renamed 27001 EN versions
This commit is contained in:
parent
928b85a4db
commit
a26b03c1fa
170 changed files with 21 additions and 535 deletions
|
|
@ -1,113 +0,0 @@
|
|||
#iso27002/2022/EN
|
||||
# ISO 27002:2022 EN Index
|
||||
|
||||
| 2022 ID | Control title | 2013 |
|
||||
| ------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------ |
|
||||
| **F** | **[[ISO_27002_OT_F Foreword \|Foreword]]** | |
|
||||
| **0** | **[[ISO_27002_OT_0 Introduction \|Introduction]]** | |
|
||||
| **1** | **[[ISO_27002_OT_1 Scope \|Scope]]** | |
|
||||
| **2** | **[[ISO_27002_OT_2 Normative references\|Normative references]]** | |
|
||||
| **3** | **Terms, definitions and abbreviated terms** | |
|
||||
| 3.1 | **[[ISO_27002_OT_3.1 Terms and definitions\|Terms and definitions]]** | |
|
||||
| 3.2 | **[[ISO_27002_OT_3.2 Abbreviated terms\|Abbreviated terms]]** | |
|
||||
| **4** | **Structure of this document** | |
|
||||
| 4.1 | [[ISO_27002_OT_4.1 Clauses \| Clauses ]] | |
|
||||
| 4.2 | [[ISO_27002_OT_4.2 Themes and attributes \| Themes and attributes ]] | |
|
||||
| 4.3 | [[ISO_27002_OT_4.3 Control layout \| Control layout ]] | |
|
||||
| **5** | **Organizational controls** | |
|
||||
| 5.1 | [Policies for information security ](../../../../🧱%20Projects/iso27DIY%20mk%20I/ISO_27002_2022_5.1_MoC%20Policies%20for%20information%20security.md) | 05.1.1, 05.1.2 |
|
||||
| 5.2 | [Information security roles and responsibilities ](ISO_27002_2022_5.2_MoC%20Information%20security%20roles%20and%20responsibilities.md) | 06.1.1 |
|
||||
| 5.3 | [Segregation of duties ](ISO_27002_2022_5.3_MoC%20Segregation%20of%20duties.md) | 06.1.2 |
|
||||
| 5.4 | [Management responsibilities ](ISO_27002_2022_5.4_MoC%20Management%20responsibilities.md) | 07.2.1 |
|
||||
| 5.5 | [Contact with authorities ](ISO_27002_2022_5.5_MoC%20Contact%20with%20authorities.md) | 06.1.3 |
|
||||
| 5.6 | [Contact with special interest groups ](ISO_27002_2022_5.6_MoC%20Contact%20with%20special%20interest%20groups.md) | 06.1.4 |
|
||||
| 5.7 | [Threat intelligence ](ISO_27002_2022_5.7_MoC%20Threat%20intelligence.md) | New |
|
||||
| 5.8 | [Information security in project management ](ISO_27002_2022_5.8_MoC%20Information%20security%20in%20project%20management.md) | 06.1.5, 14.1.1 |
|
||||
| 5.9 | [Inventory of information and other associated assets ](../../../../ISO_27002_2022_5.9_MoC%20Inventory%20of%20information%20and%20other%20associated%20assets.md) | 08.1.1, 08.1.2 |
|
||||
| 5.10 | [Acceptable use of information and other associated assets ](ISO_27002_2022_5.10_MoC%20Acceptable%20use%20of%20information%20and%20other%20associated%20assets.md) | 08.1.3, 08.2.3 |
|
||||
| 5.11 | [Return of assets ](ISO_27002_2022_5.11_MoC%20Return%20of%20assets.md) | 08.1.4 |
|
||||
| 5.12 | [Classification of information ](ISO_27002_2022_5.12_MoC%20Classification%20of%20information.md) | 08.2.1 |
|
||||
| 5.13 | [Labelling of information ](ISO_27002_2022_5.13_MoC%20Labelling%20of%20information.md) | 08.2.2 |
|
||||
| 5.14 | [Information transfer ](ISO_27002_2022_5.14_MoC%20Information%20transfer.md) | 13.2.1, 13.2.2, 13.2.3 |
|
||||
| 5.15 | [Access control ](ISO_27002_2022_5.15_MoC%20Access%20control.md) | 09.1.1, 09.1.2 |
|
||||
| 5.16 | [Identity management ](ISO_27002_2022_5.16_MoC%20Identity%20management.md) | 09.2.1 |
|
||||
| 5.17 | [Authentication information ](ISO_27002_2022_5.17_MoC%20Authentication%20information.md) | 09.2.4, 09.3.1, 09.4.3 |
|
||||
| 5.18 | [Access rights ](ISO_27002_2022_5.18_MoC%20Access%20rights.md) | 09.2.2, 09.2.5, 09.2.6 |
|
||||
| 5.19 | [Information security in supplier relationships ](ISO_27002_2022_5.19_MoC%20Information%20security%20in%20supplier%20relationships.md) | 15.1.1 |
|
||||
| 5.20 | [Addressing information security within supplier agreements ](ISO_27002_2022_5.20_MoC%20Addressing%20information%20security%20within%20supplier%20agreements.md) | 15.1.2 |
|
||||
| 5.21 | [Managing information security in the ICT supply chain ](ISO_27002_2022_5.21_MoC%20Managing%20information%20security%20in%20the%20ICT%20supply%20chain.md) | 15.1.3 |
|
||||
| 5.22 | [Monitoring, review and change management of supplier services ](ISO_27002_2022_5.22_MoC%20Monitoring,%20review%20and%20change%20management%20of%20supplier%20services.md) | 15.2.1, 15.2.2 |
|
||||
| 5.23 | [Information security for use of cloud services ](ISO_27002_2022_5.23_MoC%20Information%20security%20for%20use%20of%20cloud%20services.md) | New |
|
||||
| 5.24 | [Information security incident management planning and preparation ](ISO_27002_2022_5.24_MoC%20Information%20security%20incident%20management%20planning%20and%20preparation.md) | 16.1.1 |
|
||||
| 5.25 | [Assessment and decision on information security events ](ISO_27002_2022_5.25_MoC%20Assessment%20and%20decision%20on%20information%20security%20events.md) | 16.1.4 |
|
||||
| 5.26 | [Response to information security incidents ](ISO_27002_2022_5.26_MoC%20Response%20to%20information%20security%20incidents.md) | 16.1.5 |
|
||||
| 5.27 | [Learning from information security incidents ](ISO_27002_2022_5.27_MoC%20Learning%20from%20information%20security%20incidents.md) | 16.1.6 |
|
||||
| 5.28 | [Collection of evidence ](ISO_27002_2022_5.28_MoC%20Collection%20of%20evidence.md) | 16.1.7 |
|
||||
| 5.29 | [Information security during disruption ](ISO_27002_2022_5.29_MoC%20Information%20security%20during%20disruption.md) | 17.1.1, 17.1.2, 17.1.3 |
|
||||
| 5.30 | [ICT readiness for business continuity ](ISO_27002_2022_5.30_MoC%20ICT%20readiness%20for%20business%20continuity.md) | New |
|
||||
| 5.31 | [Legal, statutory, regulatory and contractual requirements ](ISO_27002_2022_5.31_MoC%20Legal,%20statutory,%20regulatory%20and%20contractual%20requirements.md) | 18.1.1, 18.1.5 |
|
||||
| 5.32 | [Intellectual property rights ](ISO_27002_2022_5.32_MoC%20Intellectual%20property%20rights.md) | 18.1.2 |
|
||||
| 5.33 | [Protection of records ](ISO_27002_2022_5.33_MoC%20Protection%20of%20records.md) | 18.1.3 |
|
||||
| 5.34 | [Privacy and protection of PII ](ISO_27002_2022_5.34_MoC%20Privacy%20and%20protection%20of%20PII.md) | 18.1.4 |
|
||||
| 5.35 | [Independent review of information security ](ISO_27002_2022_5.35_MoC%20Independent%20review%20of%20information%20security.md) | 18.2.1 |
|
||||
| 5.36 | [Compliance with policies, rules and standards for information security](ISO_27002_2022_5.36_MoC%20Compliance%20with%20policies,%20rules%20and%20standards%20for%20information%20security.md) | 18.2.2, 18.2.3 |
|
||||
| 5.37 | [Documented operating procedures ](ISO_27002_2022_5.37_MoC%20Documented%20operating%20procedures.md) | 12.1.1 |
|
||||
| **6** | **People controls** | |
|
||||
| 6.1 | [Screening ](ISO_27002_2022_6.1_MoC%20Screening.md) | 07.1.1 |
|
||||
| 6.2 | [Terms and conditions of employment ](ISO_27002_2022_6.2_MoC%20Terms%20and%20conditions%20of%20employment.md) | 07.1.2 |
|
||||
| 6.3 | [Information security awareness, education and training ](ISO_27002_2022_6.3_MoC%20Information%20security%20awareness,%20education%20and%20training.md) | 07.2.2 |
|
||||
| 6.4 | [Disciplinary process ](ISO_27002_2022_6.4_MoC%20Disciplinary%20process.md) | 07.2.3 |
|
||||
| 6.5 | [Responsibilities after termination or change of employment ](ISO_27002_2022_6.5_MoC%20Responsibilities%20after%20termination%20or%20change%20of%20employment.md) | 07.3.1 |
|
||||
| 6.6 | [Confidentiality or non-disclosure agreements ](ISO_27002_2022_6.6_MoC%20Confidentiality%20or%20non-disclosure%20agreements.md) | 13.2.4 |
|
||||
| 6.7 | [Remote working ](ISO_27002_2022_6.7_MoC%20Remote%20working.md) | 06.2.2 |
|
||||
| 6.8 | [Information security event reporting ](ISO_27002_2022_6.8_MoC%20Information%20security%20event%20reporting.md) | 16.1.2, 16.1.3 |
|
||||
| **7** | **Physical controls** | |
|
||||
| 7.1 | [Physical security perimeters ](ISO_27002_2022_7.1_MoC%20Physical%20security%20perimeters.md) | 11.1.1 |
|
||||
| 7.2 | [Physical entry ](ISO_27002_2022_7.2_MoC%20Physical%20entry.md) | 11.1.2, 11.1.6 |
|
||||
| 7.3 | [Securing offices, rooms and facilities ](ISO_27002_2022_7.3_MoC%20Securing%20offices,%20rooms%20and%20facilities.md) | 11.1.3 |
|
||||
| 7.4 | [Physical security monitoring ](ISO_27002_2022_7.4_MoC%20Physical%20security%20monitoring.md) | New |
|
||||
| 7.5 | [Protecting against physical and environmental threats ](ISO_27002_2022_7.5_MoC%20Protecting%20against%20physical%20and%20environmental%20threats.md) | 11.1.4 |
|
||||
| 7.6 | [Working in secure areas ](ISO_27002_2022_7.6_MoC%20Working%20in%20secure%20areas.md) | 11.1.5 |
|
||||
| 7.7 | [Clear desk and clear screen ](ISO_27002_2022_7.7_MoC%20Clear%20desk%20and%20clear%20screen.md) | 11.2.9 |
|
||||
| 7.8 | [Equipment siting and protection ](ISO_27002_2022_7.8_MoC%20Equipment%20siting%20and%20protection.md) | 11.2.1 |
|
||||
| 7.9 | [Security of assets off-premises ](ISO_27002_2022_7.9_MoC%20Security%20of%20assets%20off-premises.md) | 11.2.6 |
|
||||
| 7.10 | [Storage media ](ISO_27002_2022_7.10_MoC%20Storage%20media.md) | 08.3.1, 08.3.2, 08.3.3, 11.2.5 |
|
||||
| 7.11 | [Supporting utilities ](ISO_27002_2022_7.11_MoC%20Supporting%20utilities.md) | 11.2.2 |
|
||||
| 7.12 | [Cabling security ](ISO_27002_2022_7.12_MoC%20Cabling%20security.md) | 11.2.3 |
|
||||
| 7.13 | [Equipment maintenance ](ISO_27002_2022_7.13_MoC%20Equipment%20maintenance.md) | 11.2.4 |
|
||||
| 7.14 | [Secure disposal or re-use of equipment ](ISO_27002_2022_7.14_MoC%20Secure%20disposal%20or%20re-use%20of%20equipment.md) | 11.2.7 |
|
||||
| **8** | **Technological controls** | |
|
||||
| 8.1 | [User endpoint devices ](ISO_27002_2022_8.1_MoC%20User%20endpoint%20devices.md) | 06.2.1, 11.2.8 |
|
||||
| 8.2 | [Privileged access rights ](ISO_27002_2022_8.2_MoC%20Privileged%20access%20rights.md) | 09.2.3 |
|
||||
| 8.3 | [Information access restriction ](ISO_27002_2022_8.3_MoC%20Information%20access%20restriction.md) | 09.4.1 |
|
||||
| 8.4 | [Access to source code ](ISO_27002_2022_8.4_MoC%20Access%20to%20source%20code.md) | 09.4.5 |
|
||||
| 8.5 | [Secure authentication ](ISO_27002_2022_8.5_MoC%20Secure%20authentication.md) | 09.4.2 |
|
||||
| 8.6 | [Capacity management ](ISO_27002_2022_8.6_MoC%20Capacity%20management.md) | 12.1.3 |
|
||||
| 8.7 | [Protection against malware ](ISO_27002_2022_8.7_MoC%20Protection%20against%20malware.md) | 12.2.1 |
|
||||
| 8.8 | [Management of technical vulnerabilities ](ISO_27002_2022_8.8_MoC%20Management%20of%20technical%20vulnerabilities.md) | 12.6.1, 18.2.3 |
|
||||
| 8.9 | [Configuration management ](ISO_27002_2022_8.9_MoC%20Configuration%20management.md) | New |
|
||||
| 8.10 | [Information deletion ](ISO_27002_2022_8.10_MoC%20Information%20deletion.md) | New |
|
||||
| 8.11 | [Data masking ](ISO_27002_2022_8.11_MoC%20Data%20masking.md) | New |
|
||||
| 8.12 | [Data leakage prevention ](ISO_27002_2022_8.12_MoC%20Data%20leakage%20prevention.md) | New |
|
||||
| 8.13 | [Information backup ](ISO_27002_2022_8.13_MoC%20Information%20backup.md) | 12.3.1 |
|
||||
| 8.14 | [Redundancy of information processing facilities ](ISO_27002_2022_8.14_MoC%20Redundancy%20of%20information%20processing%20facilities.md) | 17.2.1 |
|
||||
| 8.15 | [Logging ](ISO_27002_2022_8.15_MoC%20Logging.md) | 12.4.1, 12.4.2, 12.4.3 |
|
||||
| 8.16 | [Monitoring activities ](ISO_27002_2022_8.16_MoC%20Monitoring%20activities.md) | New |
|
||||
| 8.17 | [Clock synchronization ](ISO_27002_2022_8.17_MoC%20Clock%20synchronization.md) | 12.4.4 |
|
||||
| 8.18 | [Use of privileged utility programs ](ISO_27002_2022_8.18_MoC%20Use%20of%20privileged%20utility%20programs.md) | 09.4.4 |
|
||||
| 8.19 | [Installation of software on operational systems ](ISO_27002_2022_8.19_MoC%20Installation%20of%20software%20on%20operational%20systems.md) | 12.5.1, 12.6.2 |
|
||||
| 8.20 | [Networks security ](ISO_27002_2022_8.20_MoC%20Networks%20security.md) | 13.1.1 |
|
||||
| 8.21 | [Security of network services ](ISO_27002_2022_8.21_MoC%20Security%20of%20network%20services.md) | 13.1.2 |
|
||||
| 8.22 | [Segregation of networks ](ISO_27002_2022_8.22_MoC%20Segregation%20of%20networks.md) | 13.1.3 |
|
||||
| 8.23 | [Web filtering ](ISO_27002_2022_8.23_MoC%20Web%20filtering.md) | New |
|
||||
| 8.24 | [Use of cryptography ](ISO_27002_2022_8.24_MoC%20Use%20of%20cryptography.md) | 10.1.1, 10.1.2 |
|
||||
| 8.25 | [Secure development life cycle ](ISO_27002_2022_8.25_MoC%20Secure%20development%20life%20cycle.md) | 14.2.1 |
|
||||
| 8.26 | [Application security requirements ](ISO_27002_2022_8.26_MoC%20Application%20security%20requirements.md) | 14.1.2, 14.1.3 |
|
||||
| 8.27 | [Secure system architecture and engineering principles ](ISO_27002_2022_8.27_MoC%20Secure%20system%20architecture%20and%20engineering%20principles.md) | 14.2.5 |
|
||||
| 8.28 | [Secure coding ](ISO_27002_2022_8.28_MoC%20Secure%20coding.md) | New |
|
||||
| 8.29 | [Security testing in development and acceptance ](ISO_27002_2022_8.29_MoC%20Security%20testing%20in%20development%20and%20acceptance.md) | 14.2.8, 14.2.9 |
|
||||
| 8.30 | [Outsourced development ](ISO_27002_2022_8.30_MoC%20Outsourced%20development.md) | 14.2.7 |
|
||||
| 8.31 | [Separation of development, test and production environments ](ISO_27002_2022_8.31_MoC%20Separation%20of%20development,%20test%20and%20production%20environments.md) | 12.1.4, 14.2.6 |
|
||||
| 8.32 | [Change management ](ISO_27002_2022_8.32_MoC%20Change%20management.md) | 12.1.2, 14.2.2, 14.2.3, 14.2.4 |
|
||||
| 8.33 | [Test information ](ISO_27002_2022_8.33_MoC%20Test%20information.md) | 14.3.1 |
|
||||
| 8.34 | [Protection of information systems during audit testing ](ISO_27002_2022_8.34_MoC%20Protection%20of%20information%20systems%20during%20audit%20testing.md) | 12.7.1 |
|
||||
|
|
@ -1,52 +0,0 @@
|
|||
#iso27001/2022/EN
|
||||
# ISO 27001:2022 EN Index
|
||||
|
||||
| Clause | Title |
|
||||
| ---------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
|
||||
| **F** | **[Foreword](../ISO-27001-OST/ISO27001-EN-2022/ISO_27001_OT%20F%20Foreword.md)** |
|
||||
| **0** | **[Introduction](../ISO-27001-OST/ISO27001-EN-2022/ISO_27001_2022_OT%200%20Introduction.md)** |
|
||||
| **1** | **[Scope](../ISO-27001-OST/ISO27001-EN-2022/ISO_27001_2022_OT%201%20Scope.md)** |
|
||||
| **2** | **[Normative references](../ISO-27001-OST/ISO27001-EN-2022/ISO_27001_2022_OT%202%20Normative%20references.md)** |
|
||||
| **3** | **[Terms and definitions](../ISO-27001-OST/ISO27001-EN-2022/ISO_27001_OT%20Terms%20and%20definitions.md)** |
|
||||
| **4** | **[Context of the organization](ISO_27001_2022_4_MoC%20Context%20of%20the%20organization.md)** |
|
||||
| 4.1 | [Understanding the organization and its context ](ISO_27001_2022_4.1_MoC%20Understanding%20the%20organization%20and%20its%20context.md) |
|
||||
| 4.2 | [Understanding the needs and expectations of interested parties ](ISO_27001_2022_4.2_MoC%20Understanding%20the%20needs%20and%20expectations%20of%20interested%20parties.md) |
|
||||
| 4.3 | [Determining the scope of the information security management system ](ISO_27001_2022_4.3_MoC%20Determining%20the%20scope%20of%20the%20information%20security%20management%20system.md) |
|
||||
| 4.4 | [Information security management system ](ISO_27001_2022_4.4_MoC%20Information%20security%20management%20system.md) |
|
||||
| **5** | **[Leadership](ISO_27001_2022_5_MoC%20Leadership.md)** |
|
||||
| 5.1 | [Leadership and commitment ](ISO_27001_2022_5.1_MoC%20Leadership%20and%20commitment.md) |
|
||||
| 5.2 | [Policy ](ISO_27001_2022_5.2_MoC%20Policy.md) |
|
||||
| 5.3 | [Organizational roles, responsibilities and authorities ](ISO_27001_2022_5.3_MoC%20Organizational%20roles,%20responsibilities%20and%20authorities.md) |
|
||||
| **6** | **[Planning](ISO_27001_2022_6_MoC%20Planning.md)** |
|
||||
| 6.1 | [Actions to address risks and opportunities ](ISO_27001_2022_6.1_MoC%20Actions%20to%20address%20risks%20and%20opportunities.md) |
|
||||
| 6.1.1 | [General ](ISO_27001_2022_6.1.1_MoC%20General.md) |
|
||||
| 6.1.2 | [Information security risk assessment ](ISO_27001_2022_6.1.2_MoC%20Information%20security%20risk%20assessment.md) |
|
||||
| 6.1.3 | [Information security risk treatment ](ISO_27001_2022_6.1.3_MoC%20Information%20security%20risk%20treatment.md) |
|
||||
| 6.2 | [Information security objectives and planning to achieve them ](ISO_27001_2022_6.2_MoC%20Information%20security%20objectives%20and%20planning%20to%20achieve%20them.md) |
|
||||
| 6.3 | [Planning of changes ](ISO_27001_2022_6.3_MoC%20Planning%20of%20changes.md) |
|
||||
| **7** | **[Support](ISO_27001_2022_7_MoC%20Support.md)** |
|
||||
| 7.1 | [ Resources ](ISO_27001_2022_7.1_MoC%20Resources.md) |
|
||||
| 7.2 | [ Competence ](ISO_27001_2022_7.2_MoC%20Competence.md) |
|
||||
| 7.3 | [ Awareness ](ISO_27001_2022_7.3_MoC%20Awareness.md) |
|
||||
| 7.4 | [ Communication ](ISO_27001_2022_7.4_MoC%20Communication.md) |
|
||||
| 7.5 | [ Documented information ](ISO_27001_2022_7.5_MoC%20Documented%20information.md) |
|
||||
| 7.5.1 | General ↑ |
|
||||
| 7.5.2 | Creating and updating ↑ |
|
||||
| 7.5.3 | Control of documented information ↑ |
|
||||
| **8** | **[Operation](ISO_27001_2022_8_MoC%20Operation.md)** |
|
||||
| 8.1 | [Operational planning and control ](ISO_27001_2022_8.1_MoC%20Operational%20planning%20and%20control.md) |
|
||||
| 8.2 | [Information security risk assessment ](ISO_27001_2022_8.2_MoC%20Information%20security%20risk%20assessment.md) |
|
||||
| 8.3 | [Information security risk treatment ](ISO_27001_2022_8.3_MoC%20Information%20security%20risk%20treatment.md) |
|
||||
| **9** | **[Performance evaluation](ISO_27001_2022_9_MoC%20Performance%20evaluation.md)** |
|
||||
| 9.1 | [Monitoring, measurement, analysis and evaluation ](ISO_27001_2022_9.1_MoC%20Monitoring,%20measurement,%20analysis%20and%20evaluation.md) |
|
||||
| 9.2 | [Internal audit ](ISO_27001_2022_9.2_MoC%20Internal%20audit.md) |
|
||||
| 9.2.1 | General ↑ |
|
||||
| 9.2.2 | Internal audit programme ↑ |
|
||||
| 9.3 | [Management review ](ISO_27001_2022_9.3_MoC%20Management%20review.md) |
|
||||
| 9.3.1 | General ↑ |
|
||||
| 9.3.2 | Management review inputs ↑ |
|
||||
| 9.3.3 | Management review results ↑ |
|
||||
| **10** | **[Improvement](ISO_27001_2022_10_MoC%20Improvement.md)** |
|
||||
| 10.1 | [Continual improvement ](ISO_27001_2022_10.1_MoC%20Continual%20improvement.md) |
|
||||
| 10.2 | [Nonconformity and corrective action ](ISO_27001_2022_10.2_MoC%20Nonconformity%20and%20corrective%20action.md) |
|
||||
| **[Annex A](ISO_27001_2022_00_MoC%20Index%20EXT.md)** | **Information security controls reference** |
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
[Original Text](../ISO-27001-OST/ISO27001-EN-2022/ISO_27001_OT%2010.1%20Continual%20improvement.md)
|
||||
|
||||
[Plain English](../../../../iso27DIY-gis/reference/Paraphrased/ISO27001-2022-EN/ISO_27001_PE%2010.1%20Continual%20improvement.md)
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
[Original Text](../ISO-27001-OST/ISO27001-EN-2022/ISO_27001_OT%2010.2%20Nonconformity%20and%20corrective%20action.md)
|
||||
|
||||
[[ISO_27001_PE 10.2 Nonconformity and corrective action\|Plain English]]
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
# Chapter 10: Improvement
|
||||
|
||||
| **10** | **[Improvement](ISO_27001_2022_10_MoC%20Improvement.md)** |
|
||||
| ----------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
|
||||
| 10.1 | [Continual improvement ](ISO_27001_2022_10.1_MoC%20Continual%20improvement.md) |
|
||||
| 10.2 | [Nonconformity and corrective action ](ISO_27001_2022_10.2_MoC%20Nonconformity%20and%20corrective%20action.md) |
|
||||
|
|
@ -1,20 +0,0 @@
|
|||
# About C4.1: Understanding the organization and its context
|
||||
From ISO 27001:2022
|
||||
|
||||
[Original Text](../ISO-27001-OST/ISO27001-EN-2022/ISO_27001_2022_OT%204.1%20Understanding%20the%20organization%20and%20its%20context.md)
|
||||
|
||||
[Plain English](../../../../iso27DIY-gis/reference/Paraphrased/ISO27001-2022-EN/ISO_27001_2022_PE%204.1%20Understanding%20the%20organization%20and%20its%20context.md) translation
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
|
@ -1,8 +0,0 @@
|
|||
# About C4.2: Understanding the needs and expectations of interested parties
|
||||
|
||||
[Original Text](../ISO-27001-OST/ISO27001-EN-2022/ISO_27001_2022_OT%204.2%20Understanding%20the%20needs%20and%20expectations%20of%20interested%20parties.md)
|
||||
|
||||
[[ISO_27001_PE 4.2 Understanding the needs and expectations of interested parties\|Plain English]]
|
||||
|
||||
|
||||
[PECB Auditor training: Context of the organization](../../../../👩🏼⚖️%20Standards%20and%20Regulations/ISO%2027K/PECB%20Lead%20Auditor%20Training%2027001/PECB%2027001%20LA%20S05%20E01a%20-%20Context%20of%20the%20organization.md)
|
||||
|
|
@ -1,9 +0,0 @@
|
|||
# About C4.3 Determining the scope of the information security management system
|
||||
|
||||
[Original Text](../ISO-27001-OST/ISO27001-EN-2022/ISO_27001_2022_OT%204.3%20Determining%20the%20scope%20of%20the%20information%20security%20management%20system.md)
|
||||
|
||||
[[ISO_27001_PE 4.3 Determining the scope of the information security management system\|Plain English]]
|
||||
|
||||
[About the Statement of Applicability](../../../Drafts%20and%20Ideas/ISMS/About%20the%20Statement%20of%20Applicability.md)
|
||||
|
||||
[PECB Auditor training: Context of the organization](../../../../👩🏼⚖️%20Standards%20and%20Regulations/ISO%2027K/PECB%20Lead%20Auditor%20Training%2027001/PECB%2027001%20LA%20S05%20E01a%20-%20Context%20of%20the%20organization.md)
|
||||
|
|
@ -1,7 +0,0 @@
|
|||
# About C4.4: Information security management system
|
||||
|
||||
[Original Text](../ISO-27001-OST/ISO27001-EN-2022/ISO_27001_2022_OT%204.4%20Information%20security%20management%20system.md)
|
||||
|
||||
[[ISO_27001_PE 4.4 Information security management system\|Plain English]]
|
||||
|
||||
[PECB Auditor training: Context of the organization](../../../../👩🏼⚖️%20Standards%20and%20Regulations/ISO%2027K/PECB%20Lead%20Auditor%20Training%2027001/PECB%2027001%20LA%20S05%20E01a%20-%20Context%20of%20the%20organization.md)
|
||||
|
|
@ -1,8 +0,0 @@
|
|||
# Chapter 4: Context of the organization
|
||||
|
||||
| **4** | **Context of the organization** |
|
||||
| ----- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
|
||||
| 4.1 | [Understanding the organization and its context ](ISO_27001_2022_4.1_MoC%20Understanding%20the%20organization%20and%20its%20context.md) |
|
||||
| 4.2 | [Understanding the needs and expectations of interested parties ](ISO_27001_2022_4.2_MoC%20Understanding%20the%20needs%20and%20expectations%20of%20interested%20parties.md) |
|
||||
| 4.3 | [Determining the scope of the information security management system ](ISO_27001_2022_4.3_MoC%20Determining%20the%20scope%20of%20the%20information%20security%20management%20system.md) |
|
||||
| 4.4 | [Information security management system ](ISO_27001_2022_4.4_MoC%20Information%20security%20management%20system.md) |
|
||||
|
|
@ -1,10 +0,0 @@
|
|||
# About Clause 5.1: Leadership and commitment
|
||||
|
||||
Describes the responsibilities of 'Top management' with regards to the ISMS.
|
||||
|
||||
[Original Text](../ISO-27001-OST/ISO27001-EN-2022/ISO_27001_2022_OT%205.1%20Leadership%20and%20commitment.md)
|
||||
|
||||
[[ISO_27001_PE 5.1 Leadership and commitment\|Plain English]]
|
||||
|
||||
Related:
|
||||
- [Clause 9.3](ISO_27001_2022_9.3_MoC%20Management%20review.md), Management review
|
||||
|
|
@ -1,10 +0,0 @@
|
|||
# About Clause 5.2: Policy
|
||||
|
||||
The information security policy as established by top management
|
||||
|
||||
[Original Text](../ISO-27001-OST/ISO27001-EN-2022/ISO_27001_2022_OT%205.2%20Policy.md)
|
||||
|
||||
[[ISO_27001_PE 5.2 Policy\|Plain English]]
|
||||
|
||||
[PECB Auditor training: Leadership](../../../../👩🏼⚖️%20Standards%20and%20Regulations/ISO%2027K/PECB%20Lead%20Auditor%20Training%2027001/PECB%2027001%20LA%20S05%20E01b%20-%20Leadership.md)
|
||||
|
||||
|
|
@ -1,15 +0,0 @@
|
|||
# About Clause 5.3: Organizational roles, responsibilities and authorities
|
||||
|
||||
Top management must make sure that responsibilities and authorities for information security roles are assigned and communicated within the organization.
|
||||
|
||||
Top management specifically needs to assign responsibility and authority for ensuring the ISMS's compliance with the standard, and for reporting[^1] on it's performance (apparently, assigning *other* responsibilities and authorities need *not* be a top management concern).
|
||||
|
||||
[Original Text](../ISO-27001-OST/ISO27001-EN-2022/ISO_27001_2022_OT%205.3%20Organizational%20roles,%20responsibilities%20and%20authorities.md)
|
||||
|
||||
[[ISO_27001_PE 5.3 Organizational roles, responsibilities and authorities\|Plain English]]
|
||||
|
||||
[PECB Auditor training: Leadership](../../../../👩🏼⚖️%20Standards%20and%20Regulations/ISO%2027K/PECB%20Lead%20Auditor%20Training%2027001/PECB%2027001%20LA%20S05%20E01b%20-%20Leadership.md)
|
||||
|
||||
|
||||
|
||||
[^1]: Note that 'reporting' (5.3b) means carrying responsibility and being accountable (for the performance of the ISMS), not just giving information.
|
||||
|
|
@ -1,11 +0,0 @@
|
|||
# Chapter 5: Leadership
|
||||
|
||||
| **5** | **[Leadership](ISO_27001_2022_5_MoC%20Leadership.md)** |
|
||||
| ----------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
|
||||
| 5.1 | [Leadership and commitment ](ISO_27001_2022_5.1_MoC%20Leadership%20and%20commitment.md) |
|
||||
| 5.2 | [Policy ](ISO_27001_2022_5.2_MoC%20Policy.md) |
|
||||
| 5.3 | [Organizational roles, responsibilities and authorities ](ISO_27001_2022_5.3_MoC%20Organizational%20roles,%20responsibilities%20and%20authorities.md) |
|
||||
|
||||
[Context of the organization](../../../../👩🏼⚖️%20Standards%20and%20Regulations/ISO%2027K/PECB%20Lead%20Auditor%20Training%2027001/PECB%2027001%20LA%20S05%20E01a%20-%20Context%20of%20the%20organization.md) from the PECB Auditor training
|
||||
[Leadership](../../../../👩🏼⚖️%20Standards%20and%20Regulations/ISO%2027K/PECB%20Lead%20Auditor%20Training%2027001/PECB%2027001%20LA%20S05%20E01b%20-%20Leadership.md) from the PECB Auditor training
|
||||
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
### 6.1.1 General
|
||||
|
||||
- [Original Text](../ISO-27001-OST/ISO27001-EN-2022/ISO_27001_OT%206.1.1%20General.md)
|
||||
- [[ISO_27001_PE 6.1.1 General\|Plain English]]
|
||||
|
|
@ -1,42 +0,0 @@
|
|||
# About Clause 6.1.2: I| **6** | **[Planning](ISO_27001_2022_6_MoC%20Planning.md)** |
|
||||
| ----- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
|
||||
| 6.1 | [Actions to address risks and opportunities ](ISO_27001_2022_6.1_MoC%20Actions%20to%20address%20risks%20and%20opportunities.md) |
|
||||
| 6.1.1 | [General ](ISO_27001_2022_6.1.1_MoC%20General.md) |
|
||||
| 6.1.2 | [Information security risk assessment ](ISO_27001_2022_6.1.2_MoC%20Information%20security%20risk%20assessment.md) |
|
||||
| 6.1.3 | [Information security risk treatment ](ISO_27001_2022_6.1.3_MoC%20Information%20security%20risk%20treatment.md) |
|
||||
| 6.2 | [Information security objectives and planning to achieve them ](ISO_27001_2022_6.2_MoC%20Information%20security%20objectives%20and%20planning%20to%20achieve%20them.md) |
|
||||
| 6.3 | [Planning of changes ](ISO_27001_2022_6.3_MoC%20Planning%20of%20changes.md) |rity investments will deliver the most value. This is in line with the ISO 31000 standard for Risk Management #research title? , which recommends categorizing risks based on your organization’s context and objectives.
|
||||
|
||||
Different organizations worry about different kinds of risks, based on their mission, industry, and stakeholder expectations. An engineering firm may worry about their designs being stolen (protection of intellectual property) and construction errors due to incorrect data or calculations (integrity of information). A hospital will worry about continuity (availability of information) and patient confidentiality. A social media advertising platform, may care less about compliance with privacy regulations, but place great emphasis on uptime of systems.
|
||||
|
||||
To help in this dialogue about risks and risk tolerance, we can use the concept of 'Impact Categories'.
|
||||
## Impact Categories
|
||||
Impact Categories are the types of business consequences that matter most to an organization's leadership, because they affect the organization's ability to achieve its objectives.
|
||||
|
||||
Below is a list of examples of Impact Categories:
|
||||
|
||||
- **Operational**: Disruption of day-to-day processes, workforce capability, system functionality, and the organization's ability to deliver products or services
|
||||
- **Financial**: Direct financial losses, increased costs, reduced revenue, market value decline, or threats to financial stability
|
||||
- **Strategic**: Inability to achieve long-level organizational goals, loss of competitive position, or forced changes to business direction
|
||||
- **Compliance**: Legal penalties, regulatory sanctions, loss of licenses or certifications, or mandatory remediation costs
|
||||
- **Reputational**: Loss of customer trust, damage to brand value, negative media attention, or erosion of stakeholder confidence
|
||||
- **Health and Safety**: Physical harm to employees, customers, or the public, or creation of unsafe conditions
|
||||
- **Environmental**: Environmental damage, pollution incidents, or failure to meet sustainability commitments
|
||||
- **Competitive Advantage**: Loss of proprietary knowledge, patents, trade secrets, or strategic business intelligence
|
||||
- **National Security**: Consequences for critical infrastructure, public safety, or national interests
|
||||
|
||||
You can expand and adapt this list as you see fit. Engage your management in a dialogue about areas of impact, and aim to establish the categories that are most important to them. This will help in weighing priorities later on.
|
||||
|
||||
## qualifying or quantifying risks?
|
||||
|
||||
**Qualifying risks** (qualitative risk assessment) involves describing and categorizing risks using descriptive scales or labels—such as rating likelihood as "low, medium, high" and impact as "minor, moderate, severe"—focusing on understanding the nature and relative severity of risks without precise numerical values.
|
||||
|
||||
**Quantifying risks** (quantitative risk assessment) involves measuring risks using specific numerical values—such as calculating the probability as a percentage (e.g., 15% chance per year) and impact in monetary terms (e.g., €50,000 loss)—providing precise, measurable data that can be used for detailed cost-benefit analysis and statistical modeling.
|
||||
|
||||
Clause 6.1.2 writes we should "assess the potential consequences" and "realistic likelihood" of risks occurring, but the standard doesn't say anything about *how* these should be established (just that that the chosen method must produce "consistent, valid and comparable results").
|
||||
|
||||
The core _requirements_ in ISO/IEC 27001 remain method-agnostic as long as the steps above are met and results are consistent and comparable.
|
||||
|
||||
The organization must set its own criteria for determining risk levels and risk acceptance criteria. The organization defines these elements based on its specific needs, size, structure, objectives, and risks.
|
||||
|
||||
The standard does not say anything about if qualitative or quantitative risk assessment should be applied.
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
# 6.1.3 Information security risk treatment
|
||||
|
||||
- [Original Text](../ISO-27001-OST/ISO27001-EN-2022/ISO_27001_OT%206.1.3%20Information%20security%20risk%20treatment.md)
|
||||
- [[ISO_27001_PE 6.1.3 Information security risk treatment\|Plain English]]
|
||||
|
||||
[About the Statement of Applicability](../../../Drafts%20and%20Ideas/ISMS/About%20the%20Statement%20of%20Applicability.md)
|
||||
|
|
@ -1,7 +0,0 @@
|
|||
## 6.1 Actions to address risks and opportunities
|
||||
|
||||
- [6.1.1 General](ISO_27001_2022_6.1.1_MoC%20General.md)
|
||||
- [6.1.2 Information security risk assessment](ISO_27001_2022_6.1.2_MoC%20Information%20security%20risk%20assessment.md)
|
||||
- [6.1.3 Information security risk treatment](ISO_27001_2022_6.1.3_MoC%20Information%20security%20risk%20treatment.md)
|
||||
|
||||
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
# About Chapter 6.2: Information security objectives and planning to achieve them
|
||||
[Original Text](../ISO-27001-OST/ISO27001-EN-2022/ISO_27001_OT%206.2%20Information%20security%20objectives%20and%20planning%20to%20achieve%20them.md)
|
||||
|
||||
[Plain English](../../../../iso27DIY-gis/reference/Paraphrased/ISO27001-2022-EN/ISO_27001_PE%206.2%20Information%20security%20objectives%20and%20planning%20to%20achieve%20them.md)
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
[Original Text](../ISO-27001-OST/ISO27001-EN-2022/ISO_27001_OT%206.3%20Planning%20of%20changes.md)
|
||||
|
||||
[[ISO_27001_PE 6.3 Planning of changes\|Plain English]]
|
||||
|
|
@ -1,10 +0,0 @@
|
|||
# Chapter 6: Planning
|
||||
|
||||
| **6** | **[Planning](ISO_27001_2022_6_MoC%20Planning.md)** |
|
||||
| ----- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
|
||||
| 6.1 | [Actions to address risks and opportunities ](ISO_27001_2022_6.1_MoC%20Actions%20to%20address%20risks%20and%20opportunities.md) |
|
||||
| 6.1.1 | [General ](ISO_27001_2022_6.1.1_MoC%20General.md) |
|
||||
| 6.1.2 | [Information security risk assessment ](ISO_27001_2022_6.1.2_MoC%20Information%20security%20risk%20assessment.md) |
|
||||
| 6.1.3 | [Information security risk treatment ](ISO_27001_2022_6.1.3_MoC%20Information%20security%20risk%20treatment.md) |
|
||||
| 6.2 | [Information security objectives and planning to achieve them ](ISO_27001_2022_6.2_MoC%20Information%20security%20objectives%20and%20planning%20to%20achieve%20them.md) |
|
||||
| 6.3 | [Planning of changes ](ISO_27001_2022_6.3_MoC%20Planning%20of%20changes.md) |
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
[Original Text](../ISO-27001-OST/ISO27001-EN-2022/ISO_27001_OT%207.1%20Resources.md)
|
||||
|
||||
[[ISO_27001_PE 7.1 Resources\|Plain English]]
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
[Original Text](../ISO-27001-OST/ISO27001-EN-2022/ISO_27001_OT%207.2%20Competence.md)
|
||||
|
||||
[[ISO_27001_PE 7.2 Competence\|Plain English]]
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
[Original Text](../ISO-27001-OST/ISO27001-EN-2022/ISO_27001_OT%207.3%20Awareness.md)
|
||||
|
||||
[[ISO_27001_PE 7.3 Awareness\|Plain English]]
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
[Original Text](../ISO-27001-OST/ISO27001-EN-2022/ISO_27001_OT%207.4%20Communication.md)
|
||||
|
||||
[[ISO_27001_PE 7.4 Communication\|Plain English]]
|
||||
|
|
@ -1,13 +0,0 @@
|
|||
### 7.5.1 General
|
||||
|
||||
The organization's information security management system shall include:
|
||||
|
||||
a\) documented information required by this document; and
|
||||
|
||||
b\) documented information determined by the organization as being necessary for the effectiveness of the information security management system.
|
||||
|
||||
NOTE The extent of documented information for an information security management system can differ from one organization to another due to:
|
||||
1\) the size of organization and its type of activities, processes, products and services;
|
||||
2\) the complexity of processes and their interactions; and
|
||||
3\) the competence of persons.
|
||||
|
||||
|
|
@ -1,10 +0,0 @@
|
|||
### 7.5.2 Creating and updating
|
||||
|
||||
When creating and updating documented information the organization shall ensure appropriate:
|
||||
|
||||
a\) identification and description (e.g. a title, date, author, or reference number);
|
||||
|
||||
b\) format (e.g. language, software version, graphics) and media (e.g. paper, electronic); and
|
||||
|
||||
c\) review and approval for suitability and adequacy.
|
||||
|
||||
|
|
@ -1,21 +0,0 @@
|
|||
### 7.5.3 Control of documented information
|
||||
|
||||
Documented information required by the information security management system and by this document shall be controlled to ensure:
|
||||
|
||||
a\) it is available and suitable for use, where and when it is needed; and
|
||||
|
||||
b\) it is adequately protected (e.g. from loss of confidentiality, improper use, or loss of integrity).
|
||||
|
||||
For the control of documented information, the organization shall address the following activities, as applicable:
|
||||
|
||||
c\) distribution, access, retrieval and use;
|
||||
|
||||
d\) storage and preservation, including the preservation of legibility;
|
||||
|
||||
e\) control of changes (e.g. version control); and
|
||||
|
||||
f\) retention and disposition.
|
||||
|
||||
Documented information of external origin, determined by the organization to be necessary for the planning and operation of the information security management system, shall be identified as appropriate, and controlled.
|
||||
|
||||
NOTE Access can imply a decision regarding the permission to view the documented information only, or the permission and authority to view and change the documented information, etc.
|
||||
|
|
@ -1,7 +0,0 @@
|
|||
[Original Text](../ISO-27001-OST/ISO27001-EN-2022/ISO_27001_OT%207.5%20Documented%20information.md)
|
||||
|
||||
[[ISO_27001_PE 7.5 Documented information\|Plain English]]
|
||||
|
||||
- [7.5.1 General](ISO_27001_2022_7.5.1_MoC%20General.md)
|
||||
- [7.5.2 Creating and updating](ISO_27001_2022_7.5.2_MoC%20Creating%20and%20updating.md)
|
||||
- [7.5.3 Control of documented information](ISO_27001_2022_7.5.3_MoC%20Control%20of%20documented%20information.md)
|
||||
|
|
@ -1,12 +0,0 @@
|
|||
# Chapter 7: Support
|
||||
|
||||
| **7** | **[Support](ISO_27001_2022_7_MoC%20Support.md)** |
|
||||
| ----- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
|
||||
| 7.1 | [ Resources ](ISO_27001_2022_7.1_MoC%20Resources.md) |
|
||||
| 7.2 | [ Competence ](ISO_27001_2022_7.2_MoC%20Competence.md) |
|
||||
| 7.3 | [ Awareness ](ISO_27001_2022_7.3_MoC%20Awareness.md) |
|
||||
| 7.4 | [ Communication ](ISO_27001_2022_7.4_MoC%20Communication.md) |
|
||||
| 7.5 | [ Documented information ](ISO_27001_2022_7.5_MoC%20Documented%20information.md) |
|
||||
| 7.5.1 | General ↑ |
|
||||
| 7.5.2 | Creating and updating ↑ |
|
||||
| 7.5.3 | Control of documented information ↑ |
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
[Original Text](../ISO-27001-OST/ISO27001-EN-2022/ISO_27001_OT%208.1%20Operational%20planning%20and%20control.md)
|
||||
|
||||
[[ISO_27001_PE 8.1 Operational planning and control\|Plain English]]
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
# About Clause 8.2: Information security risk assessment
|
||||
|
||||
|
||||
[Original Text](../ISO-27001-OST/ISO27001-EN-2022/ISO_27001_OT%208.2%20Information%20security%20risk%20assessment.md)
|
||||
|
||||
[[ISO_27001_PE 8.2 Information security risk assessment\|Plain English]]
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
# About Clause 8.3: Information security risk treatment
|
||||
|
||||
[Original Text](../ISO-27001-OST/ISO27001-EN-2022/ISO_27001_OT%208.3%20Information%20security%20risk%20treatment.md)
|
||||
|
||||
[[ISO_27001_PE 8.3 Information security risk treatment\|Plain English]]
|
||||
|
|
@ -1,7 +0,0 @@
|
|||
# Chapter 8: Operation
|
||||
|
||||
| **8** | **[Operation](ISO_27001_2022_8_MoC%20Operation.md)** |
|
||||
| ----------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
|
||||
| 8.1 | [Operational planning and control ](ISO_27001_2022_8.1_MoC%20Operational%20planning%20and%20control.md) |
|
||||
| 8.2 | [Information security risk assessment ](ISO_27001_2022_8.2_MoC%20Information%20security%20risk%20assessment.md) |
|
||||
| 8.3 | [Information security risk treatment ](ISO_27001_2022_8.3_MoC%20Information%20security%20risk%20treatment.md) |
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
[Original Text](../ISO-27001-OST/ISO27001-EN-2022/ISO_27001_OT%209.1%20Monitoring,%20measurement,%20analysis%20and%20evaluation.md)
|
||||
|
||||
[[ISO_27001_PE 9.1 Monitoring, measurement, analysis and evaluation\|Plain English]]
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
# About Clause 9.2: Internal audit
|
||||
|
||||
[Original Text](../ISO-27001-OST/ISO27001-EN-2022/ISO_27001_OT%209.2%20Internal%20audit.md)
|
||||
[[ISO_27001_PE 9.2 Internal audit\|Plain English]]
|
||||
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
# 9.3 Management review
|
||||
|
||||
[Original Text](../ISO-27001-OST/ISO27001-EN-2022/ISO_27001_OT%209.3%20Management%20review.md)
|
||||
[[ISO_27001_PE 9.3 Management review\|Plain English]]
|
||||
|
||||
|
|
@ -1,12 +0,0 @@
|
|||
# Chapter 9: Performance evaluation
|
||||
|
||||
| **9** | **[Performance evaluation](ISO_27001_2022_9_MoC%20Performance%20evaluation.md)** |
|
||||
| ----- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
|
||||
| 9.1 | [Monitoring, measurement, analysis and evaluation ](ISO_27001_2022_9.1_MoC%20Monitoring,%20measurement,%20analysis%20and%20evaluation.md) |
|
||||
| 9.2 | [Internal audit ](ISO_27001_2022_9.2_MoC%20Internal%20audit.md) |
|
||||
| 9.2.1 | General ↑ |
|
||||
| 9.2.2 | Internal audit programme ↑ |
|
||||
| 9.3 | [Management review ](ISO_27001_2022_9.3_MoC%20Management%20review.md) |
|
||||
| 9.3.1 | General ↑ |
|
||||
| 9.3.2 | Management review inputs ↑ |
|
||||
| 9.3.3 | Management review results ↑ |
|
||||
|
|
@ -1,94 +0,0 @@
|
|||
#iso27002/2022/EN
|
||||
5.1 Policies for information security
|
||||
5.2 Information security roles and responsibilities
|
||||
5.3 Segregation of duties
|
||||
5.4 Management responsibilities
|
||||
5.5 Contact with authorities
|
||||
5.6 Contact with special interest groups
|
||||
5.7 Threat intelligence
|
||||
5.8 Information security in project management
|
||||
5.9 Inventory of information and other associated assets
|
||||
5.10 Acceptable use of information and other associated assets
|
||||
5.11 Return of assets
|
||||
5.12 Classification of information
|
||||
5.13 Labelling of information
|
||||
5.14 Information transfer
|
||||
5.15 Access control
|
||||
5.16 Identity management
|
||||
5.17 Authentication information
|
||||
5.18 Access rights
|
||||
5.19 Information security in supplier relationships
|
||||
5.20 Addressing information security within supplier agreements
|
||||
5.21 Managing information security in the ICT supply chain
|
||||
5.22 Monitoring, review and change management of supplier services
|
||||
5.23 Information security for use of cloud services
|
||||
5.24 Information security incident management planning and preparation
|
||||
5.25 Assessment and decision on information security events
|
||||
5.26 Response to information security incidents
|
||||
5.27 Learning from information security incidents
|
||||
5.28 Collection of evidence
|
||||
5.29 Information security during disruption
|
||||
5.30 ICT readiness for business continuity
|
||||
5.31 Legal, statutory, regulatory and contractual requirements
|
||||
5.32 Intellectual property rights
|
||||
5.33 Protection of records
|
||||
5.34 Privacy and protection of PII
|
||||
5.35 Independent review of information security
|
||||
5.36 Compliance with policies, rules and standards for information security
|
||||
5.37 Documented operating procedures
|
||||
6.1 Screening
|
||||
6.2 Terms and conditions of employment
|
||||
6.3 Information security awareness, education and training
|
||||
6.4 Disciplinary process
|
||||
6.5 Responsibilities after termination or change of employment
|
||||
6.6 Confidentiality or non-disclosure agreements
|
||||
6.7 Remote working
|
||||
6.8 Information security event reporting
|
||||
7.1 Physical security perimeters
|
||||
7.2 Physical entry
|
||||
7.3 Securing offices, rooms and facilities
|
||||
7.4 Physical security monitoring
|
||||
7.5 Protecting against physical and environmental threats
|
||||
7.6 Working in secure areas
|
||||
7.7 Clear desk and clear screen
|
||||
7.8 Equipment siting and protection
|
||||
7.9 Security of assets off-premises
|
||||
7.10 Storage media
|
||||
7.11 Supporting utilities
|
||||
7.12 Cabling security
|
||||
7.13 Equipment maintenance
|
||||
7.14 Secure disposal or re-use of equipment
|
||||
8.1 User endpoint devices
|
||||
8.2 Privileged access rights
|
||||
8.3 Information access restriction
|
||||
8.4 Access to source code
|
||||
8.5 Secure authentication
|
||||
8.6 Capacity management
|
||||
8.7 Protection against malware
|
||||
8.8 Management of technical vulnerabilities
|
||||
8.9 Configuration management
|
||||
8.10 Information deletion
|
||||
8.11 Data masking
|
||||
8.12 Data leakage prevention
|
||||
8.13 Information backup
|
||||
8.14 Redundancy of information processing facilities
|
||||
8.15 Logging
|
||||
8.16 Monitoring activities
|
||||
8.17 Clock synchronization
|
||||
8.18 Use of privileged utility programs
|
||||
8.19 Installation of software on operational systems
|
||||
8.20 Networks security
|
||||
8.21 Security of network services
|
||||
8.22 Segregation of networks
|
||||
8.23 Web filtering
|
||||
8.24 Use of cryptography
|
||||
8.25 Secure development life cycle
|
||||
8.26 Application security requirements
|
||||
8.27 Secure system architecture and engineering principles
|
||||
8.28 Secure coding
|
||||
8.29 Security testing in development and acceptance
|
||||
8.30 Outsourced development
|
||||
8.31 Separation of development, test and production environments
|
||||
8.32 Change management
|
||||
8.33 Test information
|
||||
8.34 Protection of information systems during audit testing
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/a-5.10-Acceptable-use-of-information-and-other-associated-assets.md)
|
||||
[Plain English](../../../../iso27DIY-gis/reference/Paraphrased/ISO27002-2022-EN/ISO_27002_2022_5.10_PE%20Acceptable%20use%20of%20information%20and%20other%20associated%20assets.md)
|
||||
ISO 27002:2013: 08.1.3, 08.2.3
|
||||
|
||||
[Brontekst](../ISO-27002-OST/ISO27002-NL-2022/a-5.10-Aanvaardbaar-gebruik-van-informatie-en-andere-gerelateerde-bedrijfsmiddelen.md)
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/a-5.11-Return-of-assets.md)
|
||||
[[ISO_27002_2022_5.11_PE Return of assets \|Plain English]]
|
||||
ISO 27002:2013: 08.1.4
|
||||
|
||||
[Brontekst](../ISO-27002-OST/ISO27002-NL-2022/a-5.11-Retourneren-van-bedrijfsmiddelen.md)
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/a-5.12-Classification-of-information.md)
|
||||
[Plain English](../../../../iso27DIY-gis/reference/Paraphrased/ISO27002-2022-EN/ISO_27002_2022_5.12_PE%20Classification%20of%20information.md)
|
||||
ISO 27002:2013: 08.2.1
|
||||
|
||||
[Brontekst](../ISO-27002-OST/ISO27002-NL-2022/a-5.12-Classificeren-van-informatie.md)
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/a-5.13-Labelling-of-information.md)
|
||||
[Plain English](../../../../iso27DIY-gis/reference/Paraphrased/ISO27002-2022-EN/ISO_27002_2022_5.13_PE%20Labelling%20of%20information.md)
|
||||
ISO 27002:2013: 08.2.2
|
||||
|
||||
[Brontekst](../ISO-27002-OST/ISO27002-NL-2022/a-5.13-Labelen-van-informatie.md)
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/a-5.14-Information-transfer.md)
|
||||
[[ISO_27002_2022_5.14_PE Information transfer \|Plain English]]
|
||||
ISO 27002:2013: 13.2.1, 13.2.2, 13.2.3
|
||||
|
||||
[Brontekst](../ISO-27002-OST/ISO27002-NL-2022/a-5.14-Overdragen-van-informatie.md)
|
||||
|
|
@ -1,7 +0,0 @@
|
|||
# About Control 5.15: Access control
|
||||
|
||||
Foundational rules and principles to control access to information assets, in line with business and information security requirements.
|
||||
|
||||
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/a-5.15-Access-control.md)
|
||||
[[ISO_27002_2022_5.15_PE Access control \|Plain English]]
|
||||
ISO 27002:2013: 09.1.1, 09.1.2
|
||||
|
|
@ -1,9 +0,0 @@
|
|||
# About Control 5.16: Identity management
|
||||
|
||||
Identity life cycle management.
|
||||
|
||||
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/a-5.16-Identity-management.md)
|
||||
[[ISO_27002_2022_5.16_PE Identity management \|Plain English]]
|
||||
ISO 27002:2013: 09.2.1
|
||||
|
||||
[Brontekst](../ISO-27002-OST/ISO27002-NL-2022/a-5.16-Identiteitsbeheer.md)
|
||||
|
|
@ -1,22 +0,0 @@
|
|||
# About Control 5.17: Authentication information
|
||||
|
||||
Managing authentication information, including advising personnel on how to handle authentication information.
|
||||
|
||||
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/a-5.17-Authentication-information.md)
|
||||
[[ISO_27002_2022_5.17_PE Authentication information \|Plain English]]
|
||||
ISO 27002:2013: 09.2.4, 09.3.1, 09.4.3
|
||||
|
||||
[Brontekst](../ISO-27002-OST/ISO27002-NL-2022/a-5.17-Beheren-van-authenticatie-informatie.md)
|
||||
[Normaal Nederlands](../ISO-27002-OST/ISO27002-NL-2022/ISO_27002_2022_NL_5.17_NN%20Beheren%20van%20authenticatie-informatie.md)
|
||||
|
||||
|
||||
|
||||
[Sterke wachtwoorden in 2024](../../../../🎇%20Sparks/Sterke%20wachtwoorden%20in%202024.md)
|
||||
|
||||
**NCSC over authenticeren**
|
||||
- [Authenticatie als onderdeel van Digitale Weerbaarheid](https://www.ncsc.nl/wat-kun-je-zelf-doen/weerbaarheid/beschermen/authenticatie)
|
||||
- [NCSC Infosheet Volwassen Authenticeren](../../../../👩🏼⚖️%20Standards%20and%20Regulations/NCSC/NCSC%20Infosheet%20Volwassen%20Authenticeren.md)
|
||||
- [NCSC_Factsheet_Volwassen_Authenticeren](../../../../👩🏼⚖️%20Standards%20and%20Regulations/NCSC/NCSC_Factsheet_Volwassen_Authenticeren.md)
|
||||
- [NCSC Factsheet Gebruik Tweefactorauthenticatie](../../../../👩🏼⚖️%20Standards%20and%20Regulations/NCSC/NCSC%20Factsheet%20Gebruik%20Tweefactorauthenticatie.md)
|
||||
- [Choosing the right type](https://www.ncsc.gov.uk/guidance/authentication-methods-choosing-the-right-type)
|
||||
|
||||
|
|
@ -1,9 +0,0 @@
|
|||
# About Control 5.18: Access rights
|
||||
|
||||
Access rights management procedures (provisioning, review, modification and removal) in line with business rules for access control (from [A5.15](ISO_27002_2022_5.15_MoC%20Access%20control.md)).
|
||||
|
||||
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/a-5.18-Access-rights.md)
|
||||
[[ISO_27002_2022_5.18_PE Access rights \|Plain English]]
|
||||
ISO 27002:2013: 09.2.2, 09.2.5, 09.2.6
|
||||
|
||||
[Brontekst](../ISO-27002-OST/ISO27002-NL-2022/a-5.18-Toegangsrechten.md)
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/a-5.19-Information-security-in-supplier-relationships.md)
|
||||
[Plain English](../../../../iso27DIY-gis/reference/Paraphrased/ISO27002-2022-EN/ISO_27002_2022_5.19_PE%20Information%20security%20in%20supplier%20relationships.md)
|
||||
ISO 27002:2013: 15.1.1
|
||||
|
||||
[Brontekst](../ISO-27002-OST/ISO27002-NL-2022/a-5.19-Informatiebeveiliging-in-leveranciersrelaties.md)
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/a-5.20-Addressing-information-security-within-supplier-agreements.md)
|
||||
[Plain English](../../../../iso27DIY-gis/reference/Paraphrased/ISO27002-2022-EN/ISO_27002_2022_5.20_PE%20Addressing%20information%20security%20within%20supplier%20agreements.md)
|
||||
ISO 27002:2013: 15.1.2
|
||||
|
||||
[Brontekst](../ISO-27002-OST/ISO27002-NL-2022/a-5.20-Adresseren-van-informatiebeveiliging-in-leveranciersovereenkomsten.md)
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/a-5.21-Managing-information-security-in-the-ICT-supply-chain.md)
|
||||
[Plain English](../../../../iso27DIY-gis/reference/Paraphrased/ISO27002-2022-EN/ISO_27002_2022_5.21_PE%20Managing%20information%20security%20in%20the%20ICT%20supply%20chain.md)
|
||||
ISO 27002:2013: 15.1.3
|
||||
|
||||
[Brontekst](../ISO-27002-OST/ISO27002-NL-2022/a-5.21-Beheren-van-informatiebeveiliging-in-de-ICT-keten.md)
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/a-5.22-Monitoring-review-and-change-management-of-supplier-services.md)
|
||||
[Plain English](../../../../iso27DIY-gis/reference/Paraphrased/ISO27002-2022-EN/ISO_27002_2022_5.22_PE%20Monitoring,%20review%20and%20change%20management%20of%20supplier%20services.md)
|
||||
ISO 27002:2013: 15.2.1, 15.2.2
|
||||
|
||||
[Brontekst](../ISO-27002-OST/ISO27002-NL-2022/a-5.22-Monitoren-beoordelen-en-het-beheren-van-wijzigingen-van-leveranciersdiensten.md)
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/a-5.23-Information-security-for-use-of-cloud-services.md)
|
||||
[Plain English](../../../../iso27DIY-gis/reference/Paraphrased/ISO27002-2022-EN/ISO_27002_2022_5.23_PE%20Information%20security%20for%20use%20of%20cloud%20services.md)
|
||||
ISO 27002:2013: n/a
|
||||
|
||||
[Brontekst](../ISO-27002-OST/ISO27002-NL-2022/a-5.23-Informatiebeveiliging-voor-het-gebruik-van-clouddiensten.md)
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
# About Control 5.24: Information security incident management planning and preparation
|
||||
|
||||
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/a-5.24-Information-security-incident-management-planning-and-preparation.md)
|
||||
[Plain English](../../../../iso27DIY-gis/reference/Paraphrased/ISO27002-2022-EN/ISO_27002_2022_5.24_PE%20Information%20security%20incident%20management%20planning%20and%20preparation.md)
|
||||
ISO 27002:2013: 16.1.1
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
# About Control 5.25: Assessment and decision on information security events
|
||||
|
||||
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/a-5.25-Assessment-and-decision-on-information-security-events.md)
|
||||
[[ISO_27002_2022_5.25_PE Assessment and decision on information security events \|Plain English]]
|
||||
ISO 27002:2013: 16.1.4
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
# About Control 5.26: Response to information security incidents
|
||||
|
||||
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/a-5.26-Response-to-information-security-incidents.md)
|
||||
[[ISO_27002_2022_5.26_PE Response to information security incidents \|Plain English]]
|
||||
ISO 27002:2013: 16.1.5
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
# About Control 5.27: Learning from information security incidents
|
||||
|
||||
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/a-5.27-Learning-from-information-security-incidents.md)
|
||||
[Plain English](../../../../iso27DIY-gis/reference/Paraphrased/ISO27002-2022-EN/ISO_27002_2022_5.27_PE%20Learning%20from%20information%20security%20incidents.md)
|
||||
ISO 27002:2013: 16.1.6
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
# About Control 5.28: Collection of evidence
|
||||
|
||||
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/a-5.28-Collection-of-evidence.md)
|
||||
[[ISO_27002_2022_5.28_PE Collection of evidence \|Plain English]]
|
||||
ISO 27002:2013: 16.1.7
|
||||
|
||||
|
|
@ -1,8 +0,0 @@
|
|||
# About Control 5.29: Information security during disruption
|
||||
|
||||
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/a-5.29-Information-security-during-disruption.md)
|
||||
[[ISO_27002_2022_5.29_PE Information security during disruption \|Plain English]]
|
||||
ISO 27002:2013: 17.1.1, 17.1.2, 17.1.3
|
||||
|
||||
[Business Impact Analysis (BIA)](../../../../🎇%20Sparks/Business%20Impact%20Analysis%20(BIA).md)
|
||||
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/a-5.2-Information-security-roles-and-responsibilities.md)
|
||||
[Plain English](../../../../iso27DIY-gis/reference/Paraphrased/ISO27002-2022-EN/ISO_27002_2022_5.2_PE%20Information%20security%20roles%20and%20responsibilities.md)
|
||||
ISO 27002:2013: 06.1.1
|
||||
|
||||
[Brontekst](../ISO-27002-OST/ISO27002-NL-2022/a-5.2-Rollen-en-verantwoordelijkheden-bij-informatiebeveiliging.md)
|
||||
|
|
@ -1,12 +0,0 @@
|
|||
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/a-5.30-ICT-readiness-for-business-continuity.md)
|
||||
[Plain English](../../../../iso27DIY-gis/reference/Paraphrased/ISO27002-2022-EN/ISO_27002_2022_5.30_PE%20ICT%20readiness%20for%20business%20continuity.md)
|
||||
ISO 27002:2013: n/a
|
||||
|
||||
[Brontekst](../ISO-27002-OST/ISO27002-NL-2022/a-5.30-ICT-gereedheid-voor-bedrijfscontinuiteit.md)
|
||||
|
||||
|
||||
See also:
|
||||
- [BCP_Bedrijfscontinuïteitsplanning](../../../../📚️%20Literature%20notes/BCP_Bedrijfscontinuïteitsplanning.md)
|
||||
- [Business Impact Analysis (BIA)](../../../../🎇%20Sparks/Business%20Impact%20Analysis%20(BIA).md)
|
||||
- [Disaster Recovery Planning](../../../../🎇%20Sparks/Disaster%20Recovery%20Planning.md)
|
||||
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/a-5.31-Legal-statutory-regulatory-and-contractual-requirements.md)
|
||||
[[ISO_27002_2022_5.31_PE Legal, statutory, regulatory and contractual requirements \|Plain English]]
|
||||
ISO 27002:2013: 18.1.1, 18.1.5
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/a-5.32-Intellectual-property-rights.md)
|
||||
[Plain English](../../../../iso27DIY-gis/reference/Paraphrased/ISO27002-2022-EN/ISO_27002_2022_5.32_PE%20Intellectual%20property%20rights.md)
|
||||
ISO 27002:2013: 18.1.2
|
||||
|
|
@ -1,9 +0,0 @@
|
|||
# About 5.33: Protection of records
|
||||
|
||||
This Control is about the **control, purpose, and guidance for managing and protecting organizational records** to ensure their authenticity, integrity, availability, and compliance with various requirements over time.
|
||||
|
||||
I would say: record keeping procedures, in line with legal and other requirements.
|
||||
|
||||
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/a-5.33-Protection-of-records.md)
|
||||
[[ISO_27002_2022_5.33_PE Protection of records \|Plain English]]
|
||||
ISO 27002:2013: 18.1.3
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
|
||||
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/a-5.34-Privacy-and-protection-of-PII.md)
|
||||
[[ISO_27002_2022_5.34_PE Privacy and protection of PII \|Plain English]]
|
||||
ISO 27002:2013: 18.1.4
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
# About Control 5.35: Independent review of information security
|
||||
|
||||
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/a-5.35-Independent-review-of-information-security.md)
|
||||
[[ISO_27002_2022_5.35_PE Independent review of information security \|Plain English]]
|
||||
|
||||
ISO 27002:2013: 18.2.1
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
# About Control 5.36: Compliance with policies, rules and standards for information security
|
||||
|
||||
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/a-5.36-Compliance-with-policies-rules-and-standards-for-information-security.md)
|
||||
[[ISO_27002_2022_5.36_PE Compliance with policies, rules and standards for information security \|Plain English]]
|
||||
ISO 27002:2013: 18.2.2, 18.2.3
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/a-5.37-Documented-operating-procedures.md)
|
||||
|
||||
[[ISO_27002_2022_5.37_PE Documented operating procedures \|Plain English]]
|
||||
ISO 27002:2013: 12.1.1
|
||||
|
||||
|
||||
|
|
@ -1,7 +0,0 @@
|
|||
# About Control 5.3: Segregation of duties
|
||||
|
||||
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/a-5.3-Segregation-of-duties.md)
|
||||
[Plain English](../../../../iso27DIY-gis/reference/Paraphrased/ISO27002-2022-EN/ISO_27002_2022_5.3_PE%20Segregation%20of%20duties.md)
|
||||
ISO 27002:2013: 06.1.2
|
||||
|
||||
[Brontekst](../ISO-27002-OST/ISO27002-NL-2022/a-5.3-Functiescheiding.md)
|
||||
|
|
@ -1,7 +0,0 @@
|
|||
# About Control 5.4: Management responsibilities
|
||||
|
||||
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/a-5.4-Management-responsibilities.md)
|
||||
[[ISO_27002_2022_5.4_PE Management responsibilities \|Plain English]]
|
||||
ISO 27002:2013: 07.2.1
|
||||
|
||||
[Brontekst](../ISO-27002-OST/ISO27002-NL-2022/a-5.4-Managementverantwoordelijkheden.md)
|
||||
|
|
@ -1,7 +0,0 @@
|
|||
# About Control 5.5: Contact with authorities
|
||||
|
||||
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/a-5.5-Contact-with-authorities.md)
|
||||
[[ISO_27002_2022_5.5_PE Contact with authorities \|Plain English]]
|
||||
ISO 27002:2013: 06.1.3
|
||||
|
||||
[Brontekst](../ISO-27002-OST/ISO27002-NL-2022/a-5.5-Contact-met-overheidsinstanties.md)
|
||||
|
|
@ -1,7 +0,0 @@
|
|||
# About Control 5.6: Contact with special interest groups
|
||||
|
||||
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/a-5.6-Contact-with-special-interest-groups.md)
|
||||
[[ISO_27002_2022_5.6_PE Contact with special interest groups \|Plain English]]
|
||||
ISO 27002:2013: 6.1.4
|
||||
|
||||
[Brontekst](../ISO-27002-OST/ISO27002-NL-2022/a-5.6-Contact-met-speciale-belangengroepen.md)
|
||||
|
|
@ -1,8 +0,0 @@
|
|||
# About control 5.7: Threat intelligence
|
||||
|
||||
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/a-5.7-Threat-intelligence.md)
|
||||
[Plain English](../../../../iso27DIY-gis/reference/Paraphrased/ISO27002-2022-EN/ISO_27002_2022_5.7_PE%20Threat%20intelligence.md)
|
||||
|
||||
ISO 27002:2013: n/a
|
||||
|
||||
[NL Brontekst](../ISO-27002-OST/ISO27002-NL-2022/a-5.7-Informatie-en-analyses-over-dreigingen.md)
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/a-5.8-Information-security-in-project-management.md)
|
||||
[Plain English](../../../../iso27DIY-gis/reference/Paraphrased/ISO27002-2022-EN/ISO_27002_2022_5.8_PE%20Information%20security%20in%20project%20management.md)
|
||||
ISO 27002:2013: 06.1.5, 14.1.1
|
||||
|
||||
[Brontekst](../ISO-27002-OST/ISO27002-NL-2022/a-5.8-Informatiebeveiliging-in-projectmanagement.md)
|
||||
|
|
@ -1,10 +0,0 @@
|
|||
# Control 5.9 Inventory of information and other associated assets
|
||||
|
||||
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/a-5.9-Inventory-of-information-and-other-associated-assets.md)
|
||||
[[ISO_27002_2022_5.9_PE Inventory of information and other associated assets \|Plain English]]
|
||||
ISO 27002:2013: 08.1.1, 08.1.2
|
||||
|
||||
[Brontekst](../ISO-27002-OST/ISO27002-NL-2022/a-5.9-Inventarisatie-van-informatie-en-andere-gerelateerde-bedrijfsmiddelen.md)
|
||||
|
||||
The inventory serves as input for the [Business Impact Analysis (BIA)](../../../../🎇%20Sparks/Business%20Impact%20Analysis%20(BIA).md)
|
||||
[ISO_27001_2022_00_MoC Index EXT](ISO_27001_2022_00_MoC%20Index%20EXT.md)
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/a-6.1-Screening.md)
|
||||
|
||||
[[ISO_27002_2022_6.1_PE Screening \|Plain English]]
|
||||
ISO 27002:2013: 07.1.1
|
||||
|
||||
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/a-6.2-Terms-and-conditions-of-employment.md)
|
||||
|
||||
[[ISO_27002_2022_6.2_PE Terms and conditions of employment \|Plain English]]
|
||||
ISO 27002:2013: 07.1.2
|
||||
|
||||
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/a-6.3-Information-security-awareness-education-and-training.md)
|
||||
|
||||
[[ISO_27002_2022_6.3_PE Information security awareness, education and training \|Plain English]]
|
||||
ISO 27002:2013: 07.2.2
|
||||
|
||||
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/a-6.4-Disciplinary-process.md)
|
||||
[[ISO_27002_2022_6.4_PE Disciplinary process \|Plain English]]
|
||||
ISO 27002:2013: 07.2.3
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/a-6.5-Responsibilities-after-termination-or-change-of-employment.md)
|
||||
[[ISO_27002_2022_6.5_PE Responsibilities after termination or change of employment \|Plain English]]
|
||||
ISO 27002:2013: 07.3.1
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/a-6.6-Confidentiality-or-non-disclosure-agreements.md)
|
||||
[[ISO_27002_2022_6.6_PE Confidentiality or non-disclosure agreements \|Plain English]]
|
||||
ISO 27002:2013: 13.2.4
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/a-6.7-Remote-working.md)
|
||||
[[ISO_27002_2022_6.7_PE Remote working \|Plain English]]
|
||||
ISO 27002:2013: 06.2.2
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/a-6.8-Information-security-event-reporting.md)
|
||||
|
||||
[[ISO_27002_2022_6.8_PE Information security event reporting \|Plain English]]
|
||||
ISO 27002:2013: 16.1.2, 16.1.3
|
||||
|
||||
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/a-7.10-Storage-media.md)
|
||||
[[ISO_27002_2022_7.10_PE Storage media \|Plain English]]
|
||||
ISO 27002:2013: 08.3.1, 08.3.2, 08.3.3, 11.2.5
|
||||
|
|
@ -1,7 +0,0 @@
|
|||
# About Control 7.11: Supporting utilities
|
||||
|
||||
Protecting information processing facilities from power failures and other utilities disruptions.
|
||||
|
||||
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/a-7.11-Supporting-utilities.md)
|
||||
[[ISO_27002_2022_7.11_PE Supporting utilities \|Plain English]]
|
||||
ISO 27002:2013: 11.2.2
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/a-7.12-Cabling-security.md)
|
||||
[[ISO_27002_2022_7.12_PE Cabling security \|Plain English]]
|
||||
ISO 27002:2013: 11.2.3
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/a-7.13-Equipment-maintenance.md)
|
||||
[[ISO_27002_2022_7.13_PE Equipment maintenance \|Plain English]]
|
||||
ISO 27002:2013: 11.2.4
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/a-7.14-Secure-disposal-or-re-use-of-equipment.md)
|
||||
[[ISO_27002_2022_7.14_PE Secure disposal or re-use of equipment \|Plain English]]
|
||||
ISO 27002:2013: 11.2.7
|
||||
|
|
@ -1,7 +0,0 @@
|
|||
# About control 7.1: Physical security perimeters
|
||||
|
||||
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/a-7.1-Physical-security-perimeters.md)
|
||||
[[ISO_27002_2022_7.1_PE Physical security perimeters \|Plain English]]
|
||||
ISO 27002:2013: 11.1.1
|
||||
|
||||
[Physical security in ISO 27001](../../../../👩🏼⚖️%20Standards%20and%20Regulations/ISO%2027K/Physical%20security%20in%20ISO%2027001.md)
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/a-7.2-Physical-entry.md)
|
||||
[[ISO_27002_2022_7.2_PE Physical entry \|Plain English]]
|
||||
ISO 27002:2013: 11.1.2, 11.1.6
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/a-7.3-Securing-offices-rooms-and-facilities.md)
|
||||
[[ISO_27002_2022_7.3_PE Securing offices, rooms and facilities \|Plain English]]
|
||||
ISO 27002:2013: 11.1.3
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/a-7.4-Physical-security-monitoring.md)
|
||||
[[ISO_27002_2022_7.4_PE Physical security monitoring \|Plain English]]
|
||||
ISO 27002:2013: n/a
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/a-7.5-Protecting-against-physical-and-environmental-threats.md)
|
||||
[[ISO_27002_2022_7.5_PE Protecting against physical and environmental threats \|Plain English]]
|
||||
ISO 27002:2013: 11.1.4
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/a-7.6-Working-in-secure-areas.md)
|
||||
[[ISO_27002_2022_7.6_PE Working in secure areas \|Plain English]]
|
||||
ISO 27002:2013: 11.1.5
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/a-7.7-Clear-desk-and-clear-screen.md)
|
||||
[[ISO_27002_2022_7.7_PE Clear desk and clear screen \|Plain English]]
|
||||
ISO 27002:2013: 11.2.9
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/a-7.8-Equipment-siting-and-protection.md)
|
||||
[[ISO_27002_2022_7.8_PE Equipment siting and protection \|Plain English]]
|
||||
ISO 27002:2013: 11.2.1
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/a-7.9-Security-of-assets-off-premises.md)
|
||||
[[ISO_27002_2022_7.9_PE Security of assets off-premises \|Plain English]]
|
||||
ISO 27002:2013: 11.2.6
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/a-8.10-Information-deletion.md)
|
||||
[[ISO_27002_2022_8.10_PE Information deletion \|Plain English]]
|
||||
ISO 27002:2013: n/a
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/a-8.11-Data-masking.md)
|
||||
[[ISO_27002_2022_8.11_PE Data masking \|Plain English]]
|
||||
ISO 27002:2013: n/a
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/a-8.12-Data-leakage-prevention.md)
|
||||
[[ISO_27002_2022_8.12_PE Data leakage prevention \|Plain English]]
|
||||
ISO 27002:2013: n/a
|
||||
Some files were not shown because too many files have changed in this diff Show more
Loading…
Add table
Add a link
Reference in a new issue