diff --git a/Corpus/Standards/ISO 27002 Themes and Attributes.md b/Corpus/Standards/ISO 27002 Themes and Attributes.md deleted file mode 100644 index f74b99c..0000000 --- a/Corpus/Standards/ISO 27002 Themes and Attributes.md +++ /dev/null @@ -1,61 +0,0 @@ -# ISO 27002 Themes and Attributes - -## Themes -In ISO 27002, controls are categorized into four main themes: -* **Organizational** (Clause 5) -* **People** (Clause 6) -* **Physical** (Clause 7) -* **Technological** (Clause 8) - -## Attributes -Every control is associated with five attributes, which allow organizations to view and categorize the controls from different perspectives. The attributes and their possible values are: - -### 1. Control Type -Views controls from the perspective of when and how the control modifies risk regarding the occurrence of an information security incident. -* Preventive -* Detective -* Corrective - -### 2. Information Security Properties -Views controls from the perspective of which characteristic of information the control contributes to preserving. -* Confidentiality -* Integrity -* Availability - -### 3. Cybersecurity Concepts -Based on the cybersecurity framework concepts defined in ISO/IEC TS 27110. - -|**Attribute**|**Description**|**Purpose**|**Control Examples**| -|---|---|---|---| -|**Identify**|Activities to understand the business context, the resources that support critical functions, and the related risks.|To develop the organizational understanding to manage risk to systems, assets, data, and capabilities.|Inventory of information (5.9), Risk assessment (5.1), Identification of legal requirements (5.31).| -|**Protect**|Safeguards to ensure the delivery of critical infrastructure services and limit the impact of a potential security event.|To prevent or contain the impact of a potential cybersecurity event.|Access control (8.3), Information encryption (8.24), Secure authentication (8.5), Physical security (7.1).| -|**Detect**|Activities to identify the occurrence of a cybersecurity event in a timely manner.|To enable timely discovery of security events to minimize damage.|Logging (8.15), Monitoring activities (8.16), Intrusion detection (8.1).| -|**Respond**|Actions taken regarding a detected cybersecurity incident to contain its impact.|To take action once an incident is discovered to keep it from spreading or getting worse.|Incident response planning (5.24), Reporting events (5.25), Incident management (5.26).| -|**Recover**|Activities to restore any capabilities or services that were impaired due to a cybersecurity incident.|To restore "business as usual" and support timely resilience.|Backup (8.13), ICT readiness for business continuity (5.30), Post-incident learning.| -### 4. Operational Capabilities -The Operational Capabilities help practitioners understand the functional area a control belongs to. - -|**Capability**|**Description**| -|---|---| -|**Governance**|Policies, frameworks, and management oversight.| -|**Asset Management**|Identification and protection of information assets and hardware.| -|**Information Protection**|Technical and organizational measures to keep data secure.| -|**Human Resource Security**|Security relating to the lifecycle of employment (hiring to termination).| -|**Physical Security**|Protecting physical premises, equipment, and facilities.| -|**System and Network Security**|Hardening infrastructure, managing traffic, and securing connections.| -|**Application Security**|Security within software development and business applications.| -|**Secure Configuration**|Standardizing settings for hardware, software, and services.| -|**Identity and Access Management**|Managing who can access what (IAM).| -|**Threat and Vulnerability Management**|Identifying risks and patching security holes.| -|**Continuity**|Resilience and recovery planning for disruptions.| -|**Supplier Relationships Security**|Managing risks from third parties and the supply chain.| -|**Legal and Compliance**|Meeting laws, regulations, and contractual obligations.| -|**Information Security Assurance**|Auditing and monitoring to ensure controls are working.| -|**Information Security Incident Management**|Detecting and responding to security events.| - -**5. Security Domains** -Views controls from the perspective of four high-level information security domains. -* Governance_and_Ecosystem -* Protection -* Defence -* Resilience \ No newline at end of file