richardk/iso27diy-corp
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

removed emoji's in folders and links

Browse source
This commit is contained in:
Richard Kranendonk 2026-05-11 16:02:08 +02:00
parent 6992777c0e
commit 9b7b3a3a85
88 changed files with 1476 additions and 104 deletions
Download patch file Download diff file Expand all files Collapse all files

8
Corpus/Literature notes/Assets, Vulnerabilities, Threats, Risks.md
View file

@ -8,10 +8,10 @@ A risk occurs when there's a chance of an asset being compromised, through the e
Adapted from source: [Vigilant Software](https://www.vigilantsoftware.co.uk/blog/risk-terminology-understanding-assets-threats-and-vulnerabilities), retrieved December 8, 2021.
[Assets](../🎇%20Sparks/Assets.md)
[Vulnerability](../💡Drafts%20and%20Ideas/Vulnerability.md)
[Assets](../Sparks/Assets.md)
[Vulnerability](../Drafts%20and%20Ideas/Vulnerability.md)
[Threat](Threat.md)
[Risks](../🎇%20Sparks/Risks.md)
[Risks](../Sparks/Risks.md)

6
Corpus/Literature notes/BCP_Bedrijfscontinuïteitsplanning.md
View file

@ -14,7 +14,7 @@ Producten:
Bedrijfscontinuïteitsplanning is een continu proces, met als doel het implementeren en onderhouden van beleid, procedures en processen om de impact van verstoringen te beheersen. Met andere woorden: bedrijfscontinuïteitsplanning richt zich op de continuïteit van bedrijfsprocessen, zo nodig met andere middelen.
Belangrijke onderdelen van Bedrijfscontinuïteitsplanning zijn de Bedrijfsimpact Analyse ([BIA](../🎇%20Sparks/Business%20Impact%20Analysis%20(BIA).md)) en het Herstelplan ('Disaster Recovery Plan' / [DRP](../🎇%20Sparks/Disaster%20Recovery%20Planning.md)).
Belangrijke onderdelen van Bedrijfscontinuïteitsplanning zijn de Bedrijfsimpact Analyse ([BIA](../Sparks/Business%20Impact%20Analysis%20(BIA).md)) en het Herstelplan ('Disaster Recovery Plan' / [DRP](..//Disaster%20Recovery%20Planning.md)).
De BIA richt zich op het identificeren van de impact van verstoringen op de bedrijfsprocessen, en het Herstelplan richt zich op het herstel van de normale bedrijfsprocessen na een verstoring en de eventuele inzet van alternatieve middelen of werkwijzen .
Zie ook: [Het belang van een Bedrijfscontinuïteitsplan](../Sparks/Belang%20van%20een%20BCP.md) / [The importance of having a business continuity plan](../Sparks/Importance%20of%20a%20BCP.md).
@ -34,7 +34,7 @@ Het proces (Beleid) volgens welke dit hele plan tot stand komt en beoordeeld/her
## Analyse
Zie: [Business Impact Analysis (BIA)](../🎇%20Sparks/Business%20Impact%20Analysis%20(BIA).md)
Zie: [Business Impact Analysis (BIA)](../Sparks/Business%20Impact%20Analysis%20(BIA).md)
Stappen:
- Bepalen bedrijfskritische processen (prioriteiten bepalen) en informatie-assets
@ -141,7 +141,7 @@ Scenario's opstellen o.b.v. risicoanalyse
## Links
See also:
- [Disaster Recovery Planning](../🎇%20Sparks/Disaster%20Recovery%20Planning.md)
- [Disaster Recovery Planning](..//Disaster%20Recovery%20Planning.md)
- [Checklist for auditing Business Continuity and Disaster Recovery](Checklists%20Gerardus%20Blokdyk/Checklist%20for%20auditing%20Business%20Continuity%20and%20Disaster%20Recovery.md)
- [Ransomware Playbook](../Sparks/Ransomware%20Playbook.md)

2
Corpus/Literature notes/CASSM Consumer Authentication Strength Maturity Model.md
View file

@ -1,6 +1,6 @@
Related:
- [a-5.17-Authentication-information](../Standards/ISO27x/OST/27002/EN/a-5.17-Authentication-information.md)
- [Multi-factor authentication](../🎇%20Sparks/Multi-factor%20authentication.md)
- [Multi-factor authentication](..//Multi-factor%20authentication.md)
Daniel Miessler:
- [The Consumer Authentication Strength Maturity Model (CASMM) V6](https://danielmiessler.com/blog/casmm-consumer-authentication-security-maturity-model/)

4
Corpus/Literature notes/CISA RVWP.md
View file

@ -2,6 +2,6 @@ Ransomware Vulnerability Warning Pilot (RVWP) | CISA
https://www.cisa.gov/stopransomware/Ransomware-Vulnerability-Warning-Pilot
Related:
[Assets, Vulnerabilities, Threats, Risks](../🎇%20Sparks/Assets,%20Vulnerabilities,%20Threats,%20Risks.md)
[Vulnerability](../💡Drafts%20and%20Ideas/Vulnerability.md)
[Assets, Vulnerabilities, Threats, Risks](..//Assets,%20Vulnerabilities,%20Threats,%20Risks.md)
[Vulnerability](../Drafts%20and%20Ideas/Vulnerability.md)

2
Corpus/Literature notes/Checklists Gerardus Blokdyk/Checklist for auditing Access Management.md
View file

@ -9,7 +9,7 @@ Relevant ISO 27001 clauses/controls:
- [ISO 27001 A 18 Compliance](../../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%2018%20Compliance.md)
Related:
- [Identity and Access Management (IAM)](../../💡Drafts%20and%20Ideas/Identity%20and%20Access%20Management%20(IAM).md)
- [Identity and Access Management (IAM)](../../Drafts%20and%20Ideas/Identity%20and%20Access%20Management%20(IAM).md)
## Organized by Key Themes: Identity, Access, Cloud, Security, Management, Data, Network, Risk, Development, Project:

2
Corpus/Literature notes/Checklists Gerardus Blokdyk/Checklist for auditing Cloud Security – organized by themes.md
View file

@ -11,7 +11,7 @@ All of them just to link this note somewhere:
- [ISO 27001 A 18 Compliance](../../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%2018%20Compliance.md)
Related:
- [Vendor security MoC](../../🎇%20Sparks/Vendor%20security%20MoC.md)
- [Vendor security MoC](../..//Vendor%20security%20MoC.md)
- [ISO 27k family](../../../../iso27DIY-gis/reference/examples/ISO%2027k%20family.md): ISO 27017, ISO 27018
## Organized By Key Themes: Security, Management, Risk, Cloud, Data, Software, Development, Technology, Network and Project:

2
Corpus/Literature notes/Checklists Gerardus Blokdyk/Checklist for auditing Cyber Threat Intelligence.md
View file

@ -14,7 +14,7 @@ Relevant ISO 27002:2022 clauses/controls:
- [a-5.7-Threat-intelligence](../../Standards/ISO27x/OST/27002/EN/a-5.7-Threat-intelligence.md)
Related:
- [Threat Intelligence](../../🎇%20Sparks/Threat%20Intelligence.md)
- [Threat Intelligence](../..//Threat%20Intelligence.md)
## Cyber Threat Intelligence: Ask This;

2
Corpus/Literature notes/Checklists Gerardus Blokdyk/Checklist for auditing DevOps IoT.md
View file

@ -9,7 +9,7 @@ Relevant ISO 27001 clauses/controls:
- [ISO 27001 A.14.2 Security in development and support processes](../../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A.14.2%20Security%20in%20development%20and%20support%20processes.md)
Related:
- [Operational Technology](../../💡Drafts%20and%20Ideas/Operational%20Technology.md)
- [Operational Technology](../../Drafts%20and%20Ideas/Operational%20Technology.md)
- [DevSecOps and ISO 27k](../../Sparks/DevSecOps%20and%20ISO%2027k.md)
## DevOps IoT: Ask This;

2
Corpus/Literature notes/Checklists Gerardus Blokdyk/Checklist for auditing Security Operations.md
View file

@ -124,7 +124,7 @@ Administer and maintain security systems in the cybersecurity security operation
How do you identify which assets are being compromised and what type of data is involved?
Warrant that your organization is involved in network security environment (Security Operations Center, Security Incident Response Team, or Cyber Security Incident Response) investigating targeted intrusions through complex network segments or Be certain that your company is involved in [Operational Technology](../../💡Drafts%20and%20Ideas/Operational%20Technology.md) engineering and security concepts. 
Warrant that your organization is involved in network security environment (Security Operations Center, Security Incident Response Team, or Cyber Security Incident Response) investigating targeted intrusions through complex network segments or Be certain that your company is involved in [Operational Technology](../../Drafts%20and%20Ideas/Operational%20Technology.md) engineering and security concepts. 
Have external information aggregators been evaluated for value in API security operations?

2
Corpus/Literature notes/Checklists Gerardus Blokdyk/Checklist for auditing Threat Intelligence.md
View file

@ -398,7 +398,7 @@ Serve on a team of Cyber threat analysts responsible for the 24x7 analyses and r
Do you actively share [Operational Technology](../../💡Drafts%20and%20Ideas/Operational%20Technology.md) threat related intelligence with your peers?
Do you actively share [Operational Technology](../../Drafts%20and%20Ideas/Operational%20Technology.md) threat related intelligence with your peers?
Maintain and drive the development of new reports of Cyber Threat Intelligence analysis to peers, management and (internal) customer teams for purposes of situational awareness and making threat intelligence actionable. 

2
Corpus/Literature notes/Checklists Gerardus Blokdyk/Checklist for auditing Threat Management.md
View file

@ -7,7 +7,7 @@ Relevant ISO 27001 clauses/controls:
- [ISO 27001 A.18.2 Information security reviews](../../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A.18.2%20Information%20security%20reviews.md)
Related:
- [Assets, Vulnerabilities, Threats, Risks](../../🎇%20Sparks/Assets,%20Vulnerabilities,%20Threats,%20Risks.md)
- [Assets, Vulnerabilities, Threats, Risks](../..//Assets,%20Vulnerabilities,%20Threats,%20Risks.md)
Author: [Gerardus Blokdyk](https://www.linkedin.com/in/gerardblokdijk/)
Retrieved from [LinkedIn](https://www.linkedin.com/pulse/address-threat-management-challenges-ensuring-all-tied-blokdyk) on January 9, 2022

2
Corpus/Literature notes/Checklists Gerardus Blokdyk/Checklist for auditing Threat Modeling.md
View file

@ -12,7 +12,7 @@ Relevant ISO 27002:2022 clauses/controls:
- [a-5.7-Threat-intelligence](../../Standards/ISO27x/OST/27002/EN/a-5.7-Threat-intelligence.md)
Related:
- [Threat Intelligence](../../🎇%20Sparks/Threat%20Intelligence.md)
- [Threat Intelligence](../..//Threat%20Intelligence.md)
## Threat Modeling: Ask This;

2
Corpus/Literature notes/Checklists Gerardus Blokdyk/Checklist for auditing Vendor Management.md
View file

@ -10,7 +10,7 @@ Relevant ISO 27001 clauses/controls:
- [ISO 27001 A 18 Compliance](../../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%2018%20Compliance.md)
Related:
- [Vendor security MoC](../../🎇%20Sparks/Vendor%20security%20MoC.md)
- [Vendor security MoC](../..//Vendor%20security%20MoC.md)
## Vendor Management: Ask This;

2
Corpus/Literature notes/Def_Sec_Handbook_Chapter_10.md
View file

@ -1,6 +1,6 @@
# Chapter 10: Password Management and Multifactor Authentication
See also: [Identity and Access Management (IAM)](../💡Drafts%20and%20Ideas/Identity%20and%20Access%20Management%20(IAM).md), [Roles in Identity and Access Management (IAM)](Roles%20in%20Identity%20and%20Access%20Management%20(IAM).md)
See also: [Identity and Access Management (IAM)](../Drafts%20and%20Ideas/Identity%20and%20Access%20Management%20(IAM).md), [Roles in Identity and Access Management (IAM)](Roles%20in%20Identity%20and%20Access%20Management%20(IAM).md)
## Password practices
Password complexity and brute force cracking:

2
Corpus/Literature notes/Draft Vendor and Product checklist.md
View file

@ -1,4 +1,4 @@
Related: [Vendor security MoC](../🎇%20Sparks/Vendor%20security%20MoC.md)
Related: [Vendor security MoC](..//Vendor%20security%20MoC.md)
ESCROW
BOM

4
Corpus/Literature notes/Factor Analysis of Information Risk (FAIR).md
View file

@ -5,5 +5,5 @@ FAIR principles can be applied "to clarify organizational risk appetite and tole
[Source](https://www.fairinstitute.org/blog/cyber-risk-management-establishing-a-blueprint-with-fair)
Related:
- [Risk appetite](../💡Drafts%20and%20Ideas/Risk%20appetite.md)
- [Risk tolerance](../🎇%20Sparks/Risk%20tolerance.md)
- [Risk appetite](../Drafts%20and%20Ideas/Risk%20appetite.md)
- [Risk tolerance](..//Risk%20tolerance.md)

2
Corpus/Literature notes/Implementing Segregation of Duties ISACA.md
View file

@ -5,7 +5,7 @@ Article in ISACA Journal
Retrieved: July 13, 2022
See also:
- [Roles and Responsibilities](../🎇%20Sparks/Roles%20and%20Responsibilities.md)
- [Roles and Responsibilities](../Sparks/Roles%20and%20Responsibilities.md)
- [a-5.3-Segregation-of-duties](../Standards/ISO27x/OST/27002/EN/a-5.3-Segregation-of-duties.md)
- [ISO_27002_2022_5.3_PE Segregation of duties](../../../iso27DIY-gis/reference/Paraphrased/ISO27002-2022-EN/ISO_27002_2022_5.3_PE%20Segregation%20of%20duties.md)

4
Corpus/Literature notes/Managing Risks - A New Framework.md
View file

@ -1,7 +1,9 @@
---
Related:
- "[Risk management](../🎇%20Sparks/Risk%20management.md)"
- "[Risk management](../Sparks/Risk%20management.md)"
---
# Managing Risks: A New Framework
by Robert S. Kaplan and Anette Mikes, June 2012
[Source](https://hbr.org/2012/06/managing-risks-a-new-framework)

4
Corpus/Literature notes/Roles in Information security management.md
View file

@ -9,9 +9,9 @@ For examples of defined roles, see:
- [OrgFit Architectuurprincipes Humankind](../../Clients/Humankind/OrgFit%20Architectuurprincipes%20Humankind.md)
Related:
- [Asset ownership](../🎇%20Sparks/Asset%20ownership.md)
- [Asset ownership](../Sparks/Asset%20ownership.md)
- [Control ownership](../Sparks/Control%20ownership.md)
- [Risk ownership](../🎇%20Sparks/Risk%20ownership.md)
- [Risk ownership](../Sparks/Risk%20ownership.md)
- [Segregation of Duties](Segregation%20of%20Duties.md)
- [Access Control Models](../Sparks/Access%20Control%20Models.md)

2
Corpus/Literature notes/Single Sign On (SSO).md
View file

@ -20,7 +20,7 @@ For both users and IT administrators, securely handling thousands of accounts an
## SSOs challenges
- **Extra-strong passwords must be enforced.** If an SSO account is cracked, others under the same authentication can also be endangered. -> combine with [Multi-factor authentication](../🎇%20Sparks/Multi-factor%20authentication.md)
- **Extra-strong passwords must be enforced.** If an SSO account is cracked, others under the same authentication can also be endangered. -> combine with [Multi-factor authentication](../Sparks/Multi-factor%20authentication.md)
- **When SSO is down, access to all connected sites is stopped.** This is a big reason to exercise great care in choosing an SSO system. It must be exceptionally reliable and plans should be in place for dealing with breakdowns.
- **Whats more, when your identity provider goes down, your SSO does too.** The providers vulnerability to any kind of interruption becomes your vulnerability as well, and it is probably beyond your control. Once again, the choice of vendors is critical.
- **If a hacker breaches your identity provider user account, all your linked systems could be open to attack.** This can be a classic single point of failure and should be headed off in the planning process. On the plus side, high-quality identity providers have top-notch security.

2
Corpus/Literature notes/Threat Catalogues.md
View file

@ -1,4 +1,4 @@
See also [Risk inventories](../🎇%20Sparks/Risk%20inventories.md)
See also [Risk inventories](../Sparks/Risk%20inventories.md)
https://cs4e.pages.labranet.jamk.fi/ooc/30-Cyber_Attack/01-Threats_and_Attacks/

4
Corpus/Literature notes/Threat.md
View file

@ -1,6 +1,6 @@
[Risks vs Threats vs Vulnerabilities](../🎇%20Sparks/Risks%20vs%20Threats%20vs%20Vulnerabilities.md)
[Risks vs Threats vs Vulnerabilities](../Sparks/Risks%20vs%20Threats%20vs%20Vulnerabilities.md)
[Threat Intelligence](../🎇%20Sparks/Threat%20Intelligence.md)
[Threat Intelligence](../Sparks/Threat%20Intelligence.md)
[Threat intelligence sources](../Sparks/Threat%20intelligence%20sources.md)
[Threat Modeling](Security%20Threat%20Modeling.md)
[Threat Catalogues](Threat%20Catalogues.md)

6
Corpus/Literature notes/Treating vendors as a risk.md
View file

@ -9,7 +9,7 @@ Miessler proposes treating vendors and vendor solutions as a risk and perform a
Assume a breach will happen and take preventive measures to reduce the impact, by improving the risk visibility, and look for ways to reduce the scope, penetration, and access that the vendor tool has to minimum levels.
Related:
- [Awareness](../🎇%20Sparks/Awareness.md)
- [Vendor security MoC](../🎇%20Sparks/Vendor%20security%20MoC.md)
- [Risk analysis](../🎇%20Sparks/Risk%20analysis.md)
- [Awareness](../Sparks/Awareness.md)
- [Vendor security MoC](../Sparks/Vendor%20security%20MoC.md)
- [Risk analysis](../Sparks/Risk%20analysis.md)