Cleaned up Literature folder

Corpus/Standards/ISO27x/PECB-Lead-Auditor-Training/PECB 27001 LA S05 E02a - Risk assessment and analysis.md

@@ -14,7 +14,7 @@ Clause 6.1.2, on the other hand, *is* about information security risks.
 
 ## Clause 6.1.2: Information security risk assessment
 
-Where [Clause 6.1.1](../../../MoCs/ISO_27001_2022_6.1.1_MoC%20General.md) is about risks to the *ISMS*, [Clause 6.1.2](../../../MoCs/ISO_27001_2022_6.1.2_MoC%20Information%20security%20risk%20assessment.md), on the other hand, is about risks to the *security of information*. 
+Where [Clause 6.1.1](../../../MoCs/ISO_27001_2022_6.1.1_MoC%20General.md) is about risks to the *ISMS*, [Clause 6.1.2](../../../ISMS/Qualifying%20vs%20quantifying%20risks.md), on the other hand, is about risks to the *security of information*. 
 
 Clause 6.1.2 states that the organization shall define and apply an information security **risk assessment process** that does a number of things, starting with the establishment, and following maintenance, of **risk criteria**. You may think of this as setting rules for the organization, to understand what  information security risks *are*.
 

Corpus/Standards/ISO27x/PECB-Lead-Auditor-Training/PECB 27001 LA S05 E02b - Objectives and planning.md

@@ -4,7 +4,7 @@
 
  The information security objectives the organization identifies shall:
  - be consistent with information security policy ([C5.1](../../../MoCs/ISO_27001_2022_5.1_MoC%20Leadership%20and%20commitment.md), [A5.1](../legacy/iso27DIY%20mk%20I/ISO_27002_2022_5.1_MoC%20Policies%20for%20information%20security.md))
- - results from the risk assessment ([6.1.2](../../../MoCs/ISO_27001_2022_6.1.2_MoC%20Information%20security%20risk%20assessment.md)) and risk treatment ([6.1.3e](../../../MoCs/ISO_27001_2022_6.1.3_MoC%20Information%20security%20risk%20treatment.md))
+ - results from the risk assessment ([6.1.2](../../../ISMS/Qualifying%20vs%20quantifying%20risks.md)) and risk treatment ([6.1.3e](../../../MoCs/ISO_27001_2022_6.1.3_MoC%20Information%20security%20risk%20treatment.md))
  - take into account applicable information security requirements ([4.2](../../../MoCs/ISO_27001_2022_4.2_MoC%20Understanding%20the%20needs%20and%20expectations%20of%20interested%20parties.md), needs and expectations of interested parties),
  - be measurable (if practicable, see below)
 

Corpus/Standards/ISO27x/PECB-Lead-Auditor-Training/PECB 27001 LA S05 E03a - Risk treatment.md

@@ -50,4 +50,4 @@ The controls in Annex A are often described in just one or two sentences. You mu
 ## Footnotes
 
 [^1]: There's also a [Clause 8.3](../../../MoCs/ISO_27001_2022_8.3_MoC%20Information%20security%20risk%20treatment.md) Information security risk treatment in ISO 27001. It's very short: The organization shall implement the information security risk treatment plan, and it shall retain documented information on the treatments' results.
-[^2]: See also [About the Statement of Applicability](../../../Sparks/ISMS/About%20the%20Statement%20of%20Applicability.md).
+[^2]: See also [About the Statement of Applicability](../../../ISMS/About%20the%20Statement%20of%20Applicability.md).

Corpus/Standards/ISO27x/PECB-Lead-Auditor-Training/PECB 27001 LA S05 E05a - Operation.md

@@ -10,7 +10,7 @@ Clause 8, Operation, has three parts to it:
 
 So let's have a look at [Clause 8.1](../../../MoCs/ISO_27001_2022_8.1_MoC%20Operational%20planning%20and%20control.md) Operational Planning and Control.
 
-In Clause 6, part of the Plan phase,  we looked at information security assessment and risk treatment, and the outcomes where a risk assessment *process*, a risk treatment plan, and a list of the controls we'd implement in the form of a statement of applicability (clauses [6.1.2](../../../MoCs/ISO_27001_2022_6.1.2_MoC%20Information%20security%20risk%20assessment.md) and [6.1.3](../../../MoCs/ISO_27001_2022_6.1.3_MoC%20Information%20security%20risk%20treatment.md)).
+In Clause 6, part of the Plan phase,  we looked at information security assessment and risk treatment, and the outcomes where a risk assessment *process*, a risk treatment plan, and a list of the controls we'd implement in the form of a statement of applicability (clauses [6.1.2](../../../ISMS/Qualifying%20vs%20quantifying%20risks.md) and [6.1.3](../../../MoCs/ISO_27001_2022_6.1.3_MoC%20Information%20security%20risk%20treatment.md)).
 
 Clause 8 is part of the Do phase, and describes how we will execute the actions from Clause 6, to confirm that the risk assessments are actually being carried out and that the risk treatment plans and controls are actually being implemented. This is the subject of Clause 8.1.
 

Corpus/Standards/ISO27x/PECB-Lead-Auditor-Training/PECB 27001 LA S05 E05b - Performance evaluation.md

@@ -17,7 +17,7 @@ It's important to note that an organization is *not* expected to monitor, measur
 
 As the standard itself doesn't prescribe *what* to monitor, your best choice is taking the security objectives as a starting point. So what and how will the organization measure and check whether those objectives (from [6.2](../../../MoCs/ISO_27001_2022_6.2_MoC%20Information%20security%20objectives%20and%20planning%20to%20achieve%20them.md)) are being fulfilled.
 
-Other focus points may be controls that are implemented to deal with significant risks (from [6.1.2](../../../MoCs/ISO_27001_2022_6.1.2_MoC%20Information%20security%20risk%20assessment.md)), and legal and regulatory compliance.
+Other focus points may be controls that are implemented to deal with significant risks (from [6.1.2](../../../ISMS/Qualifying%20vs%20quantifying%20risks.md)), and legal and regulatory compliance.
 
 Besides identifying what to monitor, the organization must determine how frequently those measurements will take place, who will be taking them, and which actions will be taken in response.