3 | Indeling beheersmaatregel | [[ISO_27002_2022_NL_4.3_BT Indeling beheersmaatregel \|BT]] | [[ISO_27002_2022_NL_NN 4.3 Indeling beheersmaatregel \|NN]] |
| 4.1 | Hoofdstukken | [BT](ISO_27002_2022_NL_4.1_BT%20Hoofdstukken.md) | [[ISO_27002_2022_NL_NN 4.1 Hoofdstukken \|NN]] |
| 4.2 | Thema's en attributen | [BT](ISO_27002_2022_NL_4.2_BT%20Thema's%20en%20attributen.md) | [[ISO_27002_2022_NL_NN 4.2 Thema's en attributen \|NN]] |
| 4.3 | Indeling beheersmaatregel | [BT](ISO_27002_2022_NL_4.3_BT%20Indeling%20beheersmaatregel.md) | [[ISO_27002_2022_NL_NN 4.3 Indeling beheersmaatregel \|NN]] |
| **5** | **Organisatorische beheersmaatregelen** | _ | |
| 5.1 | Beleidsregels voor informatiebeveiliging | [[ISO_27002_2022_NL_5.1_BT Beleidsregels voor informatiebeveiliging \|BT]] | [[ISO_27002_2022_NL_NN 5.1 Beleidsregels voor informatiebeveiliging \|NN]] |
| 5.2 | Rollen en verantwoordelijkheden bij informatiebeveiliging | [[ISO_27002_2022_NL_5.2_BT Rollen en verantwoordelijkheden bij informatiebeveiliging \|BT]] | [[ISO_27002_2022_NL_NN 5.2 Rollen en verantwoordelijkheden bij informatiebeveiliging \|NN]] |
| 5.3 | Functiescheiding | [[ISO_27002_2022_NL_5.3_BT Functiescheiding \|BT]] | [[ISO_27002_2022_NL_NN 5.3 Functiescheiding \|NN]] |
| 5.4 | Managementverantwoordelijkheden | [[ISO_27002_2022_NL_5.4_BT Managementverantwoordelijkheden \|BT]] | [[ISO_27002_2022_NL_NN 5.4 Managementverantwoordelijkheden \|NN]] |
| 5.5 | Contact met overheidsinstanties | [[ISO_27002_2022_NL_5.5_BT Contact met overheidsinstanties \|BT]] | [[ISO_27002_2022_NL_NN 5.5 Contact met overheidsinstanties \|NN]] |
| 5.6 | Contact met speciale belangengroepen | [[ISO_27002_2022_NL_5.6_BT Contact met speciale belangengroepen \|BT]] | [[ISO_27002_2022_NL_NN 5.6 Contact met speciale belangengroepen \|NN]] |
| 5.7 | Informatie en analyses over dreigingen | [[ISO_27002_2022_NL_5.7_BT Informatie en analyses over dreigingen \|BT]] | [[ISO_27002_2022_NL_NN 5.7 Informatie en analyses over dreigingen \|NN]] |
| 5.8 | Informatiebeveiliging in projectmanagement | [[ISO_27002_2022_NL_5.8_BT Informatiebeveiliging in projectmanagement \|BT]] | [[ISO_27002_2022_NL_NN 5.8 Informatiebeveiliging in projectmanagement \|NN]] |
| 5.9 | Inventarisatie van informatie en andere gerelateerde bedrijfsmiddelen | [[ISO_27002_2022_NL_5.9_BT Inventarisatie van informatie en andere gerelateerde bedrijfsmiddelen \|BT]] | [[ISO_27002_2022_NL_NN 5.9 Inventarisatie van informatie en andere gerelateerde bedrijfsmiddelen \|NN]] |
| 5.10 | Aanvaardbaar gebruik van informatie en andere gerelateerde bedrijfsmiddelen | [[ISO_27002_2022_NL_5.10_BT Aanvaardbaar gebruik van informatie en andere gerelateerde bedrijfsmiddelen \|BT]] | [[ISO_27002_2022_NL_NN 5.10 Aanvaardbaar gebruik van informatie en andere gerelateerde bedrijfsmiddelen \|NN]] |
| 5.11 | Retourneren van bedrijfsmiddelen | [[ISO_27002_2022_NL_5.11_BT Retourneren van bedrijfsmiddelen \|BT]] | [[ISO_27002_2022_NL_NN 5.11 Retourneren van bedrijfsmiddelen \|NN]] |
| 5.12 | Classificeren van informatie | [[ISO_27002_2022_NL_5.12_BT Classificeren van informatie \|BT]] | [[ISO_27002_2022_NL_NN 5.12 Classificeren van informatie \|NN]] |
| 5.13 | Labelen van informatie | [[ISO_27002_2022_NL_5.13_BT Labelen van informatie \|BT]] | [[ISO_27002_2022_NL_NN 5.13 Labelen van informatie \|NN]] |
| 5.14 | Overdragen van informatie | [[ISO_27002_2022_NL_5.14_BT Overdragen van informatie \|BT]] | [[ISO_27002_2022_NL_NN 5.14 Overdragen van informatie \|NN]] |
| 5.15 | Toegangsbeveiliging | [[ISO_27002_2022_NL_5.15_BT Toegangsbeveiliging \|BT]] | [[ISO_27002_2022_NL_NN 5.15 Toegangsbeveiliging \|NN]] |
| 5.16 | Identiteitsbeheer | [[ISO_27002_2022_NL_5.16_BT Identiteitsbeheer \|BT]] | [[ISO_27002_2022_NL_NN 5.16 Identiteitsbeheer \|NN]] |
| 5.17 | Beheren van authenticatie-informatie | [[ISO_27002_2022_NL_5.17_BT Beheren van authenticatie-informatie \|BT]] | [[ISO_27002_2022_NL_NN 5.17 Beheren van authenticatie-informatie \|NN]] |
| 5.18 | Toegangsrechten | [[ISO_27002_2022_NL_5.18_BT Toegangsrechten \|BT]] | [[ISO_27002_2022_NL_NN 5.18 Toegangsrechten \|NN]] |
| 5.19 | Informatiebeveiliging in leveranciersrelaties | [[ISO_27002_2022_NL_5.19_BT Informatiebeveiliging in leveranciersrelaties \|BT]] | [[ISO_27002_2022_NL_NN 5.19 Informatiebeveiliging in leveranciersrelaties \|NN]] |
| 5.20 | Adresseren van informatiebeveiliging in leveranciersovereenkomsten | [[ISO_27002_2022_NL_5.20_BT Adresseren van informatiebeveiliging in leveranciersovereenkomsten \|BT]] | [[ISO_27002_2022_NL_NN 5.20 Adresseren van informatiebeveiliging in leveranciersovereenkomsten \|NN]] |
| 5.21 | Beheren van informatiebeveiliging in de ICT-keten | [[ISO_27002_2022_NL_5.21_BT Beheren van informatiebeveiliging in de ICT-keten \|BT]] | [[ISO_27002_2022_NL_NN 5.21 Beheren van informatiebeveiliging in de ICT-keten \|NN]] |
| 5.22 | Monitoren, beoordelen en het beheren van wijzigingen van leveranciersdiensten | [[ISO_27002_2022_NL_5.22_BT Monitoren, beoordelen en het beheren van wijzigingen van leveranciersdiensten \|BT]] | [[ISO_27002_2022_NL_NN 5.22 Monitoren, beoordelen en het beheren van wijzigingen van leveranciersdiensten \|NN]] |
| 5.23 | Informatiebeveiliging voor het gebruik van clouddiensten | [[ISO_27002_2022_NL_5.23_BT Informatiebeveiliging voor het gebruik van clouddiensten \|BT]] | [[ISO_27002_2022_NL_NN 5.23 Informatiebeveiliging voor het gebruik van clouddiensten \|NN]] |
| 5.1 | Beleidsregels voor informatiebeveiliging | [BT](ISO_27002_2022_NL_5.1_BT%20Beleidsregels%20voor%20informatiebeveiliging.md) | [[ISO_27002_2022_NL_NN 5.1 Beleidsregels voor informatiebeveiliging \|NN]] |
| 5.2 | Rollen en verantwoordelijkheden bij informatiebeveiliging | [BT](ISO_27002_2022_NL_5.2_BT%20Rollen%20en%20verantwoordelijkheden%20bij%20informatiebeveiliging.md) | [[ISO_27002_2022_NL_NN 5.2 Rollen en verantwoordelijkheden bij informatiebeveiliging \|NN]] |
| 5.3 | Functiescheiding | [BT](ISO_27002_2022_NL_5.3_BT%20Functiescheiding.md) | [[ISO_27002_2022_NL_NN 5.3 Functiescheiding \|NN]] |
| 5.4 | Managementverantwoordelijkheden | [BT](ISO_27002_2022_NL_5.4_BT%20Managementverantwoordelijkheden.md) | [[ISO_27002_2022_NL_NN 5.4 Managementverantwoordelijkheden \|NN]] |
| 5.5 | Contact met overheidsinstanties | [BT](ISO_27002_2022_NL_5.5_BT%20Contact%20met%20overheidsinstanties.md) | [[ISO_27002_2022_NL_NN 5.5 Contact met overheidsinstanties \|NN]] |
| 5.6 | Contact met speciale belangengroepen | [BT](ISO_27002_2022_NL_5.6_BT%20Contact%20met%20speciale%20belangengroepen.md) | [[ISO_27002_2022_NL_NN 5.6 Contact met speciale belangengroepen \|NN]] |
| 5.7 | Informatie en analyses over dreigingen | [BT](ISO_27002_2022_NL_5.7_BT%20Informatie%20en%20analyses%20over%20dreigingen.md) | [[ISO_27002_2022_NL_NN 5.7 Informatie en analyses over dreigingen \|NN]] |
| 5.8 | Informatiebeveiliging in projectmanagement | [BT](ISO_27002_2022_NL_5.8_BT%20Informatiebeveiliging%20in%20projectmanagement.md) | [[ISO_27002_2022_NL_NN 5.8 Informatiebeveiliging in projectmanagement \|NN]] |
| 5.9 | Inventarisatie van informatie en andere gerelateerde bedrijfsmiddelen | [BT](ISO_27002_2022_NL_5.9_BT%20Inventarisatie%20van%20informatie%20en%20andere%20gerelateerde%20bedrijfsmiddelen.md) | [[ISO_27002_2022_NL_NN 5.9 Inventarisatie van informatie en andere gerelateerde bedrijfsmiddelen \|NN]] |
| 5.10 | Aanvaardbaar gebruik van informatie en andere gerelateerde bedrijfsmiddelen | [BT](ISO_27002_2022_NL_5.10_BT%20Aanvaardbaar%20gebruik%20van%20informatie%20en%20andere%20gerelateerde%20bedrijfsmiddelen.md) | [[ISO_27002_2022_NL_NN 5.10 Aanvaardbaar gebruik van informatie en andere gerelateerde bedrijfsmiddelen \|NN]] |
| 5.11 | Retourneren van bedrijfsmiddelen | [BT](ISO_27002_2022_NL_5.11_BT%20Retourneren%20van%20bedrijfsmiddelen.md) | [[ISO_27002_2022_NL_NN 5.11 Retourneren van bedrijfsmiddelen \|NN]] |
| 5.12 | Classificeren van informatie | [BT](ISO_27002_2022_NL_5.12_BT%20Classificeren%20van%20informatie.md) | [[ISO_27002_2022_NL_NN 5.12 Classificeren van informatie \|NN]] |
| 5.13 | Labelen van informatie | [BT](ISO_27002_2022_NL_5.13_BT%20Labelen%20van%20informatie.md) | [[ISO_27002_2022_NL_NN 5.13 Labelen van informatie \|NN]] |
| 5.14 | Overdragen van informatie | [BT](ISO_27002_2022_NL_5.14_BT%20Overdragen%20van%20informatie.md) | [[ISO_27002_2022_NL_NN 5.14 Overdragen van informatie \|NN]] |
| 5.15 | Toegangsbeveiliging | [BT](ISO_27002_2022_NL_5.15_BT%20Toegangsbeveiliging.md) | [[ISO_27002_2022_NL_NN 5.15 Toegangsbeveiliging \|NN]] |
| 5.16 | Identiteitsbeheer | [BT](ISO_27002_2022_NL_5.16_BT%20Identiteitsbeheer.md) | [[ISO_27002_2022_NL_NN 5.16 Identiteitsbeheer \|NN]] |
| 5.17 | Beheren van authenticatie-informatie | [BT](ISO_27002_2022_NL_5.17_BT%20Beheren%20van%20authenticatie-informatie.md) | [[ISO_27002_2022_NL_NN 5.17 Beheren van authenticatie-informatie \|NN]] |
| 5.18 | Toegangsrechten | [BT](ISO_27002_2022_NL_5.18_BT%20Toegangsrechten.md) | [[ISO_27002_2022_NL_NN 5.18 Toegangsrechten \|NN]] |
| 5.19 | Informatiebeveiliging in leveranciersrelaties | [BT](ISO_27002_2022_NL_5.19_BT%20Informatiebeveiliging%20in%20leveranciersrelaties.md) | [[ISO_27002_2022_NL_NN 5.19 Informatiebeveiliging in leveranciersrelaties \|NN]] |
| 5.20 | Adresseren van informatiebeveiliging in leveranciersovereenkomsten | [BT](ISO_27002_2022_NL_5.20_BT%20Adresseren%20van%20informatiebeveiliging%20in%20leveranciersovereenkomsten.md) | [[ISO_27002_2022_NL_NN 5.20 Adresseren van informatiebeveiliging in leveranciersovereenkomsten \|NN]] |
| 5.21 | Beheren van informatiebeveiliging in de ICT-keten | [BT](ISO_27002_2022_NL_5.21_BT%20Beheren%20van%20informatiebeveiliging%20in%20de%20ICT-keten.md) | [[ISO_27002_2022_NL_NN 5.21 Beheren van informatiebeveiliging in de ICT-keten \|NN]] |
| 5.22 | Monitoren, beoordelen en het beheren van wijzigingen van leveranciersdiensten | [BT](ISO_27002_2022_NL_5.22_BT%20Monitoren,%20beoordelen%20en%20het%20beheren%20van%20wijzigingen%20van%20leveranciersdiensten.md) | [[ISO_27002_2022_NL_NN 5.22 Monitoren, beoordelen en het beheren van wijzigingen van leveranciersdiensten \|NN]] |
| 5.23 | Informatiebeveiliging voor het gebruik van clouddiensten | [BT](ISO_27002_2022_NL_5.23_BT%20Informatiebeveiliging%20voor%20het%20gebruik%20van%20clouddiensten.md) | [[ISO_27002_2022_NL_NN 5.23 Informatiebeveiliging voor het gebruik van clouddiensten \|NN]] |
| 5.24 | Plannen en voorbereiden van het beheer van informatiebeveiligingsincidenten | [[ISO_27002_2022_NL_5.24_BT Plannen en voorbereiden van het beheer van informatiebeveiligingsincidenten \|BT]] | [[ISO_27002_2022_NL_NN 5.24 Plannen en voorbereiden van het beheer van informatiebeveiligingsincidenten \|NN]] |
| 5.25 | Beoordelen van en besluiten over informatiebeveiligingsgebeurtenissen | [[ISO_27002_2022_NL_5.25_BT Beoordelen van en besluiten over informatiebeveiligingsgebeurtenissen \|BT]] | [[ISO_27002_2022_NL_NN 5.25 Beoordelen van en besluiten over informatiebeveiligingsgebeurtenissen \|NN]] |
| 5.26 | Reageren op informatiebeveiligingsincidenten | [[ISO_27002_2022_NL_5.26_BT Reageren op informatiebeveiligingsincidenten \|BT]] | [[ISO_27002_2022_NL_NN 5.26 Reageren op informatiebeveiligingsincidenten \|NN]] |
| 5.27 | Leren van informatiebeveiligingsincidenten | [[ISO_27002_2022_NL_5.27_BT Leren van informatiebeveiligingsincidenten \|BT]] | [[ISO_27002_2022_NL_NN 5.27 Leren van informatiebeveiligingsincidenten \|NN]] |
| 5.28 | Verzamelen van bewijsmateriaal | [[ISO_27002_2022_NL_5.28_BT Verzamelen van bewijsmateriaal \|BT]] | [[ISO_27002_2022_NL_NN 5.28 Verzamelen van bewijsmateriaal \|NN]] |
| 5.29 | Informatiebeveiliging tijdens een verstoring | [[ISO_27002_2022_NL_5.29_BT Informatiebeveiliging tijdens een verstoring \|BT]] | [[ISO_27002_2022_NL_NN 5.29 Informatiebeveiliging tijdens een verstoring \|NN]] |
| 5.30 | ICT-gereedheid voor bedrijfscontinuïteit | [[ISO_27002_2022_NL_5.30_BT ICT-gereedheid voor bedrijfscontinuïteit \|BT]] | [[ISO_27002_2022_NL_NN 5.30 ICT-gereedheid voor bedrijfscontinuïteit \|NN]] |
| 5.30 | ICT-gereedheid voor bedrijfscontinuïteit | [BT](ISO_27002_2022_NL_5.30_BT%20ICT-gereedheid%20voor%20bedrijfscontinuïteit.md) | [[ISO_27002_2022_NL_NN 5.30 ICT-gereedheid voor bedrijfscontinuïteit \|NN]] |
| 5.31 | Wettelijke, statutaire, regelgevende en contractuele eisen | [[ISO_27002_2022_NL_5.31_BT Wettelijke, statutaire, regelgevende en contractuele eisen \|BT]] | [[ISO_27002_2022_NL_NN 5.31 Wettelijke, statutaire, regelgevende en contractuele eisen \|NN]] |
| 5.32 | Intellectuele-eigendomsrechten | [[ISO_27002_2022_NL_5.32_BT Intellectuele-eigendomsrechten \|BT]] | [[ISO_27002_2022_NL_NN 5.32 Intellectuele-eigendomsrechten \|NN]] |
| 5.33 | Beschermen van registraties | [[ISO_27002_2022_NL_5.33_BT Beschermen van registraties \|BT]] | [[ISO_27002_2022_NL_NN 5.33 Beschermen van registraties \|NN]] |
@ -100,15 +100,15 @@
| 8.21 | Beveiliging van netwerkdiensten | [[ISO_27002_2022_NL_8.21_BT Beveiliging van netwerkdiensten \|BT]] | [[ISO_27002_2022_NL_NN 8.21 Beveiliging van netwerkdiensten \|NN]] |
| 8.22 | Netwerksegmentatie | [[ISO_27002_2022_NL_8.22_BT Netwerksegmentatie \|BT]] | [[ISO_27002_2022_NL_NN 8.22 Netwerksegmentatie \|NN]] |
| 8.23 | Toepassen van webfilters | [[ISO_27002_2022_NL_8.23_BT Toepassen van webfilters \|BT]] | [[ISO_27002_2022_NL_NN 8.23 Toepassen van webfilters \|NN]] |
| 8.24 | Gebruik van cryptografie | [[ISO_27002_2022_NL_8.24_BT Gebruik van cryptografie \|BT]] | [[ISO_27002_2022_NL_NN 8.24 Gebruik van cryptografie \|NN]] |
| 8.24 | Gebruik van cryptografie | [BT](ISO_27002_2022_NL_8.24_BT%20Gebruik%20van%20cryptografie.md) | [[ISO_27002_2022_NL_NN 8.24 Gebruik van cryptografie \|NN]] |
| 8.25 | Beveiligen tijdens de ontwikkelcyclus | [[ISO_27002_2022_NL_8.25_BT Beveiligen tijdens de ontwikkelcyclus \|BT]] | [[ISO_27002_2022_NL_NN 8.25 Beveiligen tijdens de ontwikkelcyclus \|NN]] |
| 8.26 | Toepassingsbeveiligingseisen | [[ISO_27002_2022_NL_8.26_BT Toepassingsbeveiligingseisen \|BT]] | [[ISO_27002_2022_NL_NN 8.26 Toepassingsbeveiligingseisen \|NN]] |
| 8.27 | Veilige systeemarchitectuur en technische uitgangspunten | [[ISO_27002_2022_NL_8.27_BT Veilige systeemarchitectuur en technische uitgangspunten \|BT]] | [[ISO_27002_2022_NL_NN 8.27 Veilige systeemarchitectuur en technische uitgangspunten \|NN]] |
| 8.28 | Veilig coderen | [[ISO_27002_2022_NL_8.28_BT Veilig coderen \|BT]] | [[ISO_27002_2022_NL_NN 8.28 Veilig coderen \|NN]] |
| 8.28 | Veilig coderen | [BT](ISO_27002_2022_NL_8.28_BT%20Veilig%20coderen.md) | [[ISO_27002_2022_NL_NN 8.28 Veilig coderen \|NN]] |
| 8.29 | Testen van de beveiliging tijdens ontwikkeling en acceptatie | [[ISO_27002_2022_NL_8.29_BT Testen van de beveiliging tijdens ontwikkeling en acceptatie \|BT]] | [[ISO_27002_2022_NL_NN 8.29 Testen van de beveiliging tijdens ontwikkeling en acceptatie \|NN]] |
| 8.30 | Uitbestede systeemontwikkeling | [[ISO_27002_2022_NL_8.30_BT Uitbestede systeemontwikkeling \|BT]] | [[ISO_27002_2022_NL_NN 8.30 Uitbestede systeemontwikkeling \|NN]] |
| 8.31 | Scheiding van ontwikkel-, test- en productieomgevingen | [[ISO_27002_2022_NL_8.31_BT Scheiding van ontwikkel-, test- en productieomgevingen \|BT]] | [[ISO_27002_2022_NL_NN 8.31 Scheiding van ontwikkel-, test- en productieomgevingen \|NN]] |
| 8.32 | Wijzigingsbeheer | [[ISO_27002_2022_NL_8.32_BT Wijzigingsbeheer \|BT]] | [[ISO_27002_2022_NL_NN 8.32 Wijzigingsbeheer \|NN]] |
| 8.32 | Wijzigingsbeheer | [BT](ISO_27002_2022_NL_8.32_BT%20Wijzigingsbeheer.md) | [[ISO_27002_2022_NL_NN 8.32 Wijzigingsbeheer \|NN]] |
| 8.33 | Testgegevens | [[ISO_27002_2022_NL_8.33_BT Testgegevens \|BT]] | [[ISO_27002_2022_NL_NN 8.33 Testgegevens \|NN]] |
| 8.34 | Bescherming van informatiesystemen tijdens audits | [[ISO_27002_2022_NL_8.34_BT Bescherming van informatiesystemen tijdens audits \|BT]] | [[ISO_27002_2022_NL_NN 8.34 Bescherming van informatiesystemen tijdens audits \|NN]] |

2
Corpus/Standards/ISO-27002-OST/ISO27002-NL-2022/ISO_27002_2022_NL_PDF.md
View file

@ -4,5 +4,5 @@ Standard: ISO 27002:2022 NL
---
# ISO 27002 2022 NL
![[ISO_IEC 27002_2022_NL.pdf]]
![](../../../../../📎%20Attachments/ISO_IEC%2027002_2022_NL.pdf)

6
Corpus/Standards/ISO_27002_2022_What's_New.md
View file

@ -8,7 +8,7 @@ ISO 27001:2013 had 114 controls in Annex A, ISO/IEC 27002:2022 introduces 93 con
https://ictinstitute.nl/iso270022022-what-is-new/
See also [[ICT Institute's ISO 27002 2022 in plain English]]
Wentz Wu has created a 'control taxonomy' in [[ISO-27002-2022-Controls-categorized.pdf]]:
Wentz Wu has created a 'control taxonomy' in [](../../../📎%20Attachments/ISO-27002-2022-Controls-categorized.pdf):
- Control type: Preventive, Detective, and Corrective.
- Information security properties: Confidentiality, Integrity and Availability.
@ -39,6 +39,6 @@ The norm categorizes the controls in 4 sections:
- technological controls
- organizational controls
![[ISO_IEC-27002_2022-Controls_I.jpg]]
![](../../../📎%20Attachments/ISO_IEC-27002_2022-Controls_I.jpg)
![[ISO_IEC-27002_2022-Controls_II.jpg]]
![](../../../📎%20Attachments/ISO_IEC-27002_2022-Controls_II.jpg)

186
Corpus/Standards/MoCs/ISO_27001_2022_00_MoC Index EXT.md
View file

@ -15,99 +15,99 @@
| 4.2 | [[ISO_27002_OT_4.2 Themes and attributes \| Themes and attributes ]] | |
| 4.3 | [[ISO_27002_OT_4.3 Control layout \| Control layout ]] | |
| **5** | **Organizational controls** | |
| 5.1 | [[ISO_27002_2022_5.1_MoC Policies for information security \|Policies for information security ]] | 05.1.1, 05.1.2 |
| 5.2 | [[ISO_27002_2022_5.2_MoC Information security roles and responsibilities \|Information security roles and responsibilities ]] | 06.1.1 |
| 5.3 | [[ISO_27002_2022_5.3_MoC Segregation of duties \|Segregation of duties ]] | 06.1.2 |
| 5.4 | [[ISO_27002_2022_5.4_MoC Management responsibilities \|Management responsibilities ]] | 07.2.1 |
| 5.5 | [[ISO_27002_2022_5.5_MoC Contact with authorities \|Contact with authorities ]] | 06.1.3 |
| 5.6 | [[ISO_27002_2022_5.6_MoC Contact with special interest groups \|Contact with special interest groups ]] | 06.1.4 |
| 5.7 | [[ISO_27002_2022_5.7_MoC Threat intelligence \|Threat intelligence ]] | New |
| 5.8 | [[ISO_27002_2022_5.8_MoC Information security in project management \|Information security in project management ]] | 06.1.5, 14.1.1 |
| 5.9 | [[ISO_27002_2022_5.9_MoC Inventory of information and other associated assets \|Inventory of information and other associated assets ]] | 08.1.1, 08.1.2 |
| 5.10 | [[ISO_27002_2022_5.10_MoC Acceptable use of information and other associated assets \|Acceptable use of information and other associated assets ]] | 08.1.3, 08.2.3 |
| 5.11 | [[ISO_27002_2022_5.11_MoC Return of assets \|Return of assets ]] | 08.1.4 |
| 5.12 | [[ISO_27002_2022_5.12_MoC Classification of information \|Classification of information ]] | 08.2.1 |
| 5.13 | [[ISO_27002_2022_5.13_MoC Labelling of information \|Labelling of information ]] | 08.2.2 |
| 5.14 | [[ISO_27002_2022_5.14_MoC Information transfer \|Information transfer ]] | 13.2.1, 13.2.2, 13.2.3 |
| 5.15 | [[ISO_27002_2022_5.15_MoC Access control \|Access control ]] | 09.1.1, 09.1.2 |
| 5.16 | [[ISO_27002_2022_5.16_MoC Identity management \|Identity management ]] | 09.2.1 |
| 5.17 | [[ISO_27002_2022_5.17_MoC Authentication information \|Authentication information ]] | 09.2.4, 09.3.1, 09.4.3 |
| 5.18 | [[ISO_27002_2022_5.18_MoC Access rights \|Access rights ]] | 09.2.2, 09.2.5, 09.2.6 |
| 5.19 | [[ISO_27002_2022_5.19_MoC Information security in supplier relationships \|Information security in supplier relationships ]] | 15.1.1 |
| 5.20 | [[ISO_27002_2022_5.20_MoC Addressing information security within supplier agreements \|Addressing information security within supplier agreements ]] | 15.1.2 |
| 5.21 | [[ISO_27002_2022_5.21_MoC Managing information security in the ICT supply chain \|Managing information security in the ICT supply chain ]] | 15.1.3 |
| 5.22 | [[ISO_27002_2022_5.22_MoC Monitoring, review and change management of supplier services \|Monitoring, review and change management of supplier services ]] | 15.2.1, 15.2.2 |
| 5.23 | [[ISO_27002_2022_5.23_MoC Information security for use of cloud services \|Information security for use of cloud services ]] | New |
| 5.24 | [[ISO_27002_2022_5.24_MoC Information security incident management planning and preparation \|Information security incident management planning and preparation ]] | 16.1.1 |
| 5.25 | [[ISO_27002_2022_5.25_MoC Assessment and decision on information security events \|Assessment and decision on information security events ]] | 16.1.4 |
| 5.26 | [[ISO_27002_2022_5.26_MoC Response to information security incidents \|Response to information security incidents ]] | 16.1.5 |
| 5.27 | [[ISO_27002_2022_5.27_MoC Learning from information security incidents \|Learning from information security incidents ]] | 16.1.6 |
| 5.28 | [[ISO_27002_2022_5.28_MoC Collection of evidence \|Collection of evidence ]] | 16.1.7 |
| 5.29 | [[ISO_27002_2022_5.29_MoC Information security during disruption \|Information security during disruption ]] | 17.1.1, 17.1.2, 17.1.3 |
| 5.30 | [[ISO_27002_2022_5.30_MoC ICT readiness for business continuity \|ICT readiness for business continuity ]] | New |
| 5.31 | [[ISO_27002_2022_5.31_MoC Legal, statutory, regulatory and contractual requirements \|Legal, statutory, regulatory and contractual requirements ]] | 18.1.1, 18.1.5 |
| 5.32 | [[ISO_27002_2022_5.32_MoC Intellectual property rights \|Intellectual property rights ]] | 18.1.2 |
| 5.33 | [[ISO_27002_2022_5.33_MoC Protection of records \|Protection of records ]] | 18.1.3 |
| 5.34 | [[ISO_27002_2022_5.34_MoC Privacy and protection of PII \|Privacy and protection of PII ]] | 18.1.4 |
| 5.35 | [[ISO_27002_2022_5.35_MoC Independent review of information security \|Independent review of information security ]] | 18.2.1 |
| 5.36 | [[ISO_27002_2022_5.36_MoC Compliance with policies, rules and standards for information security \|Compliance with policies, rules and standards for information security]] | 18.2.2, 18.2.3 |
| 5.37 | [[ISO_27002_2022_5.37_MoC Documented operating procedures \|Documented operating procedures ]] | 12.1.1 |
| 5.1 | [Policies for information security ](../../../../🧱%20Projects/iso27DIY%20mk%20I/ISO_27002_2022_5.1_MoC%20Policies%20for%20information%20security.md) | 05.1.1, 05.1.2 |
| 5.2 | [Information security roles and responsibilities ](ISO_27002_2022_5.2_MoC%20Information%20security%20roles%20and%20responsibilities.md) | 06.1.1 |
| 5.3 | [Segregation of duties ](ISO_27002_2022_5.3_MoC%20Segregation%20of%20duties.md) | 06.1.2 |
| 5.4 | [Management responsibilities ](ISO_27002_2022_5.4_MoC%20Management%20responsibilities.md) | 07.2.1 |
| 5.5 | [Contact with authorities ](ISO_27002_2022_5.5_MoC%20Contact%20with%20authorities.md) | 06.1.3 |
| 5.6 | [Contact with special interest groups ](ISO_27002_2022_5.6_MoC%20Contact%20with%20special%20interest%20groups.md) | 06.1.4 |
| 5.7 | [Threat intelligence ](ISO_27002_2022_5.7_MoC%20Threat%20intelligence.md) | New |
| 5.8 | [Information security in project management ](ISO_27002_2022_5.8_MoC%20Information%20security%20in%20project%20management.md) | 06.1.5, 14.1.1 |
| 5.9 | [Inventory of information and other associated assets ](../../../../ISO_27002_2022_5.9_MoC%20Inventory%20of%20information%20and%20other%20associated%20assets.md) | 08.1.1, 08.1.2 |
| 5.10 | [Acceptable use of information and other associated assets ](ISO_27002_2022_5.10_MoC%20Acceptable%20use%20of%20information%20and%20other%20associated%20assets.md) | 08.1.3, 08.2.3 |
| 5.11 | [Return of assets ](ISO_27002_2022_5.11_MoC%20Return%20of%20assets.md) | 08.1.4 |
| 5.12 | [Classification of information ](ISO_27002_2022_5.12_MoC%20Classification%20of%20information.md) | 08.2.1 |
| 5.13 | [Labelling of information ](ISO_27002_2022_5.13_MoC%20Labelling%20of%20information.md) | 08.2.2 |
| 5.14 | [Information transfer ](ISO_27002_2022_5.14_MoC%20Information%20transfer.md) | 13.2.1, 13.2.2, 13.2.3 |
| 5.15 | [Access control ](ISO_27002_2022_5.15_MoC%20Access%20control.md) | 09.1.1, 09.1.2 |
| 5.16 | [Identity management ](ISO_27002_2022_5.16_MoC%20Identity%20management.md) | 09.2.1 |
| 5.17 | [Authentication information ](ISO_27002_2022_5.17_MoC%20Authentication%20information.md) | 09.2.4, 09.3.1, 09.4.3 |
| 5.18 | [Access rights ](ISO_27002_2022_5.18_MoC%20Access%20rights.md) | 09.2.2, 09.2.5, 09.2.6 |
| 5.19 | [Information security in supplier relationships ](ISO_27002_2022_5.19_MoC%20Information%20security%20in%20supplier%20relationships.md) | 15.1.1 |
| 5.20 | [Addressing information security within supplier agreements ](ISO_27002_2022_5.20_MoC%20Addressing%20information%20security%20within%20supplier%20agreements.md) | 15.1.2 |
| 5.21 | [Managing information security in the ICT supply chain ](ISO_27002_2022_5.21_MoC%20Managing%20information%20security%20in%20the%20ICT%20supply%20chain.md) | 15.1.3 |
| 5.22 | [Monitoring, review and change management of supplier services ](ISO_27002_2022_5.22_MoC%20Monitoring,%20review%20and%20change%20management%20of%20supplier%20services.md) | 15.2.1, 15.2.2 |
| 5.23 | [Information security for use of cloud services ](ISO_27002_2022_5.23_MoC%20Information%20security%20for%20use%20of%20cloud%20services.md) | New |
| 5.24 | [Information security incident management planning and preparation ](ISO_27002_2022_5.24_MoC%20Information%20security%20incident%20management%20planning%20and%20preparation.md) | 16.1.1 |
| 5.25 | [Assessment and decision on information security events ](ISO_27002_2022_5.25_MoC%20Assessment%20and%20decision%20on%20information%20security%20events.md) | 16.1.4 |
| 5.26 | [Response to information security incidents ](ISO_27002_2022_5.26_MoC%20Response%20to%20information%20security%20incidents.md) | 16.1.5 |
| 5.27 | [Learning from information security incidents ](ISO_27002_2022_5.27_MoC%20Learning%20from%20information%20security%20incidents.md) | 16.1.6 |
| 5.28 | [Collection of evidence ](ISO_27002_2022_5.28_MoC%20Collection%20of%20evidence.md) | 16.1.7 |
| 5.29 | [Information security during disruption ](ISO_27002_2022_5.29_MoC%20Information%20security%20during%20disruption.md) | 17.1.1, 17.1.2, 17.1.3 |
| 5.30 | [ICT readiness for business continuity ](ISO_27002_2022_5.30_MoC%20ICT%20readiness%20for%20business%20continuity.md) | New |
| 5.31 | [Legal, statutory, regulatory and contractual requirements ](ISO_27002_2022_5.31_MoC%20Legal,%20statutory,%20regulatory%20and%20contractual%20requirements.md) | 18.1.1, 18.1.5 |
| 5.32 | [Intellectual property rights ](ISO_27002_2022_5.32_MoC%20Intellectual%20property%20rights.md) | 18.1.2 |
| 5.33 | [Protection of records ](ISO_27002_2022_5.33_MoC%20Protection%20of%20records.md) | 18.1.3 |
| 5.34 | [Privacy and protection of PII ](ISO_27002_2022_5.34_MoC%20Privacy%20and%20protection%20of%20PII.md) | 18.1.4 |
| 5.35 | [Independent review of information security ](ISO_27002_2022_5.35_MoC%20Independent%20review%20of%20information%20security.md) | 18.2.1 |
| 5.36 | [Compliance with policies, rules and standards for information security](ISO_27002_2022_5.36_MoC%20Compliance%20with%20policies,%20rules%20and%20standards%20for%20information%20security.md) | 18.2.2, 18.2.3 |
| 5.37 | [Documented operating procedures ](ISO_27002_2022_5.37_MoC%20Documented%20operating%20procedures.md) | 12.1.1 |
| **6** | **People controls** | |
| 6.1 | [[ISO_27002_2022_6.1_MoC Screening \|Screening ]] | 07.1.1 |
| 6.2 | [[ISO_27002_2022_6.2_MoC Terms and conditions of employment \|Terms and conditions of employment ]] | 07.1.2 |
| 6.3 | [[ISO_27002_2022_6.3_MoC Information security awareness, education and training \|Information security awareness, education and training ]] | 07.2.2 |
| 6.4 | [[ISO_27002_2022_6.4_MoC Disciplinary process \|Disciplinary process ]] | 07.2.3 |
| 6.5 | [[ISO_27002_2022_6.5_MoC Responsibilities after termination or change of employment \|Responsibilities after termination or change of employment ]] | 07.3.1 |
| 6.6 | [[ISO_27002_2022_6.6_MoC Confidentiality or non-disclosure agreements \|Confidentiality or non-disclosure agreements ]] | 13.2.4 |
| 6.7 | [[ISO_27002_2022_6.7_MoC Remote working \|Remote working ]] | 06.2.2 |
| 6.8 | [[ISO_27002_2022_6.8_MoC Information security event reporting \|Information security event reporting ]] | 16.1.2, 16.1.3 |
| 6.1 | [Screening ](ISO_27002_2022_6.1_MoC%20Screening.md) | 07.1.1 |
| 6.2 | [Terms and conditions of employment ](ISO_27002_2022_6.2_MoC%20Terms%20and%20conditions%20of%20employment.md) | 07.1.2 |
| 6.3 | [Information security awareness, education and training ](ISO_27002_2022_6.3_MoC%20Information%20security%20awareness,%20education%20and%20training.md) | 07.2.2 |
| 6.4 | [Disciplinary process ](ISO_27002_2022_6.4_MoC%20Disciplinary%20process.md) | 07.2.3 |
| 6.5 | [Responsibilities after termination or change of employment ](ISO_27002_2022_6.5_MoC%20Responsibilities%20after%20termination%20or%20change%20of%20employment.md) | 07.3.1 |
| 6.6 | [Confidentiality or non-disclosure agreements ](ISO_27002_2022_6.6_MoC%20Confidentiality%20or%20non-disclosure%20agreements.md) | 13.2.4 |
| 6.7 | [Remote working ](ISO_27002_2022_6.7_MoC%20Remote%20working.md) | 06.2.2 |
| 6.8 | [Information security event reporting ](ISO_27002_2022_6.8_MoC%20Information%20security%20event%20reporting.md) | 16.1.2, 16.1.3 |
| **7** | **Physical controls** | |
| 7.1 | [[ISO_27002_2022_7.1_MoC Physical security perimeters \|Physical security perimeters ]] | 11.1.1 |
| 7.2 | [[ISO_27002_2022_7.2_MoC Physical entry \|Physical entry ]] | 11.1.2, 11.1.6 |
| 7.3 | [[ISO_27002_2022_7.3_MoC Securing offices, rooms and facilities \|Securing offices, rooms and facilities ]] | 11.1.3 |
| 7.4 | [[ISO_27002_2022_7.4_MoC Physical security monitoring \|Physical security monitoring ]] | New |
| 7.5 | [[ISO_27002_2022_7.5_MoC Protecting against physical and environmental threats \|Protecting against physical and environmental threats ]] | 11.1.4 |
| 7.6 | [[ISO_27002_2022_7.6_MoC Working in secure areas \|Working in secure areas ]] | 11.1.5 |
| 7.7 | [[ISO_27002_2022_7.7_MoC Clear desk and clear screen \|Clear desk and clear screen ]] | 11.2.9 |
| 7.8 | [[ISO_27002_2022_7.8_MoC Equipment siting and protection \|Equipment siting and protection ]] | 11.2.1 |
| 7.9 | [[ISO_27002_2022_7.9_MoC Security of assets off-premises \|Security of assets off-premises ]] | 11.2.6 |
| 7.10 | [[ISO_27002_2022_7.10_MoC Storage media \|Storage media ]] | 08.3.1, 08.3.2, 08.3.3, 11.2.5 |
| 7.11 | [[ISO_27002_2022_7.11_MoC Supporting utilities \|Supporting utilities ]] | 11.2.2 |
| 7.12 | [[ISO_27002_2022_7.12_MoC Cabling security \|Cabling security ]] | 11.2.3 |
| 7.13 | [[ISO_27002_2022_7.13_MoC Equipment maintenance \|Equipment maintenance ]] | 11.2.4 |
| 7.14 | [[ISO_27002_2022_7.14_MoC Secure disposal or re-use of equipment \|Secure disposal or re-use of equipment ]] | 11.2.7 |
| 7.1 | [Physical security perimeters ](ISO_27002_2022_7.1_MoC%20Physical%20security%20perimeters.md) | 11.1.1 |
| 7.2 | [Physical entry ](ISO_27002_2022_7.2_MoC%20Physical%20entry.md) | 11.1.2, 11.1.6 |
| 7.3 | [Securing offices, rooms and facilities ](ISO_27002_2022_7.3_MoC%20Securing%20offices,%20rooms%20and%20facilities.md) | 11.1.3 |
| 7.4 | [Physical security monitoring ](ISO_27002_2022_7.4_MoC%20Physical%20security%20monitoring.md) | New |
| 7.5 | [Protecting against physical and environmental threats ](ISO_27002_2022_7.5_MoC%20Protecting%20against%20physical%20and%20environmental%20threats.md) | 11.1.4 |
| 7.6 | [Working in secure areas ](ISO_27002_2022_7.6_MoC%20Working%20in%20secure%20areas.md) | 11.1.5 |
| 7.7 | [Clear desk and clear screen ](ISO_27002_2022_7.7_MoC%20Clear%20desk%20and%20clear%20screen.md) | 11.2.9 |
| 7.8 | [Equipment siting and protection ](ISO_27002_2022_7.8_MoC%20Equipment%20siting%20and%20protection.md) | 11.2.1 |
| 7.9 | [Security of assets off-premises ](ISO_27002_2022_7.9_MoC%20Security%20of%20assets%20off-premises.md) | 11.2.6 |
| 7.10 | [Storage media ](ISO_27002_2022_7.10_MoC%20Storage%20media.md) | 08.3.1, 08.3.2, 08.3.3, 11.2.5 |
| 7.11 | [Supporting utilities ](ISO_27002_2022_7.11_MoC%20Supporting%20utilities.md) | 11.2.2 |
| 7.12 | [Cabling security ](ISO_27002_2022_7.12_MoC%20Cabling%20security.md) | 11.2.3 |
| 7.13 | [Equipment maintenance ](ISO_27002_2022_7.13_MoC%20Equipment%20maintenance.md) | 11.2.4 |
| 7.14 | [Secure disposal or re-use of equipment ](ISO_27002_2022_7.14_MoC%20Secure%20disposal%20or%20re-use%20of%20equipment.md) | 11.2.7 |
| **8** | **Technological controls** | |
| 8.1 | [[ISO_27002_2022_8.1_MoC User endpoint devices \|User endpoint devices ]] | 06.2.1, 11.2.8 |
| 8.2 | [[ISO_27002_2022_8.2_MoC Privileged access rights \|Privileged access rights ]] | 09.2.3 |
| 8.3 | [[ISO_27002_2022_8.3_MoC Information access restriction \|Information access restriction ]] | 09.4.1 |
| 8.4 | [[ISO_27002_2022_8.4_MoC Access to source code \|Access to source code ]] | 09.4.5 |
| 8.5 | [[ISO_27002_2022_8.5_MoC Secure authentication \|Secure authentication ]] | 09.4.2 |
| 8.6 | [[ISO_27002_2022_8.6_MoC Capacity management \|Capacity management ]] | 12.1.3 |
| 8.7 | [[ISO_27002_2022_8.7_MoC Protection against malware \|Protection against malware ]] | 12.2.1 |
| 8.8 | [[ISO_27002_2022_8.8_MoC Management of technical vulnerabilities \|Management of technical vulnerabilities ]] | 12.6.1, 18.2.3 |
| 8.9 | [[ISO_27002_2022_8.9_MoC Configuration management \|Configuration management ]] | New |
| 8.10 | [[ISO_27002_2022_8.10_MoC Information deletion \|Information deletion ]] | New |
| 8.11 | [[ISO_27002_2022_8.11_MoC Data masking \|Data masking ]] | New |
| 8.12 | [[ISO_27002_2022_8.12_MoC Data leakage prevention \|Data leakage prevention ]] | New |
| 8.13 | [[ISO_27002_2022_8.13_MoC Information backup \|Information backup ]] | 12.3.1 |
| 8.14 | [[ISO_27002_2022_8.14_MoC Redundancy of information processing facilities \|Redundancy of information processing facilities ]] | 17.2.1 |
| 8.15 | [[ISO_27002_2022_8.15_MoC Logging \|Logging ]] | 12.4.1, 12.4.2, 12.4.3 |
| 8.16 | [[ISO_27002_2022_8.16_MoC Monitoring activities \|Monitoring activities ]] | New |
| 8.17 | [[ISO_27002_2022_8.17_MoC Clock synchronization \|Clock synchronization ]] | 12.4.4 |
| 8.18 | [[ISO_27002_2022_8.18_MoC Use of privileged utility programs \|Use of privileged utility programs ]] | 09.4.4 |
| 8.19 | [[ISO_27002_2022_8.19_MoC Installation of software on operational systems \|Installation of software on operational systems ]] | 12.5.1, 12.6.2 |
| 8.20 | [[ISO_27002_2022_8.20_MoC Networks security \|Networks security ]] | 13.1.1 |
| 8.21 | [[ISO_27002_2022_8.21_MoC Security of network services \|Security of network services ]] | 13.1.2 |
| 8.22 | [[ISO_27002_2022_8.22_MoC Segregation of networks \|Segregation of networks ]] | 13.1.3 |
| 8.23 | [[ISO_27002_2022_8.23_MoC Web filtering \|Web filtering ]] | New |
| 8.24 | [[ISO_27002_2022_8.24_MoC Use of cryptography \|Use of cryptography ]] | 10.1.1, 10.1.2 |
| 8.25 | [[ISO_27002_2022_8.25_MoC Secure development life cycle \|Secure development life cycle ]] | 14.2.1 |
| 8.26 | [[ISO_27002_2022_8.26_MoC Application security requirements \|Application security requirements ]] | 14.1.2, 14.1.3 |
| 8.27 | [[ISO_27002_2022_8.27_MoC Secure system architecture and engineering principles \|Secure system architecture and engineering principles ]] | 14.2.5 |
| 8.28 | [[ISO_27002_2022_8.28_MoC Secure coding \|Secure coding ]] | New |
| 8.29 | [[ISO_27002_2022_8.29_MoC Security testing in development and acceptance \|Security testing in development and acceptance ]] | 14.2.8, 14.2.9 |
| 8.30 | [[ISO_27002_2022_8.30_MoC Outsourced development \|Outsourced development ]] | 14.2.7 |
| 8.31 | [[ISO_27002_2022_8.31_MoC Separation of development, test and production environments \|Separation of development, test and production environments ]] | 12.1.4, 14.2.6 |
| 8.32 | [[ISO_27002_2022_8.32_MoC Change management \|Change management ]] | 12.1.2, 14.2.2, 14.2.3, 14.2.4 |
| 8.33 | [[ISO_27002_2022_8.33_MoC Test information \|Test information ]] | 14.3.1 |
| 8.34 | [[ISO_27002_2022_8.34_MoC Protection of information systems during audit testing \|Protection of information systems during audit testing ]] | 12.7.1 |
| 8.1 | [User endpoint devices ](ISO_27002_2022_8.1_MoC%20User%20endpoint%20devices.md) | 06.2.1, 11.2.8 |
| 8.2 | [Privileged access rights ](ISO_27002_2022_8.2_MoC%20Privileged%20access%20rights.md) | 09.2.3 |
| 8.3 | [Information access restriction ](ISO_27002_2022_8.3_MoC%20Information%20access%20restriction.md) | 09.4.1 |
| 8.4 | [Access to source code ](ISO_27002_2022_8.4_MoC%20Access%20to%20source%20code.md) | 09.4.5 |
| 8.5 | [Secure authentication ](ISO_27002_2022_8.5_MoC%20Secure%20authentication.md) | 09.4.2 |
| 8.6 | [Capacity management ](ISO_27002_2022_8.6_MoC%20Capacity%20management.md) | 12.1.3 |
| 8.7 | [Protection against malware ](ISO_27002_2022_8.7_MoC%20Protection%20against%20malware.md) | 12.2.1 |
| 8.8 | [Management of technical vulnerabilities ](ISO_27002_2022_8.8_MoC%20Management%20of%20technical%20vulnerabilities.md) | 12.6.1, 18.2.3 |
| 8.9 | [Configuration management ](ISO_27002_2022_8.9_MoC%20Configuration%20management.md) | New |
| 8.10 | [Information deletion ](ISO_27002_2022_8.10_MoC%20Information%20deletion.md) | New |
| 8.11 | [Data masking ](ISO_27002_2022_8.11_MoC%20Data%20masking.md) | New |
| 8.12 | [Data leakage prevention ](ISO_27002_2022_8.12_MoC%20Data%20leakage%20prevention.md) | New |
| 8.13 | [Information backup ](ISO_27002_2022_8.13_MoC%20Information%20backup.md) | 12.3.1 |
| 8.14 | [Redundancy of information processing facilities ](ISO_27002_2022_8.14_MoC%20Redundancy%20of%20information%20processing%20facilities.md) | 17.2.1 |
| 8.15 | [Logging ](ISO_27002_2022_8.15_MoC%20Logging.md) | 12.4.1, 12.4.2, 12.4.3 |
| 8.16 | [Monitoring activities ](ISO_27002_2022_8.16_MoC%20Monitoring%20activities.md) | New |
| 8.17 | [Clock synchronization ](ISO_27002_2022_8.17_MoC%20Clock%20synchronization.md) | 12.4.4 |
| 8.18 | [Use of privileged utility programs ](ISO_27002_2022_8.18_MoC%20Use%20of%20privileged%20utility%20programs.md) | 09.4.4 |
| 8.19 | [Installation of software on operational systems ](ISO_27002_2022_8.19_MoC%20Installation%20of%20software%20on%20operational%20systems.md) | 12.5.1, 12.6.2 |
| 8.20 | [Networks security ](ISO_27002_2022_8.20_MoC%20Networks%20security.md) | 13.1.1 |
| 8.21 | [Security of network services ](ISO_27002_2022_8.21_MoC%20Security%20of%20network%20services.md) | 13.1.2 |
| 8.22 | [Segregation of networks ](ISO_27002_2022_8.22_MoC%20Segregation%20of%20networks.md) | 13.1.3 |
| 8.23 | [Web filtering ](ISO_27002_2022_8.23_MoC%20Web%20filtering.md) | New |
| 8.24 | [Use of cryptography ](ISO_27002_2022_8.24_MoC%20Use%20of%20cryptography.md) | 10.1.1, 10.1.2 |
| 8.25 | [Secure development life cycle ](ISO_27002_2022_8.25_MoC%20Secure%20development%20life%20cycle.md) | 14.2.1 |
| 8.26 | [Application security requirements ](ISO_27002_2022_8.26_MoC%20Application%20security%20requirements.md) | 14.1.2, 14.1.3 |
| 8.27 | [Secure system architecture and engineering principles ](ISO_27002_2022_8.27_MoC%20Secure%20system%20architecture%20and%20engineering%20principles.md) | 14.2.5 |
| 8.28 | [Secure coding ](ISO_27002_2022_8.28_MoC%20Secure%20coding.md) | New |
| 8.29 | [Security testing in development and acceptance ](ISO_27002_2022_8.29_MoC%20Security%20testing%20in%20development%20and%20acceptance.md) | 14.2.8, 14.2.9 |
| 8.30 | [Outsourced development ](ISO_27002_2022_8.30_MoC%20Outsourced%20development.md) | 14.2.7 |
| 8.31 | [Separation of development, test and production environments ](ISO_27002_2022_8.31_MoC%20Separation%20of%20development,%20test%20and%20production%20environments.md) | 12.1.4, 14.2.6 |
| 8.32 | [Change management ](ISO_27002_2022_8.32_MoC%20Change%20management.md) | 12.1.2, 14.2.2, 14.2.3, 14.2.4 |
| 8.33 | [Test information ](ISO_27002_2022_8.33_MoC%20Test%20information.md) | 14.3.1 |
| 8.34 | [Protection of information systems during audit testing ](ISO_27002_2022_8.34_MoC%20Protection%20of%20information%20systems%20during%20audit%20testing.md) | 12.7.1 |

78
Corpus/Standards/MoCs/ISO_27001_2022_00_MoC Index.md
View file

@ -3,50 +3,50 @@
| Clause | Title |
| ---------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| **F** | **[[ISO_27001_OT F Foreword\|Foreword]]** |
| **0** | **[[ISO_27001_2022_OT 0 Introduction\|Introduction]]** |
| **1** | **[[ISO_27001_2022_OT 1 Scope\|Scope]]** |
| **2** | **[[ISO_27001_2022_OT 2 Normative references\|Normative references]]** |
| **3** | **[[ISO_27001_OT Terms and definitions\|Terms and definitions]]** |
| **4** | **[[ISO_27001_2022_4_MoC Context of the organization\|Context of the organization]]** |
| 4.1 | [[ISO_27001_2022_4.1_MoC Understanding the organization and its context \|Understanding the organization and its context ]] |
| 4.2 | [[ISO_27001_2022_4.2_MoC Understanding the needs and expectations of interested parties \|Understanding the needs and expectations of interested parties ]] |
| 4.3 | [[ISO_27001_2022_4.3_MoC Determining the scope of the information security management system \|Determining the scope of the information security management system ]] |
| 4.4 | [[ISO_27001_2022_4.4_MoC Information security management system \|Information security management system ]] |
| **5** | **[[ISO_27001_2022_5_MoC Leadership\|Leadership]]** |
| 5.1 | [[ISO_27001_2022_5.1_MoC Leadership and commitment \|Leadership and commitment ]] |
| 5.2 | [[ISO_27001_2022_5.2_MoC Policy \|Policy ]] |
| 5.3 | [[ISO_27001_2022_5.3_MoC Organizational roles, responsibilities and authorities \|Organizational roles, responsibilities and authorities ]] |
| **6** | **[[ISO_27001_2022_6_MoC Planning\|Planning]]** |
| 6.1 | [[ISO_27001_2022_6.1_MoC Actions to address risks and opportunities \|Actions to address risks and opportunities ]] |
| 6.1.1 | [[ISO_27001_2022_6.1.1_MoC General\|General ]] |
| 6.1.2 | [[ISO_27001_2022_6.1.2_MoC Information security risk assessment\|Information security risk assessment ]] |
| 6.1.3 | [[ISO_27001_2022_6.1.3_MoC Information security risk treatment\|Information security risk treatment ]] |
| 6.2 | [[ISO_27001_2022_6.2_MoC Information security objectives and planning to achieve them \|Information security objectives and planning to achieve them ]] |
| 6.3 | [[ISO_27001_2022_6.3_MoC Planning of changes \|Planning of changes ]] |
| **7** | **[[ISO_27001_2022_7_MoC Support\|Support]]** |
| 7.1 | [[ISO_27001_2022_7.1_MoC Resources \| Resources ]] |
| 7.2 | [[ISO_27001_2022_7.2_MoC Competence \| Competence ]] |
| 7.3 | [[ISO_27001_2022_7.3_MoC Awareness \| Awareness ]] |
| 7.4 | [[ISO_27001_2022_7.4_MoC Communication \| Communication ]] |
| 7.5 | [[ISO_27001_2022_7.5_MoC Documented information \| Documented information ]] |
| **F** | **[Foreword](../ISO-27001-OST/ISO27001-EN-2022/ISO_27001_OT%20F%20Foreword.md)** |
| **0** | **[Introduction](../ISO-27001-OST/ISO27001-EN-2022/ISO_27001_2022_OT%200%20Introduction.md)** |
| **1** | **[Scope](../ISO-27001-OST/ISO27001-EN-2022/ISO_27001_2022_OT%201%20Scope.md)** |
| **2** | **[Normative references](../ISO-27001-OST/ISO27001-EN-2022/ISO_27001_2022_OT%202%20Normative%20references.md)** |
| **3** | **[Terms and definitions](../ISO-27001-OST/ISO27001-EN-2022/ISO_27001_OT%20Terms%20and%20definitions.md)** |
| **4** | **[Context of the organization](ISO_27001_2022_4_MoC%20Context%20of%20the%20organization.md)** |
| 4.1 | [Understanding the organization and its context ](ISO_27001_2022_4.1_MoC%20Understanding%20the%20organization%20and%20its%20context.md) |
| 4.2 | [Understanding the needs and expectations of interested parties ](ISO_27001_2022_4.2_MoC%20Understanding%20the%20needs%20and%20expectations%20of%20interested%20parties.md) |
| 4.3 | [Determining the scope of the information security management system ](ISO_27001_2022_4.3_MoC%20Determining%20the%20scope%20of%20the%20information%20security%20management%20system.md) |
| 4.4 | [Information security management system ](ISO_27001_2022_4.4_MoC%20Information%20security%20management%20system.md) |
| **5** | **[Leadership](ISO_27001_2022_5_MoC%20Leadership.md)** |
| 5.1 | [Leadership and commitment ](ISO_27001_2022_5.1_MoC%20Leadership%20and%20commitment.md) |
| 5.2 | [Policy ](ISO_27001_2022_5.2_MoC%20Policy.md) |
| 5.3 | [Organizational roles, responsibilities and authorities ](ISO_27001_2022_5.3_MoC%20Organizational%20roles,%20responsibilities%20and%20authorities.md) |
| **6** | **[Planning](ISO_27001_2022_6_MoC%20Planning.md)** |
| 6.1 | [Actions to address risks and opportunities ](ISO_27001_2022_6.1_MoC%20Actions%20to%20address%20risks%20and%20opportunities.md) |
| 6.1.1 | [General ](ISO_27001_2022_6.1.1_MoC%20General.md) |
| 6.1.2 | [Information security risk assessment ](ISO_27001_2022_6.1.2_MoC%20Information%20security%20risk%20assessment.md) |
| 6.1.3 | [Information security risk treatment ](ISO_27001_2022_6.1.3_MoC%20Information%20security%20risk%20treatment.md) |
| 6.2 | [Information security objectives and planning to achieve them ](ISO_27001_2022_6.2_MoC%20Information%20security%20objectives%20and%20planning%20to%20achieve%20them.md) |
| 6.3 | [Planning of changes ](ISO_27001_2022_6.3_MoC%20Planning%20of%20changes.md) |
| **7** | **[Support](ISO_27001_2022_7_MoC%20Support.md)** |
| 7.1 | [ Resources ](ISO_27001_2022_7.1_MoC%20Resources.md) |
| 7.2 | [ Competence ](ISO_27001_2022_7.2_MoC%20Competence.md) |
| 7.3 | [ Awareness ](ISO_27001_2022_7.3_MoC%20Awareness.md) |
| 7.4 | [ Communication ](ISO_27001_2022_7.4_MoC%20Communication.md) |
| 7.5 | [ Documented information ](ISO_27001_2022_7.5_MoC%20Documented%20information.md) |
| 7.5.1 | General ↑ |
| 7.5.2 | Creating and updating ↑ |
| 7.5.3 | Control of documented information ↑ |
| **8** | **[[ISO_27001_2022_8_MoC Operation\|Operation]]** |
| 8.1 | [[ISO_27001_2022_8.1_MoC Operational planning and control \|Operational planning and control ]] |
| 8.2 | [[ISO_27001_2022_8.2_MoC Information security risk assessment \|Information security risk assessment ]] |
| 8.3 | [[ISO_27001_2022_8.3_MoC Information security risk treatment \|Information security risk treatment ]] |
| **9** | **[[ISO_27001_2022_9_MoC Performance evaluation\|Performance evaluation]]** |
| 9.1 | [[ISO_27001_2022_9.1_MoC Monitoring, measurement, analysis and evaluation \|Monitoring, measurement, analysis and evaluation ]] |
| 9.2 | [[ISO_27001_2022_9.2_MoC Internal audit \|Internal audit ]] |
| **8** | **[Operation](ISO_27001_2022_8_MoC%20Operation.md)** |
| 8.1 | [Operational planning and control ](ISO_27001_2022_8.1_MoC%20Operational%20planning%20and%20control.md) |
| 8.2 | [Information security risk assessment ](ISO_27001_2022_8.2_MoC%20Information%20security%20risk%20assessment.md) |
| 8.3 | [Information security risk treatment ](ISO_27001_2022_8.3_MoC%20Information%20security%20risk%20treatment.md) |
| **9** | **[Performance evaluation](ISO_27001_2022_9_MoC%20Performance%20evaluation.md)** |
| 9.1 | [Monitoring, measurement, analysis and evaluation ](ISO_27001_2022_9.1_MoC%20Monitoring,%20measurement,%20analysis%20and%20evaluation.md) |
| 9.2 | [Internal audit ](ISO_27001_2022_9.2_MoC%20Internal%20audit.md) |
| 9.2.1 | General ↑ |
| 9.2.2 | Internal audit programme ↑ |
| 9.3 | [[ISO_27001_2022_9.3_MoC Management review \|Management review ]] |
| 9.3 | [Management review ](ISO_27001_2022_9.3_MoC%20Management%20review.md) |
| 9.3.1 | General ↑ |
| 9.3.2 | Management review inputs ↑ |
| 9.3.3 | Management review results ↑ |
| **10** | **[[ISO_27001_2022_10_MoC Improvement\|Improvement]]** |
| 10.1 | [[ISO_27001_2022_10.1_MoC Continual improvement \|Continual improvement ]] |
| 10.2 | [[ISO_27001_2022_10.2_MoC Nonconformity and corrective action \|Nonconformity and corrective action ]] |
| **[[ISO_27001_2022_00_MoC Index EXT\|Annex A]]** | **Information security controls reference** |
| **10** | **[Improvement](ISO_27001_2022_10_MoC%20Improvement.md)** |
| 10.1 | [Continual improvement ](ISO_27001_2022_10.1_MoC%20Continual%20improvement.md) |
| 10.2 | [Nonconformity and corrective action ](ISO_27001_2022_10.2_MoC%20Nonconformity%20and%20corrective%20action.md) |
| **[Annex A](ISO_27001_2022_00_MoC%20Index%20EXT.md)** | **Information security controls reference** |

4
Corpus/Standards/MoCs/ISO_27001_2022_10.1_MoC Continual improvement.md
View file

@ -1,3 +1,3 @@
[[ISO_27001_OT 10.1 Continual improvement\|Original Text]]
[Original Text](../ISO-27001-OST/ISO27001-EN-2022/ISO_27001_OT%2010.1%20Continual%20improvement.md)
[[ISO_27001_PE 10.1 Continual improvement\|Plain English]]
[Plain English](../../../../iso27DIY-gis/reference/Paraphrased/ISO27001-2022-EN/ISO_27001_PE%2010.1%20Continual%20improvement.md)

2
Corpus/Standards/MoCs/ISO_27001_2022_10.2_MoC Nonconformity and corrective action.md
View file

@ -1,3 +1,3 @@
[[ISO_27001_OT 10.2 Nonconformity and corrective action\|Original Text]]
[Original Text](../ISO-27001-OST/ISO27001-EN-2022/ISO_27001_OT%2010.2%20Nonconformity%20and%20corrective%20action.md)
[[ISO_27001_PE 10.2 Nonconformity and corrective action\|Plain English]]

6
Corpus/Standards/MoCs/ISO_27001_2022_10_MoC Improvement.md
View file

@ -1,6 +1,6 @@
# Chapter 10: Improvement
| **10** | **[[ISO_27001_2022_10_MoC Improvement\|Improvement]]** |
| **10** | **[Improvement](ISO_27001_2022_10_MoC%20Improvement.md)** |
| ----------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| 10.1 | [[ISO_27001_2022_10.1_MoC Continual improvement \|Continual improvement ]] |
| 10.2 | [[ISO_27001_2022_10.2_MoC Nonconformity and corrective action \|Nonconformity and corrective action ]] |
| 10.1 | [Continual improvement ](ISO_27001_2022_10.1_MoC%20Continual%20improvement.md) |
| 10.2 | [Nonconformity and corrective action ](ISO_27001_2022_10.2_MoC%20Nonconformity%20and%20corrective%20action.md) |

4
Corpus/Standards/MoCs/ISO_27001_2022_4.1_MoC Understanding the organization and its context.md
View file

@ -1,9 +1,9 @@
# About C4.1: Understanding the organization and its context
From ISO 27001:2022
[[ISO_27001_2022_OT 4.1 Understanding the organization and its context\|Original Text]]
[Original Text](../ISO-27001-OST/ISO27001-EN-2022/ISO_27001_2022_OT%204.1%20Understanding%20the%20organization%20and%20its%20context.md)
[[ISO_27001_2022_PE 4.1 Understanding the organization and its context\|Plain English]] translation
[Plain English](../../../../iso27DIY-gis/reference/Paraphrased/ISO27001-2022-EN/ISO_27001_2022_PE%204.1%20Understanding%20the%20organization%20and%20its%20context.md) translation

4
Corpus/Standards/MoCs/ISO_27001_2022_4.2_MoC Understanding the needs and expectations of interested parties.md
View file

@ -1,8 +1,8 @@
# About C4.2: Understanding the needs and expectations of interested parties
[[ISO_27001_2022_OT 4.2 Understanding the needs and expectations of interested parties\|Original Text]]
[Original Text](../ISO-27001-OST/ISO27001-EN-2022/ISO_27001_2022_OT%204.2%20Understanding%20the%20needs%20and%20expectations%20of%20interested%20parties.md)
[[ISO_27001_PE 4.2 Understanding the needs and expectations of interested parties\|Plain English]]
[[PECB 27001 LA S05 E01a - Context of the organization|PECB Auditor training: Context of the organization]]
[PECB Auditor training: Context of the organization](../../../../👩🏼‍⚖️%20Standards%20and%20Regulations/ISO%2027K/PECB%20Lead%20Auditor%20Training%2027001/PECB%2027001%20LA%20S05%20E01a%20-%20Context%20of%20the%20organization.md)

6
Corpus/Standards/MoCs/ISO_27001_2022_4.3_MoC Determining the scope of the information security management system.md
View file

@ -1,9 +1,9 @@
# About C4.3 Determining the scope of the information security management system
[[ISO_27001_2022_OT 4.3 Determining the scope of the information security management system\|Original Text]]
[Original Text](../ISO-27001-OST/ISO27001-EN-2022/ISO_27001_2022_OT%204.3%20Determining%20the%20scope%20of%20the%20information%20security%20management%20system.md)
[[ISO_27001_PE 4.3 Determining the scope of the information security management system\|Plain English]]
[[About the Statement of Applicability]]
[About the Statement of Applicability](../../../Drafts%20and%20Ideas/ISMS/About%20the%20Statement%20of%20Applicability.md)
[[PECB 27001 LA S05 E01a - Context of the organization|PECB Auditor training: Context of the organization]]
[PECB Auditor training: Context of the organization](../../../../👩🏼‍⚖️%20Standards%20and%20Regulations/ISO%2027K/PECB%20Lead%20Auditor%20Training%2027001/PECB%2027001%20LA%20S05%20E01a%20-%20Context%20of%20the%20organization.md)

4
Corpus/Standards/MoCs/ISO_27001_2022_4.4_MoC Information security management system.md
View file

@ -1,7 +1,7 @@
# About C4.4: Information security management system
[[ISO_27001_2022_OT 4.4 Information security management system\|Original Text]]
[Original Text](../ISO-27001-OST/ISO27001-EN-2022/ISO_27001_2022_OT%204.4%20Information%20security%20management%20system.md)
[[ISO_27001_PE 4.4 Information security management system\|Plain English]]
[[PECB 27001 LA S05 E01a - Context of the organization|PECB Auditor training: Context of the organization]]
[PECB Auditor training: Context of the organization](../../../../👩🏼‍⚖️%20Standards%20and%20Regulations/ISO%2027K/PECB%20Lead%20Auditor%20Training%2027001/PECB%2027001%20LA%20S05%20E01a%20-%20Context%20of%20the%20organization.md)

8
Corpus/Standards/MoCs/ISO_27001_2022_4_MoC Context of the organization.md
View file

@ -2,7 +2,7 @@
| **4** | **Context of the organization** |
| ----- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| 4.1 | [[ISO_27001_2022_4.1_MoC Understanding the organization and its context \|Understanding the organization and its context ]] |
| 4.2 | [[ISO_27001_2022_4.2_MoC Understanding the needs and expectations of interested parties \|Understanding the needs and expectations of interested parties ]] |
| 4.3 | [[ISO_27001_2022_4.3_MoC Determining the scope of the information security management system \|Determining the scope of the information security management system ]] |
| 4.4 | [[ISO_27001_2022_4.4_MoC Information security management system \|Information security management system ]] |
| 4.1 | [Understanding the organization and its context ](ISO_27001_2022_4.1_MoC%20Understanding%20the%20organization%20and%20its%20context.md) |
| 4.2 | [Understanding the needs and expectations of interested parties ](ISO_27001_2022_4.2_MoC%20Understanding%20the%20needs%20and%20expectations%20of%20interested%20parties.md) |
| 4.3 | [Determining the scope of the information security management system ](ISO_27001_2022_4.3_MoC%20Determining%20the%20scope%20of%20the%20information%20security%20management%20system.md) |
| 4.4 | [Information security management system ](ISO_27001_2022_4.4_MoC%20Information%20security%20management%20system.md) |

4
Corpus/Standards/MoCs/ISO_27001_2022_5.1_MoC Leadership and commitment.md
View file

@ -2,9 +2,9 @@
Describes the responsibilities of 'Top management' with regards to the ISMS.
[[ISO_27001_2022_OT 5.1 Leadership and commitment\|Original Text]]
[Original Text](../ISO-27001-OST/ISO27001-EN-2022/ISO_27001_2022_OT%205.1%20Leadership%20and%20commitment.md)
[[ISO_27001_PE 5.1 Leadership and commitment\|Plain English]]
Related:
- [[ISO_27001_2022_9.3_MoC Management review|Clause 9.3]], Management review
- [Clause 9.3](ISO_27001_2022_9.3_MoC%20Management%20review.md), Management review

4
Corpus/Standards/MoCs/ISO_27001_2022_5.2_MoC Policy.md
View file

@ -2,9 +2,9 @@
The information security policy as established by top management
[[ISO_27001_2022_OT 5.2 Policy\|Original Text]]
[Original Text](../ISO-27001-OST/ISO27001-EN-2022/ISO_27001_2022_OT%205.2%20Policy.md)
[[ISO_27001_PE 5.2 Policy\|Plain English]]
[[PECB 27001 LA S05 E01b - Leadership|PECB Auditor training: Leadership]]
[PECB Auditor training: Leadership](../../../../👩🏼‍⚖️%20Standards%20and%20Regulations/ISO%2027K/PECB%20Lead%20Auditor%20Training%2027001/PECB%2027001%20LA%20S05%20E01b%20-%20Leadership.md)

4
Corpus/Standards/MoCs/ISO_27001_2022_5.3_MoC Organizational roles, responsibilities and authorities.md
View file

@ -4,11 +4,11 @@ Top management must make sure that responsibilities and authorities for informat
Top management specifically needs to assign responsibility and authority for ensuring the ISMS's compliance with the standard, and for reporting[^1] on it's performance (apparently, assigning *other* responsibilities and authorities need *not* be a top management concern).
[[ISO_27001_2022_OT 5.3 Organizational roles, responsibilities and authorities\|Original Text]]
[Original Text](../ISO-27001-OST/ISO27001-EN-2022/ISO_27001_2022_OT%205.3%20Organizational%20roles,%20responsibilities%20and%20authorities.md)
[[ISO_27001_PE 5.3 Organizational roles, responsibilities and authorities\|Plain English]]
[[PECB 27001 LA S05 E01b - Leadership|PECB Auditor training: Leadership]]
[PECB Auditor training: Leadership](../../../../👩🏼‍⚖️%20Standards%20and%20Regulations/ISO%2027K/PECB%20Lead%20Auditor%20Training%2027001/PECB%2027001%20LA%20S05%20E01b%20-%20Leadership.md)

12
Corpus/Standards/MoCs/ISO_27001_2022_5_MoC Leadership.md
View file

@ -1,11 +1,11 @@
# Chapter 5: Leadership
| **5** | **[[ISO_27001_2022_5_MoC Leadership\|Leadership]]** |
| **5** | **[Leadership](ISO_27001_2022_5_MoC%20Leadership.md)** |
| ----------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| 5.1 | [[ISO_27001_2022_5.1_MoC Leadership and commitment \|Leadership and commitment ]] |
| 5.2 | [[ISO_27001_2022_5.2_MoC Policy \|Policy ]] |
| 5.3 | [[ISO_27001_2022_5.3_MoC Organizational roles, responsibilities and authorities \|Organizational roles, responsibilities and authorities ]] |
| 5.1 | [Leadership and commitment ](ISO_27001_2022_5.1_MoC%20Leadership%20and%20commitment.md) |
| 5.2 | [Policy ](ISO_27001_2022_5.2_MoC%20Policy.md) |
| 5.3 | [Organizational roles, responsibilities and authorities ](ISO_27001_2022_5.3_MoC%20Organizational%20roles,%20responsibilities%20and%20authorities.md) |
[[PECB 27001 LA S05 E01a - Context of the organization|Context of the organization]] from the PECB Auditor training
[[PECB 27001 LA S05 E01b - Leadership|Leadership]] from the PECB Auditor training
[Context of the organization](../../../../👩🏼‍⚖️%20Standards%20and%20Regulations/ISO%2027K/PECB%20Lead%20Auditor%20Training%2027001/PECB%2027001%20LA%20S05%20E01a%20-%20Context%20of%20the%20organization.md) from the PECB Auditor training
[Leadership](../../../../👩🏼‍⚖️%20Standards%20and%20Regulations/ISO%2027K/PECB%20Lead%20Auditor%20Training%2027001/PECB%2027001%20LA%20S05%20E01b%20-%20Leadership.md) from the PECB Auditor training

2
Corpus/Standards/MoCs/ISO_27001_2022_6.1.1_MoC General.md
View file

@ -1,4 +1,4 @@
### 6.1.1 General
- [[ISO_27001_OT 6.1.1 General\|Original Text]]
- [Original Text](../ISO-27001-OST/ISO27001-EN-2022/ISO_27001_OT%206.1.1%20General.md)
- [[ISO_27001_PE 6.1.1 General\|Plain English]]

14
Corpus/Standards/MoCs/ISO_27001_2022_6.1.2_MoC Information security risk assessment.md
View file

@ -1,11 +1,11 @@
# About Clause 6.1.2: I| **6** | **[[ISO_27001_2022_6_MoC Planning\|Planning]]** |
# About Clause 6.1.2: I| **6** | **[Planning](ISO_27001_2022_6_MoC%20Planning.md)** |
| ----- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| 6.1 | [[ISO_27001_2022_6.1_MoC Actions to address risks and opportunities \|Actions to address risks and opportunities ]] |
| 6.1.1 | [[ISO_27001_2022_6.1.1_MoC General\|General ]] |
| 6.1.2 | [[ISO_27001_2022_6.1.2_MoC Information security risk assessment\|Information security risk assessment ]] |
| 6.1.3 | [[ISO_27001_2022_6.1.3_MoC Information security risk treatment\|Information security risk treatment ]] |
| 6.2 | [[ISO_27001_2022_6.2_MoC Information security objectives and planning to achieve them \|Information security objectives and planning to achieve them ]] |
| 6.3 | [[ISO_27001_2022_6.3_MoC Planning of changes \|Planning of changes ]] |rity investments will deliver the most value. This is in line with the ISO 31000 standard for Risk Management #research title? , which recommends categorizing risks based on your organizations context and objectives.
| 6.1 | [Actions to address risks and opportunities ](ISO_27001_2022_6.1_MoC%20Actions%20to%20address%20risks%20and%20opportunities.md) |
| 6.1.1 | [General ](ISO_27001_2022_6.1.1_MoC%20General.md) |
| 6.1.2 | [Information security risk assessment ](ISO_27001_2022_6.1.2_MoC%20Information%20security%20risk%20assessment.md) |
| 6.1.3 | [Information security risk treatment ](ISO_27001_2022_6.1.3_MoC%20Information%20security%20risk%20treatment.md) |
| 6.2 | [Information security objectives and planning to achieve them ](ISO_27001_2022_6.2_MoC%20Information%20security%20objectives%20and%20planning%20to%20achieve%20them.md) |
| 6.3 | [Planning of changes ](ISO_27001_2022_6.3_MoC%20Planning%20of%20changes.md) |rity investments will deliver the most value. This is in line with the ISO 31000 standard for Risk Management #research title? , which recommends categorizing risks based on your organizations context and objectives.
Different organizations worry about different kinds of risks, based on their mission, industry, and stakeholder expectations. An engineering firm may worry about their designs being stolen (protection of intellectual property) and construction errors due to incorrect data or calculations (integrity of information). A hospital will worry about continuity (availability of information) and patient confidentiality. A social media advertising platform, may care less about compliance with privacy regulations, but place great emphasis on uptime of systems.

4
Corpus/Standards/MoCs/ISO_27001_2022_6.1.3_MoC Information security risk treatment.md
View file

@ -1,6 +1,6 @@
# 6.1.3 Information security risk treatment
- [[ISO_27001_OT 6.1.3 Information security risk treatment\|Original Text]]
- [Original Text](../ISO-27001-OST/ISO27001-EN-2022/ISO_27001_OT%206.1.3%20Information%20security%20risk%20treatment.md)
- [[ISO_27001_PE 6.1.3 Information security risk treatment\|Plain English]]
[[About the Statement of Applicability]]
[About the Statement of Applicability](../../../Drafts%20and%20Ideas/ISMS/About%20the%20Statement%20of%20Applicability.md)

6
Corpus/Standards/MoCs/ISO_27001_2022_6.1_MoC Actions to address risks and opportunities.md
View file

@ -1,7 +1,7 @@
## 6.1 Actions to address risks and opportunities
- [[ISO_27001_2022_6.1.1_MoC General|6.1.1 General]]
- [[ISO_27001_2022_6.1.2_MoC Information security risk assessment|6.1.2 Information security risk assessment]]
- [[ISO_27001_2022_6.1.3_MoC Information security risk treatment|6.1.3 Information security risk treatment]]
- [6.1.1 General](ISO_27001_2022_6.1.1_MoC%20General.md)
- [6.1.2 Information security risk assessment](ISO_27001_2022_6.1.2_MoC%20Information%20security%20risk%20assessment.md)
- [6.1.3 Information security risk treatment](ISO_27001_2022_6.1.3_MoC%20Information%20security%20risk%20treatment.md)

4
Corpus/Standards/MoCs/ISO_27001_2022_6.2_MoC Information security objectives and planning to achieve them.md
View file

@ -1,4 +1,4 @@
# About Chapter 6.2: Information security objectives and planning to achieve them
[[ISO_27001_OT 6.2 Information security objectives and planning to achieve them\|Original Text]]
[Original Text](../ISO-27001-OST/ISO27001-EN-2022/ISO_27001_OT%206.2%20Information%20security%20objectives%20and%20planning%20to%20achieve%20them.md)
[[ISO_27001_PE 6.2 Information security objectives and planning to achieve them\|Plain English]]
[Plain English](../../../../iso27DIY-gis/reference/Paraphrased/ISO27001-2022-EN/ISO_27001_PE%206.2%20Information%20security%20objectives%20and%20planning%20to%20achieve%20them.md)

2
Corpus/Standards/MoCs/ISO_27001_2022_6.3_MoC Planning of changes.md
View file

@ -1,3 +1,3 @@
[[ISO_27001_OT 6.3 Planning of changes\|Original Text]]
[Original Text](../ISO-27001-OST/ISO27001-EN-2022/ISO_27001_OT%206.3%20Planning%20of%20changes.md)
[[ISO_27001_PE 6.3 Planning of changes\|Plain English]]

14
Corpus/Standards/MoCs/ISO_27001_2022_6_MoC Planning.md
View file

@ -1,10 +1,10 @@
# Chapter 6: Planning
| **6** | **[[ISO_27001_2022_6_MoC Planning\|Planning]]** |
| **6** | **[Planning](ISO_27001_2022_6_MoC%20Planning.md)** |
| ----- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| 6.1 | [[ISO_27001_2022_6.1_MoC Actions to address risks and opportunities \|Actions to address risks and opportunities ]] |
| 6.1.1 | [[ISO_27001_2022_6.1.1_MoC General\|General ]] |
| 6.1.2 | [[ISO_27001_2022_6.1.2_MoC Information security risk assessment\|Information security risk assessment ]] |
| 6.1.3 | [[ISO_27001_2022_6.1.3_MoC Information security risk treatment\|Information security risk treatment ]] |
| 6.2 | [[ISO_27001_2022_6.2_MoC Information security objectives and planning to achieve them \|Information security objectives and planning to achieve them ]] |
| 6.3 | [[ISO_27001_2022_6.3_MoC Planning of changes \|Planning of changes ]] |
| 6.1 | [Actions to address risks and opportunities ](ISO_27001_2022_6.1_MoC%20Actions%20to%20address%20risks%20and%20opportunities.md) |
| 6.1.1 | [General ](ISO_27001_2022_6.1.1_MoC%20General.md) |
| 6.1.2 | [Information security risk assessment ](ISO_27001_2022_6.1.2_MoC%20Information%20security%20risk%20assessment.md) |
| 6.1.3 | [Information security risk treatment ](ISO_27001_2022_6.1.3_MoC%20Information%20security%20risk%20treatment.md) |
| 6.2 | [Information security objectives and planning to achieve them ](ISO_27001_2022_6.2_MoC%20Information%20security%20objectives%20and%20planning%20to%20achieve%20them.md) |
| 6.3 | [Planning of changes ](ISO_27001_2022_6.3_MoC%20Planning%20of%20changes.md) |

2
Corpus/Standards/MoCs/ISO_27001_2022_7.1_MoC Resources.md
View file

@ -1,3 +1,3 @@
[[ISO_27001_OT 7.1 Resources\|Original Text]]
[Original Text](../ISO-27001-OST/ISO27001-EN-2022/ISO_27001_OT%207.1%20Resources.md)
[[ISO_27001_PE 7.1 Resources\|Plain English]]

2
Corpus/Standards/MoCs/ISO_27001_2022_7.2_MoC Competence.md
View file

@ -1,3 +1,3 @@
[[ISO_27001_OT 7.2 Competence\|Original Text]]
[Original Text](../ISO-27001-OST/ISO27001-EN-2022/ISO_27001_OT%207.2%20Competence.md)
[[ISO_27001_PE 7.2 Competence\|Plain English]]

2
Corpus/Standards/MoCs/ISO_27001_2022_7.3_MoC Awareness.md
View file

@ -1,3 +1,3 @@
[[ISO_27001_OT 7.3 Awareness\|Original Text]]
[Original Text](../ISO-27001-OST/ISO27001-EN-2022/ISO_27001_OT%207.3%20Awareness.md)
[[ISO_27001_PE 7.3 Awareness\|Plain English]]

2
Corpus/Standards/MoCs/ISO_27001_2022_7.4_MoC Communication.md
View file

@ -1,3 +1,3 @@
[[ISO_27001_OT 7.4 Communication\|Original Text]]
[Original Text](../ISO-27001-OST/ISO27001-EN-2022/ISO_27001_OT%207.4%20Communication.md)
[[ISO_27001_PE 7.4 Communication\|Plain English]]

8
Corpus/Standards/MoCs/ISO_27001_2022_7.5_MoC Documented information.md
View file

@ -1,7 +1,7 @@
[[ISO_27001_OT 7.5 Documented information\|Original Text]]
[Original Text](../ISO-27001-OST/ISO27001-EN-2022/ISO_27001_OT%207.5%20Documented%20information.md)
[[ISO_27001_PE 7.5 Documented information\|Plain English]]
- [[ISO_27001_2022_7.5.1_MoC General|7.5.1 General]]
- [[ISO_27001_2022_7.5.2_MoC Creating and updating|7.5.2 Creating and updating]]
- [[ISO_27001_2022_7.5.3_MoC Control of documented information|7.5.3 Control of documented information]]
- [7.5.1 General](ISO_27001_2022_7.5.1_MoC%20General.md)
- [7.5.2 Creating and updating](ISO_27001_2022_7.5.2_MoC%20Creating%20and%20updating.md)
- [7.5.3 Control of documented information](ISO_27001_2022_7.5.3_MoC%20Control%20of%20documented%20information.md)

12
Corpus/Standards/MoCs/ISO_27001_2022_7_MoC Support.md
View file

@ -1,12 +1,12 @@
# Chapter 7: Support
| **7** | **[[ISO_27001_2022_7_MoC Support\|Support]]** |
| **7** | **[Support](ISO_27001_2022_7_MoC%20Support.md)** |
| ----- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| 7.1 | [[ISO_27001_2022_7.1_MoC Resources \| Resources ]] |
| 7.2 | [[ISO_27001_2022_7.2_MoC Competence \| Competence ]] |
| 7.3 | [[ISO_27001_2022_7.3_MoC Awareness \| Awareness ]] |
| 7.4 | [[ISO_27001_2022_7.4_MoC Communication \| Communication ]] |
| 7.5 | [[ISO_27001_2022_7.5_MoC Documented information \| Documented information ]] |
| 7.1 | [ Resources ](ISO_27001_2022_7.1_MoC%20Resources.md) |
| 7.2 | [ Competence ](ISO_27001_2022_7.2_MoC%20Competence.md) |
| 7.3 | [ Awareness ](ISO_27001_2022_7.3_MoC%20Awareness.md) |
| 7.4 | [ Communication ](ISO_27001_2022_7.4_MoC%20Communication.md) |
| 7.5 | [ Documented information ](ISO_27001_2022_7.5_MoC%20Documented%20information.md) |
| 7.5.1 | General ↑ |
| 7.5.2 | Creating and updating ↑ |
| 7.5.3 | Control of documented information ↑ |

2
Corpus/Standards/MoCs/ISO_27001_2022_8.1_MoC Operational planning and control.md
View file

@ -1,3 +1,3 @@
[[ISO_27001_OT 8.1 Operational planning and control\|Original Text]]
[Original Text](../ISO-27001-OST/ISO27001-EN-2022/ISO_27001_OT%208.1%20Operational%20planning%20and%20control.md)
[[ISO_27001_PE 8.1 Operational planning and control\|Plain English]]

2
Corpus/Standards/MoCs/ISO_27001_2022_8.2_MoC Information security risk assessment.md
View file

@ -1,6 +1,6 @@
# About Clause 8.2: Information security risk assessment
[[ISO_27001_OT 8.2 Information security risk assessment\|Original Text]]
[Original Text](../ISO-27001-OST/ISO27001-EN-2022/ISO_27001_OT%208.2%20Information%20security%20risk%20assessment.md)
[[ISO_27001_PE 8.2 Information security risk assessment\|Plain English]]

2
Corpus/Standards/MoCs/ISO_27001_2022_8.3_MoC Information security risk treatment.md
View file

@ -1,5 +1,5 @@
# About Clause 8.3: Information security risk treatment
[[ISO_27001_OT 8.3 Information security risk treatment\|Original Text]]
[Original Text](../ISO-27001-OST/ISO27001-EN-2022/ISO_27001_OT%208.3%20Information%20security%20risk%20treatment.md)
[[ISO_27001_PE 8.3 Information security risk treatment\|Plain English]]

8
Corpus/Standards/MoCs/ISO_27001_2022_8_MoC Operation.md
View file

@ -1,7 +1,7 @@
# Chapter 8: Operation
| **8** | **[[ISO_27001_2022_8_MoC Operation\|Operation]]** |
| **8** | **[Operation](ISO_27001_2022_8_MoC%20Operation.md)** |
| ----------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| 8.1 | [[ISO_27001_2022_8.1_MoC Operational planning and control \|Operational planning and control ]] |
| 8.2 | [[ISO_27001_2022_8.2_MoC Information security risk assessment \|Information security risk assessment ]] |
| 8.3 | [[ISO_27001_2022_8.3_MoC Information security risk treatment \|Information security risk treatment ]] |
| 8.1 | [Operational planning and control ](ISO_27001_2022_8.1_MoC%20Operational%20planning%20and%20control.md) |
| 8.2 | [Information security risk assessment ](ISO_27001_2022_8.2_MoC%20Information%20security%20risk%20assessment.md) |
| 8.3 | [Information security risk treatment ](ISO_27001_2022_8.3_MoC%20Information%20security%20risk%20treatment.md) |

2
Corpus/Standards/MoCs/ISO_27001_2022_9.1_MoC Monitoring, measurement, analysis and evaluation.md
View file

@ -1,3 +1,3 @@
[[ISO_27001_OT 9.1 Monitoring, measurement, analysis and evaluation\|Original Text]]
[Original Text](../ISO-27001-OST/ISO27001-EN-2022/ISO_27001_OT%209.1%20Monitoring,%20measurement,%20analysis%20and%20evaluation.md)
[[ISO_27001_PE 9.1 Monitoring, measurement, analysis and evaluation\|Plain English]]

2
Corpus/Standards/MoCs/ISO_27001_2022_9.2_MoC Internal audit.md
View file

@ -1,5 +1,5 @@
# About Clause 9.2: Internal audit
[[ISO_27001_OT 9.2 Internal audit\|Original Text]]
[Original Text](../ISO-27001-OST/ISO27001-EN-2022/ISO_27001_OT%209.2%20Internal%20audit.md)
[[ISO_27001_PE 9.2 Internal audit\|Plain English]]

2
Corpus/Standards/MoCs/ISO_27001_2022_9.3_MoC Management review.md
View file

@ -1,5 +1,5 @@
# 9.3 Management review
[[ISO_27001_OT 9.3 Management review\|Original Text]]
[Original Text](../ISO-27001-OST/ISO27001-EN-2022/ISO_27001_OT%209.3%20Management%20review.md)
[[ISO_27001_PE 9.3 Management review\|Plain English]]

8
Corpus/Standards/MoCs/ISO_27001_2022_9_MoC Performance evaluation.md
View file

@ -1,12 +1,12 @@
# Chapter 9: Performance evaluation
| **9** | **[[ISO_27001_2022_9_MoC Performance evaluation\|Performance evaluation]]** |
| **9** | **[Performance evaluation](ISO_27001_2022_9_MoC%20Performance%20evaluation.md)** |
| ----- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| 9.1 | [[ISO_27001_2022_9.1_MoC Monitoring, measurement, analysis and evaluation \|Monitoring, measurement, analysis and evaluation ]] |
| 9.2 | [[ISO_27001_2022_9.2_MoC Internal audit \|Internal audit ]] |
| 9.1 | [Monitoring, measurement, analysis and evaluation ](ISO_27001_2022_9.1_MoC%20Monitoring,%20measurement,%20analysis%20and%20evaluation.md) |
| 9.2 | [Internal audit ](ISO_27001_2022_9.2_MoC%20Internal%20audit.md) |
| 9.2.1 | General ↑ |
| 9.2.2 | Internal audit programme ↑ |
| 9.3 | [[ISO_27001_2022_9.3_MoC Management review \|Management review ]] |
| 9.3 | [Management review ](ISO_27001_2022_9.3_MoC%20Management%20review.md) |
| 9.3.1 | General ↑ |
| 9.3.2 | Management review inputs ↑ |
| 9.3.3 | Management review results ↑ |

6
Corpus/Standards/MoCs/ISO_27002_2022_5.10_MoC Acceptable use of information and other associated assets.md
View file

@ -1,5 +1,5 @@
[[ISO_27002_2022_5.10_OT Acceptable use of information and other associated assets \|Original Text]]
[[ISO_27002_2022_5.10_PE Acceptable use of information and other associated assets \|Plain English]]
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/ISO_27002_2022_5.10_OT%20Acceptable%20use%20of%20information%20and%20other%20associated%20assets.md)
[Plain English](../../../../iso27DIY-gis/reference/Paraphrased/ISO27002-2022-EN/ISO_27002_2022_5.10_PE%20Acceptable%20use%20of%20information%20and%20other%20associated%20assets.md)
ISO 27002:2013: 08.1.3, 08.2.3
[[ISO_27002_2022_NL_5.10_BT Aanvaardbaar gebruik van informatie en andere gerelateerde bedrijfsmiddelen \|Brontekst]]
[Brontekst](../ISO-27002-OST/ISO27002-NL-2022/ISO_27002_2022_NL_5.10_BT%20Aanvaardbaar%20gebruik%20van%20informatie%20en%20andere%20gerelateerde%20bedrijfsmiddelen.md)

4
Corpus/Standards/MoCs/ISO_27002_2022_5.11_MoC Return of assets.md
View file

@ -1,5 +1,5 @@
[[ISO_27002_2022_5.11_OT Return of assets \|Original Text]]
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/ISO_27002_2022_5.11_OT%20Return%20of%20assets.md)
[[ISO_27002_2022_5.11_PE Return of assets \|Plain English]]
ISO 27002:2013: 08.1.4
[[ISO_27002_2022_NL_5.11_BT Retourneren van bedrijfsmiddelen \|Brontekst]]
[Brontekst](../ISO-27002-OST/ISO27002-NL-2022/ISO_27002_2022_NL_5.11_BT%20Retourneren%20van%20bedrijfsmiddelen.md)

6
Corpus/Standards/MoCs/ISO_27002_2022_5.12_MoC Classification of information.md
View file

@ -1,5 +1,5 @@
[[ISO_27002_2022_5.12_OT Classification of information \|Original Text]]
[[ISO_27002_2022_5.12_PE Classification of information \|Plain English]]
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/ISO_27002_2022_5.12_OT%20Classification%20of%20information.md)
[Plain English](../../../../iso27DIY-gis/reference/Paraphrased/ISO27002-2022-EN/ISO_27002_2022_5.12_PE%20Classification%20of%20information.md)
ISO 27002:2013: 08.2.1
[[ISO_27002_2022_NL_5.12_BT Classificeren van informatie \|Brontekst]]
[Brontekst](../ISO-27002-OST/ISO27002-NL-2022/ISO_27002_2022_NL_5.12_BT%20Classificeren%20van%20informatie.md)

6
Corpus/Standards/MoCs/ISO_27002_2022_5.13_MoC Labelling of information.md
View file

@ -1,5 +1,5 @@
[[ISO_27002_2022_5.13_OT Labelling of information \|Original Text]]
[[ISO_27002_2022_5.13_PE Labelling of information \|Plain English]]
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/ISO_27002_2022_5.13_OT%20Labelling%20of%20information.md)
[Plain English](../../../../iso27DIY-gis/reference/Paraphrased/ISO27002-2022-EN/ISO_27002_2022_5.13_PE%20Labelling%20of%20information.md)
ISO 27002:2013: 08.2.2
[[ISO_27002_2022_NL_5.13_BT Labelen van informatie \|Brontekst]]
[Brontekst](../ISO-27002-OST/ISO27002-NL-2022/ISO_27002_2022_NL_5.13_BT%20Labelen%20van%20informatie.md)

4
Corpus/Standards/MoCs/ISO_27002_2022_5.14_MoC Information transfer.md
View file

@ -1,5 +1,5 @@
[[ISO_27002_2022_5.14_OT Information transfer \|Original Text]]
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/ISO_27002_2022_5.14_OT%20Information%20transfer.md)
[[ISO_27002_2022_5.14_PE Information transfer \|Plain English]]
ISO 27002:2013: 13.2.1, 13.2.2, 13.2.3
[[ISO_27002_2022_NL_5.14_BT Overdragen van informatie \|Brontekst]]
[Brontekst](../ISO-27002-OST/ISO27002-NL-2022/ISO_27002_2022_NL_5.14_BT%20Overdragen%20van%20informatie.md)

2
Corpus/Standards/MoCs/ISO_27002_2022_5.15_MoC Access control.md
View file

@ -2,6 +2,6 @@
Foundational rules and principles to control access to information assets, in line with business and information security requirements.
[[ISO_27002_2022_5.15_OT Access control \|Original Text]]
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/ISO_27002_2022_5.15_OT%20Access%20control.md)
[[ISO_27002_2022_5.15_PE Access control \|Plain English]]
ISO 27002:2013: 09.1.1, 09.1.2

4
Corpus/Standards/MoCs/ISO_27002_2022_5.16_MoC Identity management.md
View file

@ -2,8 +2,8 @@
Identity life cycle management.
[[ISO_27002_2022_5.16_OT Identity management \|Original Text]]
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/ISO_27002_2022_5.16_OT%20Identity%20management.md)
[[ISO_27002_2022_5.16_PE Identity management \|Plain English]]
ISO 27002:2013: 09.2.1
[[ISO_27002_2022_NL_5.16_BT Identiteitsbeheer \|Brontekst]]
[Brontekst](../ISO-27002-OST/ISO27002-NL-2022/ISO_27002_2022_NL_5.16_BT%20Identiteitsbeheer.md)

14
Corpus/Standards/MoCs/ISO_27002_2022_5.17_MoC Authentication information.md
View file

@ -2,21 +2,21 @@
Managing authentication information, including advising personnel on how to handle authentication information.
[[ISO_27002_2022_5.17_OT Authentication information \|Original Text]]
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/ISO_27002_2022_5.17_OT%20Authentication%20information.md)
[[ISO_27002_2022_5.17_PE Authentication information \|Plain English]]
ISO 27002:2013: 09.2.4, 09.3.1, 09.4.3
[[ISO_27002_2022_NL_5.17_BT Beheren van authenticatie-informatie \|Brontekst]]
[[ISO_27002_2022_NL_5.17_NN Beheren van authenticatie-informatie \|Normaal Nederlands]]
[Brontekst](../ISO-27002-OST/ISO27002-NL-2022/ISO_27002_2022_NL_5.17_BT%20Beheren%20van%20authenticatie-informatie.md)
[Normaal Nederlands](../ISO-27002-OST/ISO27002-NL-2022/ISO_27002_2022_NL_5.17_NN%20Beheren%20van%20authenticatie-informatie.md)
[[Sterke wachtwoorden in 2024]]
[Sterke wachtwoorden in 2024](../../../../🎇%20Sparks/Sterke%20wachtwoorden%20in%202024.md)
**NCSC over authenticeren**
- [Authenticatie als onderdeel van Digitale Weerbaarheid](https://www.ncsc.nl/wat-kun-je-zelf-doen/weerbaarheid/beschermen/authenticatie)
- [[NCSC Infosheet Volwassen Authenticeren]]
- [[NCSC_Factsheet_Volwassen_Authenticeren]]
- [[NCSC Factsheet Gebruik Tweefactorauthenticatie]]
- [NCSC Infosheet Volwassen Authenticeren](../../../../👩🏼‍⚖️%20Standards%20and%20Regulations/NCSC/NCSC%20Infosheet%20Volwassen%20Authenticeren.md)
- [NCSC_Factsheet_Volwassen_Authenticeren](../../../../👩🏼‍⚖️%20Standards%20and%20Regulations/NCSC/NCSC_Factsheet_Volwassen_Authenticeren.md)
- [NCSC Factsheet Gebruik Tweefactorauthenticatie](../../../../👩🏼‍⚖️%20Standards%20and%20Regulations/NCSC/NCSC%20Factsheet%20Gebruik%20Tweefactorauthenticatie.md)
- [Choosing the right type](https://www.ncsc.gov.uk/guidance/authentication-methods-choosing-the-right-type)

6
Corpus/Standards/MoCs/ISO_27002_2022_5.18_MoC Access rights.md
View file

@ -1,9 +1,9 @@
# About Control 5.18: Access rights
Access rights management procedures (provisioning, review, modification and removal) in line with business rules for access control (from [[ISO_27002_2022_5.15_MoC Access control|A5.15]]).
Access rights management procedures (provisioning, review, modification and removal) in line with business rules for access control (from [A5.15](ISO_27002_2022_5.15_MoC%20Access%20control.md)).
[[ISO_27002_2022_5.18_OT Access rights \|Original Text]]
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/ISO_27002_2022_5.18_OT%20Access%20rights.md)
[[ISO_27002_2022_5.18_PE Access rights \|Plain English]]
ISO 27002:2013: 09.2.2, 09.2.5, 09.2.6
[[ISO_27002_2022_NL_5.18_BT Toegangsrechten \|Brontekst]]
[Brontekst](../ISO-27002-OST/ISO27002-NL-2022/ISO_27002_2022_NL_5.18_BT%20Toegangsrechten.md)

6
Corpus/Standards/MoCs/ISO_27002_2022_5.19_MoC Information security in supplier relationships.md
View file

@ -1,5 +1,5 @@
[[ISO_27002_2022_5.19_OT Information security in supplier relationships \|Original Text]]
[[ISO_27002_2022_5.19_PE Information security in supplier relationships \|Plain English]]
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/ISO_27002_2022_5.19_OT%20Information%20security%20in%20supplier%20relationships.md)
[Plain English](../../../../iso27DIY-gis/reference/Paraphrased/ISO27002-2022-EN/ISO_27002_2022_5.19_PE%20Information%20security%20in%20supplier%20relationships.md)
ISO 27002:2013: 15.1.1
[[ISO_27002_2022_NL_5.19_BT Informatiebeveiliging in leveranciersrelaties \|Brontekst]]
[Brontekst](../ISO-27002-OST/ISO27002-NL-2022/ISO_27002_2022_NL_5.19_BT%20Informatiebeveiliging%20in%20leveranciersrelaties.md)

6
Corpus/Standards/MoCs/ISO_27002_2022_5.20_MoC Addressing information security within supplier agreements.md
View file

@ -1,5 +1,5 @@
[[ISO_27002_2022_5.20_OT Addressing information security within supplier agreements \|Original Text]]
[[ISO_27002_2022_5.20_PE Addressing information security within supplier agreements \|Plain English]]
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/ISO_27002_2022_5.20_OT%20Addressing%20information%20security%20within%20supplier%20agreements.md)
[Plain English](../../../../iso27DIY-gis/reference/Paraphrased/ISO27002-2022-EN/ISO_27002_2022_5.20_PE%20Addressing%20information%20security%20within%20supplier%20agreements.md)
ISO 27002:2013: 15.1.2
[[ISO_27002_2022_NL_5.20_BT Adresseren van informatiebeveiliging in leveranciersovereenkomsten \|Brontekst]]
[Brontekst](../ISO-27002-OST/ISO27002-NL-2022/ISO_27002_2022_NL_5.20_BT%20Adresseren%20van%20informatiebeveiliging%20in%20leveranciersovereenkomsten.md)

6
Corpus/Standards/MoCs/ISO_27002_2022_5.21_MoC Managing information security in the ICT supply chain.md
View file

@ -1,5 +1,5 @@
[[ISO_27002_2022_5.21_OT Managing information security in the ICT supply chain \|Original Text]]
[[ISO_27002_2022_5.21_PE Managing information security in the ICT supply chain \|Plain English]]
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/ISO_27002_2022_5.21_OT%20Managing%20information%20security%20in%20the%20ICT%20supply%20chain.md)
[Plain English](../../../../iso27DIY-gis/reference/Paraphrased/ISO27002-2022-EN/ISO_27002_2022_5.21_PE%20Managing%20information%20security%20in%20the%20ICT%20supply%20chain.md)
ISO 27002:2013: 15.1.3
[[ISO_27002_2022_NL_5.21_BT Beheren van informatiebeveiliging in de ICT-keten \|Brontekst]]
[Brontekst](../ISO-27002-OST/ISO27002-NL-2022/ISO_27002_2022_NL_5.21_BT%20Beheren%20van%20informatiebeveiliging%20in%20de%20ICT-keten.md)

6
Corpus/Standards/MoCs/ISO_27002_2022_5.22_MoC Monitoring, review and change management of supplier services.md
View file

@ -1,5 +1,5 @@
[[ISO_27002_2022_5.22_OT Monitoring, review and change management of supplier services \|Original Text]]
[[ISO_27002_2022_5.22_PE Monitoring, review and change management of supplier services \|Plain English]]
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/ISO_27002_2022_5.22_OT%20Monitoring,%20review%20and%20change%20management%20of%20supplier%20services.md)
[Plain English](../../../../iso27DIY-gis/reference/Paraphrased/ISO27002-2022-EN/ISO_27002_2022_5.22_PE%20Monitoring,%20review%20and%20change%20management%20of%20supplier%20services.md)
ISO 27002:2013: 15.2.1, 15.2.2
[[ISO_27002_2022_NL_5.22_BT Monitoren, beoordelen en het beheren van wijzigingen van leveranciersdiensten \|Brontekst]]
[Brontekst](../ISO-27002-OST/ISO27002-NL-2022/ISO_27002_2022_NL_5.22_BT%20Monitoren,%20beoordelen%20en%20het%20beheren%20van%20wijzigingen%20van%20leveranciersdiensten.md)

6
Corpus/Standards/MoCs/ISO_27002_2022_5.23_MoC Information security for use of cloud services.md
View file

@ -1,5 +1,5 @@
[[ISO_27002_2022_5.23_OT Information security for use of cloud services \|Original Text]]
[[ISO_27002_2022_5.23_PE Information security for use of cloud services \|Plain English]]
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/ISO_27002_2022_5.23_OT%20Information%20security%20for%20use%20of%20cloud%20services.md)
[Plain English](../../../../iso27DIY-gis/reference/Paraphrased/ISO27002-2022-EN/ISO_27002_2022_5.23_PE%20Information%20security%20for%20use%20of%20cloud%20services.md)
ISO 27002:2013: n/a
[[ISO_27002_2022_NL_5.23_BT Informatiebeveiliging voor het gebruik van clouddiensten \|Brontekst]]
[Brontekst](../ISO-27002-OST/ISO27002-NL-2022/ISO_27002_2022_NL_5.23_BT%20Informatiebeveiliging%20voor%20het%20gebruik%20van%20clouddiensten.md)

4
Corpus/Standards/MoCs/ISO_27002_2022_5.24_MoC Information security incident management planning and preparation.md
View file

@ -1,5 +1,5 @@
# About Control 5.24: Information security incident management planning and preparation
[[ISO_27002_2022_5.24_OT Information security incident management planning and preparation \|Original Text]]
[[ISO_27002_2022_5.24_PE Information security incident management planning and preparation \|Plain English]]
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/ISO_27002_2022_5.24_OT%20Information%20security%20incident%20management%20planning%20and%20preparation.md)
[Plain English](../../../../iso27DIY-gis/reference/Paraphrased/ISO27002-2022-EN/ISO_27002_2022_5.24_PE%20Information%20security%20incident%20management%20planning%20and%20preparation.md)
ISO 27002:2013: 16.1.1

2
Corpus/Standards/MoCs/ISO_27002_2022_5.25_MoC Assessment and decision on information security events.md
View file

@ -1,5 +1,5 @@
# About Control 5.25: Assessment and decision on information security events
[[ISO_27002_2022_5.25_OT Assessment and decision on information security events |Original Text]]
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/ISO_27002_2022_5.25_OT%20Assessment%20and%20decision%20on%20information%20security%20events.md)
[[ISO_27002_2022_5.25_PE Assessment and decision on information security events \|Plain English]]
ISO 27002:2013: 16.1.4

2
Corpus/Standards/MoCs/ISO_27002_2022_5.26_MoC Response to information security incidents.md
View file

@ -1,5 +1,5 @@
# About Control 5.26: Response to information security incidents
[[ISO_27002_2022_5.26_OT Response to information security incidents \|Original Text]]
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/ISO_27002_2022_5.26_OT%20Response%20to%20information%20security%20incidents.md)
[[ISO_27002_2022_5.26_PE Response to information security incidents \|Plain English]]
ISO 27002:2013: 16.1.5

4
Corpus/Standards/MoCs/ISO_27002_2022_5.27_MoC Learning from information security incidents.md
View file

@ -1,5 +1,5 @@
# About Control 5.27: Learning from information security incidents
[[ISO_27002_2022_5.27_OT Learning from information security incidents \|Original Text]]
[[ISO_27002_2022_5.27_PE Learning from information security incidents \|Plain English]]
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/ISO_27002_2022_5.27_OT%20Learning%20from%20information%20security%20incidents.md)
[Plain English](../../../../iso27DIY-gis/reference/Paraphrased/ISO27002-2022-EN/ISO_27002_2022_5.27_PE%20Learning%20from%20information%20security%20incidents.md)
ISO 27002:2013: 16.1.6

2
Corpus/Standards/MoCs/ISO_27002_2022_5.28_MoC Collection of evidence.md
View file

@ -1,6 +1,6 @@
# About Control 5.28: Collection of evidence
[[ISO_27002_2022_5.28_OT Collection of evidence \|Original Text]]
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/ISO_27002_2022_5.28_OT%20Collection%20of%20evidence.md)
[[ISO_27002_2022_5.28_PE Collection of evidence \|Plain English]]
ISO 27002:2013: 16.1.7

4
Corpus/Standards/MoCs/ISO_27002_2022_5.29_MoC Information security during disruption.md
View file

@ -1,8 +1,8 @@
# About Control 5.29: Information security during disruption
[[ISO_27002_2022_5.29_OT Information security during disruption \|Original Text]]
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/ISO_27002_2022_5.29_OT%20Information%20security%20during%20disruption.md)
[[ISO_27002_2022_5.29_PE Information security during disruption \|Plain English]]
ISO 27002:2013: 17.1.1, 17.1.2, 17.1.3
[[Business Impact Analysis (BIA)]]
[Business Impact Analysis (BIA)](../../../../🎇%20Sparks/Business%20Impact%20Analysis%20(BIA).md)

6
Corpus/Standards/MoCs/ISO_27002_2022_5.2_MoC Information security roles and responsibilities.md
View file

@ -1,5 +1,5 @@
[[ISO_27002_2022_5.2_OT Information security roles and responsibilities \|Original Text]]
[[ISO_27002_2022_5.2_PE Information security roles and responsibilities \|Plain English]]
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/ISO_27002_2022_5.2_OT%20Information%20security%20roles%20and%20responsibilities.md)
[Plain English](../../../../iso27DIY-gis/reference/Paraphrased/ISO27002-2022-EN/ISO_27002_2022_5.2_PE%20Information%20security%20roles%20and%20responsibilities.md)
ISO 27002:2013: 06.1.1
[[ISO_27002_2022_NL_5.2_BT Rollen en verantwoordelijkheden bij informatiebeveiliging \|Brontekst]]
[Brontekst](../ISO-27002-OST/ISO27002-NL-2022/ISO_27002_2022_NL_5.2_BT%20Rollen%20en%20verantwoordelijkheden%20bij%20informatiebeveiliging.md)

12
Corpus/Standards/MoCs/ISO_27002_2022_5.30_MoC ICT readiness for business continuity.md
View file

@ -1,12 +1,12 @@
[[ISO_27002_2022_5.30_OT ICT readiness for business continuity \|Original Text]]
[[ISO_27002_2022_5.30_PE ICT readiness for business continuity \|Plain English]]
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/ISO_27002_2022_5.30_OT%20ICT%20readiness%20for%20business%20continuity.md)
[Plain English](../../../../iso27DIY-gis/reference/Paraphrased/ISO27002-2022-EN/ISO_27002_2022_5.30_PE%20ICT%20readiness%20for%20business%20continuity.md)
ISO 27002:2013: n/a
[[ISO_27002_2022_NL_5.30_BT ICT-gereedheid voor bedrijfscontinuïteit \|Brontekst]]
[Brontekst](../ISO-27002-OST/ISO27002-NL-2022/ISO_27002_2022_NL_5.30_BT%20ICT-gereedheid%20voor%20bedrijfscontinuïteit.md)
See also:
- [[BCP_Bedrijfscontinuïteitsplanning]]
- [[Business Impact Analysis (BIA)]]
- [[Disaster Recovery Planning]]
- [BCP_Bedrijfscontinuïteitsplanning](../../../../📚️%20Literature%20notes/BCP_Bedrijfscontinuïteitsplanning.md)
- [Business Impact Analysis (BIA)](../../../../🎇%20Sparks/Business%20Impact%20Analysis%20(BIA).md)
- [Disaster Recovery Planning](../../../../🎇%20Sparks/Disaster%20Recovery%20Planning.md)

2
Corpus/Standards/MoCs/ISO_27002_2022_5.31_MoC Legal, statutory, regulatory and contractual requirements.md
View file

@ -1,3 +1,3 @@
[[ISO_27002_2022_5.31_OT Legal, statutory, regulatory and contractual requirements \|Original Text]]
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/ISO_27002_2022_5.31_OT%20Legal,%20statutory,%20regulatory%20and%20contractual%20requirements.md)
[[ISO_27002_2022_5.31_PE Legal, statutory, regulatory and contractual requirements \|Plain English]]
ISO 27002:2013: 18.1.1, 18.1.5

4
Corpus/Standards/MoCs/ISO_27002_2022_5.32_MoC Intellectual property rights.md
View file

@ -1,3 +1,3 @@
[[ISO_27002_2022_5.32_OT Intellectual property rights \|Original Text]]
[[ISO_27002_2022_5.32_PE Intellectual property rights \|Plain English]]
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/ISO_27002_2022_5.32_OT%20Intellectual%20property%20rights.md)
[Plain English](../../../../iso27DIY-gis/reference/Paraphrased/ISO27002-2022-EN/ISO_27002_2022_5.32_PE%20Intellectual%20property%20rights.md)
ISO 27002:2013: 18.1.2

2
Corpus/Standards/MoCs/ISO_27002_2022_5.33_MoC Protection of records.md
View file

@ -4,6 +4,6 @@ This Control is about the **control, purpose, and guidance for managing and prot
I would say: record keeping procedures, in line with legal and other requirements.
[[ISO_27002_2022_5.33_OT Protection of records \|Original Text]]
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/ISO_27002_2022_5.33_OT%20Protection%20of%20records.md)
[[ISO_27002_2022_5.33_PE Protection of records \|Plain English]]
ISO 27002:2013: 18.1.3

2
Corpus/Standards/MoCs/ISO_27002_2022_5.34_MoC Privacy and protection of PII.md
View file

@ -1,4 +1,4 @@
[[ISO_27002_2022_5.34_OT Privacy and protection of PII \|Original Text]]
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/ISO_27002_2022_5.34_OT%20Privacy%20and%20protection%20of%20PII.md)
[[ISO_27002_2022_5.34_PE Privacy and protection of PII \|Plain English]]
ISO 27002:2013: 18.1.4

2
Corpus/Standards/MoCs/ISO_27002_2022_5.35_MoC Independent review of information security.md
View file

@ -1,6 +1,6 @@
# About Control 5.35: Independent review of information security
[[ISO_27002_2022_5.35_OT Independent review of information security \|Original Text]]
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/ISO_27002_2022_5.35_OT%20Independent%20review%20of%20information%20security.md)
[[ISO_27002_2022_5.35_PE Independent review of information security \|Plain English]]
ISO 27002:2013: 18.2.1

2
Corpus/Standards/MoCs/ISO_27002_2022_5.36_MoC Compliance with policies, rules and standards for information security.md
View file

@ -1,5 +1,5 @@
# About Control 5.36: Compliance with policies, rules and standards for information security
[[ISO_27002_2022_5.36_OT Compliance with policies, rules and standards for information security \|Original Text]]
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/ISO_27002_2022_5.36_OT%20Compliance%20with%20policies,%20rules%20and%20standards%20for%20information%20security.md)
[[ISO_27002_2022_5.36_PE Compliance with policies, rules and standards for information security \|Plain English]]
ISO 27002:2013: 18.2.2, 18.2.3

2
Corpus/Standards/MoCs/ISO_27002_2022_5.37_MoC Documented operating procedures.md
View file

@ -1,4 +1,4 @@
[[ISO_27002_2022_5.37_OT Documented operating procedures \|Original Text]]
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/ISO_27002_2022_5.37_OT%20Documented%20operating%20procedures.md)
 
[[ISO_27002_2022_5.37_PE Documented operating procedures \|Plain English]]
ISO 27002:2013: 12.1.1

6
Corpus/Standards/MoCs/ISO_27002_2022_5.3_MoC Segregation of duties.md
View file

@ -1,7 +1,7 @@
# About Control 5.3: Segregation of duties
[[ISO_27002_2022_5.3_OT Segregation of duties \|Original Text]]
[[ISO_27002_2022_5.3_PE Segregation of duties \|Plain English]]
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/ISO_27002_2022_5.3_OT%20Segregation%20of%20duties.md)
[Plain English](../../../../iso27DIY-gis/reference/Paraphrased/ISO27002-2022-EN/ISO_27002_2022_5.3_PE%20Segregation%20of%20duties.md)
ISO 27002:2013: 06.1.2
[[ISO_27002_2022_NL_5.3_BT Functiescheiding \|Brontekst]]
[Brontekst](../ISO-27002-OST/ISO27002-NL-2022/ISO_27002_2022_NL_5.3_BT%20Functiescheiding.md)

4
Corpus/Standards/MoCs/ISO_27002_2022_5.4_MoC Management responsibilities.md
View file

@ -1,7 +1,7 @@
# About Control 5.4: Management responsibilities
[[ISO_27002_2022_5.4_OT Management responsibilities \|Original Text]]
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/ISO_27002_2022_5.4_OT%20Management%20responsibilities.md)
[[ISO_27002_2022_5.4_PE Management responsibilities \|Plain English]]
ISO 27002:2013: 07.2.1
[[ISO_27002_2022_NL_5.4_BT Managementverantwoordelijkheden \|Brontekst]]
[Brontekst](../ISO-27002-OST/ISO27002-NL-2022/ISO_27002_2022_NL_5.4_BT%20Managementverantwoordelijkheden.md)

4
Corpus/Standards/MoCs/ISO_27002_2022_5.5_MoC Contact with authorities.md
View file

@ -1,7 +1,7 @@
# About Control 5.5: Contact with authorities
[[ISO_27002_2022_5.5_OT Contact with authorities \|Original Text]]
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/ISO_27002_2022_5.5_OT%20Contact%20with%20authorities.md)
[[ISO_27002_2022_5.5_PE Contact with authorities \|Plain English]]
ISO 27002:2013: 06.1.3
[[ISO_27002_2022_NL_5.5_BT Contact met overheidsinstanties \|Brontekst]]
[Brontekst](../ISO-27002-OST/ISO27002-NL-2022/ISO_27002_2022_NL_5.5_BT%20Contact%20met%20overheidsinstanties.md)

4
Corpus/Standards/MoCs/ISO_27002_2022_5.6_MoC Contact with special interest groups.md
View file

@ -1,7 +1,7 @@
# About Control 5.6: Contact with special interest groups
[[ISO_27002_2022_5.6_OT Contact with special interest groups \|Original Text]]
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/ISO_27002_2022_5.6_OT%20Contact%20with%20special%20interest%20groups.md)
[[ISO_27002_2022_5.6_PE Contact with special interest groups \|Plain English]]
ISO 27002:2013: 6.1.4
[[ISO_27002_2022_NL_5.6_BT Contact met speciale belangengroepen \|Brontekst]]
[Brontekst](../ISO-27002-OST/ISO27002-NL-2022/ISO_27002_2022_NL_5.6_BT%20Contact%20met%20speciale%20belangengroepen.md)

6
Corpus/Standards/MoCs/ISO_27002_2022_5.7_MoC Threat intelligence.md
View file

@ -1,8 +1,8 @@
# About control 5.7: Threat intelligence
[[ISO_27002_2022_5.7_OT Threat intelligence \|Original Text]]
[[ISO_27002_2022_5.7_PE Threat intelligence \|Plain English]]
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/ISO_27002_2022_5.7_OT%20Threat%20intelligence.md)
[Plain English](../../../../iso27DIY-gis/reference/Paraphrased/ISO27002-2022-EN/ISO_27002_2022_5.7_PE%20Threat%20intelligence.md)
ISO 27002:2013: n/a
[[ISO_27002_2022_NL_5.7_BT Informatie en analyses over dreigingen \|NL Brontekst]]
[NL Brontekst](../ISO-27002-OST/ISO27002-NL-2022/ISO_27002_2022_NL_5.7_BT%20Informatie%20en%20analyses%20over%20dreigingen.md)

6
Corpus/Standards/MoCs/ISO_27002_2022_5.8_MoC Information security in project management.md
View file

@ -1,5 +1,5 @@
[[ISO_27002_2022_5.8_OT Information security in project management \|Original Text]]
[[ISO_27002_2022_5.8_PE Information security in project management \|Plain English]]
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/ISO_27002_2022_5.8_OT%20Information%20security%20in%20project%20management.md)
[Plain English](../../../../iso27DIY-gis/reference/Paraphrased/ISO27002-2022-EN/ISO_27002_2022_5.8_PE%20Information%20security%20in%20project%20management.md)
ISO 27002:2013: 06.1.5, 14.1.1
[[ISO_27002_2022_NL_5.8_BT Informatiebeveiliging in projectmanagement \|Brontekst]]
[Brontekst](../ISO-27002-OST/ISO27002-NL-2022/ISO_27002_2022_NL_5.8_BT%20Informatiebeveiliging%20in%20projectmanagement.md)

8
Corpus/Standards/MoCs/ISO_27002_2022_5.9_MoC Inventory of information and other associated assets.md
View file

@ -1,10 +1,10 @@
# Control 5.9 Inventory of information and other associated assets
[[ISO_27002_2022_5.9_OT Inventory of information and other associated assets \|Original Text]]
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/ISO_27002_2022_5.9_OT%20Inventory%20of%20information%20and%20other%20associated%20assets.md)
[[ISO_27002_2022_5.9_PE Inventory of information and other associated assets \|Plain English]]
ISO 27002:2013: 08.1.1, 08.1.2
[[ISO_27002_2022_NL_5.9_BT Inventarisatie van informatie en andere gerelateerde bedrijfsmiddelen \|Brontekst]]
[Brontekst](../ISO-27002-OST/ISO27002-NL-2022/ISO_27002_2022_NL_5.9_BT%20Inventarisatie%20van%20informatie%20en%20andere%20gerelateerde%20bedrijfsmiddelen.md)
The inventory serves as input for the [[Business Impact Analysis (BIA)]]
[[ISO_27001_2022_00_MoC Index EXT]]
The inventory serves as input for the [Business Impact Analysis (BIA)](../../../../🎇%20Sparks/Business%20Impact%20Analysis%20(BIA).md)
[ISO_27001_2022_00_MoC Index EXT](ISO_27001_2022_00_MoC%20Index%20EXT.md)

2
Corpus/Standards/MoCs/ISO_27002_2022_6.1_MoC Screening.md
View file

@ -1,4 +1,4 @@
[[ISO_27002_2022_6.1_OT Screening \|Original Text]]
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/ISO_27002_2022_6.1_OT%20Screening.md)
 
[[ISO_27002_2022_6.1_PE Screening \|Plain English]]
ISO 27002:2013: 07.1.1

2
Corpus/Standards/MoCs/ISO_27002_2022_6.2_MoC Terms and conditions of employment.md
View file

@ -1,4 +1,4 @@
[[ISO_27002_2022_6.2_OT Terms and conditions of employment \|Original Text]]
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/ISO_27002_2022_6.2_OT%20Terms%20and%20conditions%20of%20employment.md)
 
[[ISO_27002_2022_6.2_PE Terms and conditions of employment \|Plain English]]
ISO 27002:2013: 07.1.2

2
Corpus/Standards/MoCs/ISO_27002_2022_6.3_MoC Information security awareness, education and training.md
View file

@ -1,4 +1,4 @@
[[ISO_27002_2022_6.3_OT Information security awareness, education and training \|Original Text]]
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/ISO_27002_2022_6.3_OT%20Information%20security%20awareness,%20education%20and%20training.md)
 
[[ISO_27002_2022_6.3_PE Information security awareness, education and training \|Plain English]]
ISO 27002:2013: 07.2.2

2
Corpus/Standards/MoCs/ISO_27002_2022_6.4_MoC Disciplinary process.md
View file

@ -1,3 +1,3 @@
[[ISO_27002_2022_6.4_OT Disciplinary process \|Original Text]]
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/ISO_27002_2022_6.4_OT%20Disciplinary%20process.md)
[[ISO_27002_2022_6.4_PE Disciplinary process \|Plain English]]
ISO 27002:2013: 07.2.3

2
Corpus/Standards/MoCs/ISO_27002_2022_6.5_MoC Responsibilities after termination or change of employment.md
View file

@ -1,3 +1,3 @@
[[ISO_27002_2022_6.5_OT Responsibilities after termination or change of employment \|Original Text]]
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/ISO_27002_2022_6.5_OT%20Responsibilities%20after%20termination%20or%20change%20of%20employment.md)
[[ISO_27002_2022_6.5_PE Responsibilities after termination or change of employment \|Plain English]]
ISO 27002:2013: 07.3.1

2
Corpus/Standards/MoCs/ISO_27002_2022_6.6_MoC Confidentiality or non-disclosure agreements.md
View file

@ -1,3 +1,3 @@
[[ISO_27002_2022_6.6_OT Confidentiality or non-disclosure agreements \|Original Text]]
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/ISO_27002_2022_6.6_OT%20Confidentiality%20or%20non-disclosure%20agreements.md)
[[ISO_27002_2022_6.6_PE Confidentiality or non-disclosure agreements \|Plain English]]
ISO 27002:2013: 13.2.4

2
Corpus/Standards/MoCs/ISO_27002_2022_6.7_MoC Remote working.md
View file

@ -1,3 +1,3 @@
[[ISO_27002_2022_6.7_OT Remote working \|Original Text]]
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/ISO_27002_2022_6.7_OT%20Remote%20working.md)
[[ISO_27002_2022_6.7_PE Remote working \|Plain English]]
ISO 27002:2013: 06.2.2

2
Corpus/Standards/MoCs/ISO_27002_2022_6.8_MoC Information security event reporting.md
View file

@ -1,4 +1,4 @@
[[ISO_27002_2022_6.8_OT Information security event reporting \|Original Text]]
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/ISO_27002_2022_6.8_OT%20Information%20security%20event%20reporting.md)
 
[[ISO_27002_2022_6.8_PE Information security event reporting \|Plain English]]
ISO 27002:2013: 16.1.2, 16.1.3

2
Corpus/Standards/MoCs/ISO_27002_2022_7.10_MoC Storage media.md
View file

@ -1,3 +1,3 @@
[[ISO_27002_2022_7.10_OT Storage media \|Original Text]]
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/ISO_27002_2022_7.10_OT%20Storage%20media.md)
[[ISO_27002_2022_7.10_PE Storage media \|Plain English]]
ISO 27002:2013: 08.3.1, 08.3.2, 08.3.3, 11.2.5

2
Corpus/Standards/MoCs/ISO_27002_2022_7.11_MoC Supporting utilities.md
View file

@ -2,6 +2,6 @@
Protecting information processing facilities from power failures and other utilities disruptions.
[[ISO_27002_2022_7.11_OT Supporting utilities \|Original Text]]
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/ISO_27002_2022_7.11_OT%20Supporting%20utilities.md)
[[ISO_27002_2022_7.11_PE Supporting utilities \|Plain English]]
ISO 27002:2013: 11.2.2

2
Corpus/Standards/MoCs/ISO_27002_2022_7.12_MoC Cabling security.md
View file

@ -1,3 +1,3 @@
[[ISO_27002_2022_7.12_OT Cabling security \|Original Text]]
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/ISO_27002_2022_7.12_OT%20Cabling%20security.md)
[[ISO_27002_2022_7.12_PE Cabling security \|Plain English]]
ISO 27002:2013: 11.2.3

2
Corpus/Standards/MoCs/ISO_27002_2022_7.13_MoC Equipment maintenance.md
View file

@ -1,3 +1,3 @@
[[ISO_27002_2022_7.13_OT Equipment maintenance \|Original Text]]
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/ISO_27002_2022_7.13_OT%20Equipment%20maintenance.md)
[[ISO_27002_2022_7.13_PE Equipment maintenance \|Plain English]]
ISO 27002:2013: 11.2.4

2
Corpus/Standards/MoCs/ISO_27002_2022_7.14_MoC Secure disposal or re-use of equipment.md
View file

@ -1,3 +1,3 @@
[[ISO_27002_2022_7.14_OT Secure disposal or re-use of equipment \|Original Text]]
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/ISO_27002_2022_7.14_OT%20Secure%20disposal%20or%20re-use%20of%20equipment.md)
[[ISO_27002_2022_7.14_PE Secure disposal or re-use of equipment \|Plain English]]
ISO 27002:2013: 11.2.7

4
Corpus/Standards/MoCs/ISO_27002_2022_7.1_MoC Physical security perimeters.md
View file

@ -1,7 +1,7 @@
# About control 7.1: Physical security perimeters
[[ISO_27002_2022_7.1_OT Physical security perimeters \|Original Text]]
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/ISO_27002_2022_7.1_OT%20Physical%20security%20perimeters.md)
[[ISO_27002_2022_7.1_PE Physical security perimeters \|Plain English]]
ISO 27002:2013: 11.1.1
[[Physical security in ISO 27001]]
[Physical security in ISO 27001](../../../../👩🏼‍⚖️%20Standards%20and%20Regulations/ISO%2027K/Physical%20security%20in%20ISO%2027001.md)

Some files were not shown because too many files have changed in this diff Show more