diff --git a/AuditGlue/System alternative/Using AI to create policies.md b/AuditGlue/System alternative/Using AI to create policies.md index e86c61e..4de8472 100644 --- a/AuditGlue/System alternative/Using AI to create policies.md +++ b/AuditGlue/System alternative/Using AI to create policies.md @@ -22,7 +22,7 @@ Examples: 4. develop interventions based on these differences **Threat analysis** -- do a threat analysis, see [Create a threat analysis chatbot](../../Corpus/Drafts%20and%20Ideas/Controls/Create%20a%20threat%20analysis%20chatbot.md) +- do a threat analysis, see [Create a threat analysis chatbot](../../Corpus/Sparks/Create%20a%20threat%20analysis%20chatbot.md) **Policy drafting** diff --git a/Corpus/Drafts and Ideas/About iso27diy/Essence of the ISMS.md b/Corpus/Drafts and Ideas/About iso27diy/Essence of the ISMS.md deleted file mode 100644 index e69de29..0000000 diff --git a/Corpus/Drafts and Ideas/Identification.md b/Corpus/Drafts and Ideas/Identification.md deleted file mode 100644 index 5b47a10..0000000 --- a/Corpus/Drafts and Ideas/Identification.md +++ /dev/null @@ -1,7 +0,0 @@ -# Identification -Identification is the claim of a subject of its identity. - -See also: -- [Authentication](../Standards/ISO27x/Authentication.md) -- [Authorization](../Standards/ISO27x/Authorization.md) -- [Identity and Access Management (IAM)](Identity%20and%20Access%20Management%20(IAM).md) diff --git a/Corpus/Drafts and Ideas/Identity and Access Management (IAM).md b/Corpus/Drafts and Ideas/Identity and Access Management (IAM).md deleted file mode 100644 index ea96326..0000000 --- a/Corpus/Drafts and Ideas/Identity and Access Management (IAM).md +++ /dev/null @@ -1,14 +0,0 @@ -## How IAM works - -With IAM, you manage access control by defining _who_ (identity) has _what access_ (role) for _which resource_. For example, Compute Engine virtual machine instances, Google Kubernetes Engine (GKE) clusters, and Cloud Storage buckets are all Google Cloud resources. The organizations, folders, and projects that you use to organize your resources are also resources. - -In IAM, permission to access a resource isn't granted _directly_ to the end user. Instead, permissions are grouped into _roles_, and roles are granted to authenticated _principals_. (In the past, IAM often referred to principals as _members_. Some APIs still use this term.) - -An _allow policy_, also known as an _IAM policy_, defines and enforces what roles are granted to which principals. Each allow policy is attached to a resource. When an authenticated principal attempts to access a resource, IAM checks the resource's allow policy to determine whether the action is permitted. - -See: -- [Identification](Identification.md) – "This is who I am" -- [Authentication](../Standards/ISO27x/Authentication.md) – "This is how I prove it" -- [Authorization](../Standards/ISO27x/Authorization.md) – "... then this is what you get access to" -- [CISSP_Domain_5_1](../Standards/CISSP/CISSP_Domain_5_1.md), [CISSP_Domain_5_2](../Standards/CISSP/CISSP_Domain_5_2.md) -- [Roles in Identity and Access Management (IAM)](../Literature%20notes/Roles%20in%20Identity%20and%20Access%20Management%20(IAM).md) \ No newline at end of file diff --git a/Corpus/Drafts and Ideas/Labeling of information in the digital domain.md b/Corpus/Drafts and Ideas/Labeling of information in the digital domain.md deleted file mode 100644 index 474c309..0000000 --- a/Corpus/Drafts and Ideas/Labeling of information in the digital domain.md +++ /dev/null @@ -1,18 +0,0 @@ -[ISO 27001 A 8.2.2 Labelling of information](../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%208.2.2%20Labelling%20of%20information.md) makes procedures for information labelling in accordance with the classification scheme mandatory. - -For physical assets it’s straightforward: a ‘restricted area’ sign on the door to the server room, a ‘classified’ mark on a folder, a ‘privacy sensitive’ sticker on a backup tape, etc. - -But how would you implement labeling in the digital domain of databases, file systems, SaaS environments, etc.? - -Brahman Thiyagalingham suggested in [this LinkedIn thread](https://www.linkedin.com/feed/update/urn:li:activity:6878704465160007680/?commentUrn=urn%3Ali%3Acomment%3A(groupPost%3A67493-6878704464929316864%2C6878973141931094016)&replyUrn=urn%3Ali%3Acomment%3A(groupPost%3A67493-6878704464929316864%2C6879367802243866624)) that, to ensure the proper handling of (digital) information assets, you would rely on "something like a proper RBAC model, Identity Access solution with a PAM, DRM and DLP". Implying the concept of labeling has been replaced by applying these tools. - -It could be said that these tools apply labeling implicitely, because effective implementation of these solutions requires that the solution ’knows’ what forms of protection each information asset needs. -That means classifying information assets (control 8.2.1) and determining acceptable use (control 8.1.3). -Labeling of digital information assets ‘close to the source’ – e.g. assign a classification-label to a database column – will help create a consistent approach across individual solutions. - -Looking at it that way, any metadata that helps ensure the acceptable use and proper handling of information assets could be identified as ‘labeling’. A data dictionary that contains classification information could also be considered to use labeling. - -Related: -- [ISO 27001 A 8.2.1 Classification of information](../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%208.2.1%20Classification%20of%20information.md) -- [ISO 27001 A 8.1.3 Acceptable use of assets](../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%208.1.3%20Acceptable%20use%20of%20assets.md) -- [[Enforcement tooling]] \ No newline at end of file diff --git a/Corpus/Drafts and Ideas/Three user modes for AuditGlue.md b/Corpus/Drafts and Ideas/Three user modes for AuditGlue.md deleted file mode 100644 index 6e936ba..0000000 --- a/Corpus/Drafts and Ideas/Three user modes for AuditGlue.md +++ /dev/null @@ -1,5 +0,0 @@ -I foresee different user modes for AuditGlue: - -- Guided implementation: the novice user is taken step by step through the process of setting up the ISMS, including the identification of risks and the definition of controls. There is a lot of content (text, animations, video's) explaining the process and ISO 27001. -- Operational: aimed at users with ISO 27001 domain knowledge and experience. Offers traditional GRC software forms and dashboards -- Audits: offers an interface to facilitate internal and external audits. Based on a matrix with the ISO 27001 clauses and controls, against columns for identified risks, defined controls, stated policies, implementation (planned or achieved), measurements, monitoring activities, and evaluation outcomes. Each cell contains (links to) proofs. \ No newline at end of file diff --git a/Corpus/Information security concepts MoC.md b/Corpus/Information security concepts MoC.md index 578f8cd..8dd0d4b 100644 --- a/Corpus/Information security concepts MoC.md +++ b/Corpus/Information security concepts MoC.md @@ -5,71 +5,71 @@ Related: tags: - type/MoC --- -[Assets](🎇%20Sparks/Assets.md) +[Assets](/Assets.md) [NIST Asset Types](📚️%20Literature%20notes/NIST%20Asset%20Types.md) [Asset lifecycle](📚️%20Literature%20notes/Asset%20lifecycle.md) - [Asset ownership](🎇%20Sparks/Asset%20ownership.md) + [Asset ownership](/Asset%20ownership.md) [[Asset ownership DEL]] [Assets, Vulnerabilities, Threats, Risks](📚️%20Literature%20notes/Assets,%20Vulnerabilities,%20Threats,%20Risks.md) -[Assets, Vulnerabilities, Threats, Risks](🎇%20Sparks/Assets,%20Vulnerabilities,%20Threats,%20Risks.md) +[Assets, Vulnerabilities, Threats, Risks](/Assets,%20Vulnerabilities,%20Threats,%20Risks.md) [Attack Surface Analysis](📚️%20Literature%20notes/Attack%20Surface%20Analysis.md) [Authentication](Standards/ISO27x/Authentication.md) - [Multi-factor authentication](🎇%20Sparks/Multi-factor%20authentication.md) (MFA) - [Passwordless Authentication](🎇%20Sparks/Passwordless%20Authentication.md) - [Risk-Based Authentication](🎇%20Sparks/Risk-Based%20Authentication.md) + [Multi-factor authentication](/Multi-factor%20authentication.md) (MFA) + [Passwordless Authentication](/Passwordless%20Authentication.md) + [Risk-Based Authentication](/Risk-Based%20Authentication.md) [Single Sign On (SSO)](📚️%20Literature%20notes/Single%20Sign%20On%20(SSO).md) - [Tokens](🎇%20Sparks/Tokens.md) + [Tokens](/Tokens.md) [Authorization](Standards/ISO27x/Authorization.md) - [Access Control](🎇%20Sparks/Access%20Control.md) -[Awareness](🎇%20Sparks/Awareness.md) + [Access Control](/Access%20Control.md) +[Awareness](/Awareness.md) [BCP_Bedrijfscontinuïteitsplanning](📚️%20Literature%20notes/BCP_Bedrijfscontinuïteitsplanning.md) - [Business Impact Analysis (BIA)](🎇%20Sparks/Business%20Impact%20Analysis%20(BIA).md) - [Disaster Recovery Planning](🎇%20Sparks/Disaster%20Recovery%20Planning.md) + [Business Impact Analysis (BIA)](/Business%20Impact%20Analysis%20(BIA).md) + [Disaster Recovery Planning](/Disaster%20Recovery%20Planning.md) [Change management MoC](MoCs/Change%20management%20MoC.md) -[Classification](🎇%20Sparks/Classification.md) -[Compliance](🎇%20Sparks/Compliance.md) +[Classification](/Classification.md) +[Compliance](/Compliance.md) [Data Breach](💡Permanent%20ideas/Data%20Breach.md) [Data Governance](📚️%20Literature%20notes/Data%20Governance.md) Frameworks [ISO 27k family](../../iso27DIY-gis/reference/Examples/ISO%2027k%20family.md) [NIST articles list](Standards/NIST/NIST%20articles%20list.md) -[Governance](🎇%20Sparks/Governance.md) +[Governance](/Governance.md) [[Hardening]] -[Identity and Access Management (IAM)](💡Drafts%20and%20Ideas/Identity%20and%20Access%20Management%20(IAM).md) - [Identification](💡Drafts%20and%20Ideas/Identification.md) +[Identity and Access Management (IAM)](Sparks/Identity%20and%20Access%20Management%20(IAM).md) + [Identification](Sparks/Identification.md) [Authentication](Standards/ISO27x/Authentication.md) [Authorization](Standards/ISO27x/Authorization.md) Impact [Change management MoC](MoCs/Change%20management%20MoC.md) - [Impact of Disruption](💡Drafts%20and%20Ideas/Impact%20of%20Disruption.md) -[Incidents](🎇%20Sparks/Incidents.md) + [Impact of Disruption](Sparks/Impact%20of%20Disruption.md) +[Incidents](/Incidents.md) [Maturity Models](📚️%20Literature%20notes/Maturity%20Models.md) [Metrics](📚️%20Literature%20notes/InfoSec%20Metrics.md) -[Operational Technology](💡Drafts%20and%20Ideas/Operational%20Technology.md) or OT Security +[Operational Technology](Sparks/Operational%20Technology.md) or OT Security [Policies](📚️%20Literature%20notes/Policies.md) [[Posture Management]] -[Ransomware](🎇%20Sparks/Ransomware.md) -[Risks](🎇%20Sparks/Risks.md) - [Risk analysis](🎇%20Sparks/Risk%20analysis.md) - [Risk appetite](💡Drafts%20and%20Ideas/Risk%20appetite.md) - [Risk inventories](🎇%20Sparks/Risk%20inventories.md) - [Risk management](🎇%20Sparks/Risk%20management.md) - [Risk ownership](🎇%20Sparks/Risk%20ownership.md) - [Risk ownership](🎇%20Sparks/Risk%20ownership.md) - [Risk prioritization](🎇%20Sparks/Risk%20prioritization.md) - [Risk tolerance](🎇%20Sparks/Risk%20tolerance.md) - [Risk treatment](🎇%20Sparks/Risk%20treatment.md) - [Risks vs Threats vs Vulnerabilities](🎇%20Sparks/Risks%20vs%20Threats%20vs%20Vulnerabilities.md) -[Roles and Responsibilities](🎇%20Sparks/Roles%20and%20Responsibilities.md) +[Ransomware](/Ransomware.md) +[Risks](/Risks.md) + [Risk analysis](/Risk%20analysis.md) + [Risk appetite 1](Sparks/Risk%20appetite%201.md) + [Risk inventories](/Risk%20inventories.md) + [Risk management](/Risk%20management.md) + [Risk ownership](/Risk%20ownership.md) + [Risk ownership](/Risk%20ownership.md) + [Risk prioritization](/Risk%20prioritization.md) + [Risk tolerance](/Risk%20tolerance.md) + [Risk treatment](/Risk%20treatment.md) + [Risks vs Threats vs Vulnerabilities](/Risks%20vs%20Threats%20vs%20Vulnerabilities.md) +[Roles and Responsibilities](/Roles%20and%20Responsibilities.md) [Threat](📚️%20Literature%20notes/Threat.md) - [Threat Intelligence](🎇%20Sparks/Threat%20Intelligence.md) + [Threat Intelligence](/Threat%20Intelligence.md) [Security Threat Modeling](📚️%20Literature%20notes/Security%20Threat%20Modeling.md) [Privacy Threat Modeling](📚️%20Literature%20notes/Privacy%20Threat%20Modeling.md) - [AI Threat Modeling](🎇%20Sparks/AI%20Threat%20Modeling.md) + [AI Threat Modeling](/AI%20Threat%20Modeling.md) [Threat Catalogues](📚️%20Literature%20notes/Threat%20Catalogues.md) -[Vendor security MoC](🎇%20Sparks/Vendor%20security%20MoC.md) or Supply chain security -[Vulnerability](💡Drafts%20and%20Ideas/Vulnerability.md) - [Bug bounty program](🎇%20Sparks/Bug%20bounty%20program.md) +[Vendor security MoC](/Vendor%20security%20MoC.md) or Supply chain security +[Vulnerability 1](Sparks/Vulnerability%201.md) + [Bug bounty program](/Bug%20bounty%20program.md) [Zero Trust](📚️%20Literature%20notes/Zero%20Trust.md) diff --git a/Corpus/Literature notes/Assets, Vulnerabilities, Threats, Risks.md b/Corpus/Literature notes/Assets, Vulnerabilities, Threats, Risks.md index 0e31561..59d3996 100644 --- a/Corpus/Literature notes/Assets, Vulnerabilities, Threats, Risks.md +++ b/Corpus/Literature notes/Assets, Vulnerabilities, Threats, Risks.md @@ -8,10 +8,10 @@ A risk occurs when there's a chance of an asset being compromised, through the e Adapted from source: [Vigilant Software](https://www.vigilantsoftware.co.uk/blog/risk-terminology-understanding-assets-threats-and-vulnerabilities), retrieved December 8, 2021. -[Assets](../🎇%20Sparks/Assets.md) -[Vulnerability](../💡Drafts%20and%20Ideas/Vulnerability.md) +[Assets](../Sparks/Assets.md) +[Vulnerability 1](../Sparks/Vulnerability%201.md) [Threat](Threat.md) -[Risks](../🎇%20Sparks/Risks.md) - +[Risks](../Sparks/Risks.md) + diff --git a/Corpus/Literature notes/BCP_Bedrijfscontinuïteitsplanning.md b/Corpus/Literature notes/BCP_Bedrijfscontinuïteitsplanning.md index 4b4ecc7..3a974e3 100644 --- a/Corpus/Literature notes/BCP_Bedrijfscontinuïteitsplanning.md +++ b/Corpus/Literature notes/BCP_Bedrijfscontinuïteitsplanning.md @@ -14,7 +14,7 @@ Producten: Bedrijfscontinuïteitsplanning is een continu proces, met als doel het implementeren en onderhouden van beleid, procedures en processen om de impact van verstoringen te beheersen. Met andere woorden: bedrijfscontinuïteitsplanning richt zich op de continuïteit van bedrijfsprocessen, zo nodig met andere middelen. -Belangrijke onderdelen van Bedrijfscontinuïteitsplanning zijn de Bedrijfsimpact Analyse ([BIA](../🎇%20Sparks/Business%20Impact%20Analysis%20(BIA).md)) en het Herstelplan ('Disaster Recovery Plan' / [DRP](../🎇%20Sparks/Disaster%20Recovery%20Planning.md)). +Belangrijke onderdelen van Bedrijfscontinuïteitsplanning zijn de Bedrijfsimpact Analyse ([BIA](../Sparks/Business%20Impact%20Analysis%20(BIA).md)) en het Herstelplan ('Disaster Recovery Plan' / [DRP](..//Disaster%20Recovery%20Planning.md)). De BIA richt zich op het identificeren van de impact van verstoringen op de bedrijfsprocessen, en het Herstelplan richt zich op het herstel van de normale bedrijfsprocessen na een verstoring en de eventuele inzet van alternatieve middelen of werkwijzen . Zie ook: [Het belang van een Bedrijfscontinuïteitsplan](../Sparks/Belang%20van%20een%20BCP.md) / [The importance of having a business continuity plan](../Sparks/Importance%20of%20a%20BCP.md). @@ -34,7 +34,7 @@ Het proces (Beleid) volgens welke dit hele plan tot stand komt en beoordeeld/her ## Analyse -Zie: [Business Impact Analysis (BIA)](../🎇%20Sparks/Business%20Impact%20Analysis%20(BIA).md) +Zie: [Business Impact Analysis (BIA)](../Sparks/Business%20Impact%20Analysis%20(BIA).md) Stappen: - Bepalen bedrijfskritische processen (prioriteiten bepalen) en informatie-assets @@ -141,7 +141,7 @@ Scenario's opstellen o.b.v. risicoanalyse ## Links See also: -- [Disaster Recovery Planning](../🎇%20Sparks/Disaster%20Recovery%20Planning.md) +- [Disaster Recovery Planning](..//Disaster%20Recovery%20Planning.md) - [Checklist for auditing Business Continuity and Disaster Recovery](Checklists%20Gerardus%20Blokdyk/Checklist%20for%20auditing%20Business%20Continuity%20and%20Disaster%20Recovery.md) - [Ransomware Playbook](../Sparks/Ransomware%20Playbook.md) diff --git a/Corpus/Literature notes/CASSM Consumer Authentication Strength Maturity Model.md b/Corpus/Literature notes/CASSM Consumer Authentication Strength Maturity Model.md index b53c0d5..5eac5c9 100644 --- a/Corpus/Literature notes/CASSM Consumer Authentication Strength Maturity Model.md +++ b/Corpus/Literature notes/CASSM Consumer Authentication Strength Maturity Model.md @@ -1,6 +1,6 @@ Related: - [a-5.17-Authentication-information](../Standards/ISO27x/OST/27002/EN/a-5.17-Authentication-information.md) -- [Multi-factor authentication](../🎇%20Sparks/Multi-factor%20authentication.md) +- [Multi-factor authentication](..//Multi-factor%20authentication.md) Daniel Miessler: - [The Consumer Authentication Strength Maturity Model (CASMM) V6](https://danielmiessler.com/blog/casmm-consumer-authentication-security-maturity-model/) diff --git a/Corpus/Literature notes/CISA RVWP.md b/Corpus/Literature notes/CISA RVWP.md index bccc37a..0981d7e 100644 --- a/Corpus/Literature notes/CISA RVWP.md +++ b/Corpus/Literature notes/CISA RVWP.md @@ -2,6 +2,6 @@ Ransomware Vulnerability Warning Pilot (RVWP) | CISA https://www.cisa.gov/stopransomware/Ransomware-Vulnerability-Warning-Pilot Related: -[Assets, Vulnerabilities, Threats, Risks](../🎇%20Sparks/Assets,%20Vulnerabilities,%20Threats,%20Risks.md) -[Vulnerability](../💡Drafts%20and%20Ideas/Vulnerability.md) +[Assets, Vulnerabilities, Threats, Risks](..//Assets,%20Vulnerabilities,%20Threats,%20Risks.md) +[Vulnerability 1](../Sparks/Vulnerability%201.md) diff --git a/Corpus/Literature notes/Checklists Gerardus Blokdyk/Checklist for auditing Access Management.md b/Corpus/Literature notes/Checklists Gerardus Blokdyk/Checklist for auditing Access Management.md index 88d44e3..da8e474 100644 --- a/Corpus/Literature notes/Checklists Gerardus Blokdyk/Checklist for auditing Access Management.md +++ b/Corpus/Literature notes/Checklists Gerardus Blokdyk/Checklist for auditing Access Management.md @@ -9,7 +9,7 @@ Relevant ISO 27001 clauses/controls: - [ISO 27001 A 18 Compliance](../../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%2018%20Compliance.md) Related: -- [Identity and Access Management (IAM)](../../💡Drafts%20and%20Ideas/Identity%20and%20Access%20Management%20(IAM).md) +- [Identity and Access Management (IAM)](../../Sparks/Identity%20and%20Access%20Management%20(IAM).md) ## Organized by Key Themes: Identity, Access, Cloud, Security, Management, Data, Network, Risk, Development, Project: diff --git a/Corpus/Literature notes/Checklists Gerardus Blokdyk/Checklist for auditing Cloud Security – organized by themes.md b/Corpus/Literature notes/Checklists Gerardus Blokdyk/Checklist for auditing Cloud Security – organized by themes.md index efefade..74f9085 100644 --- a/Corpus/Literature notes/Checklists Gerardus Blokdyk/Checklist for auditing Cloud Security – organized by themes.md +++ b/Corpus/Literature notes/Checklists Gerardus Blokdyk/Checklist for auditing Cloud Security – organized by themes.md @@ -11,7 +11,7 @@ All of them – just to link this note somewhere: - [ISO 27001 A 18 Compliance](../../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%2018%20Compliance.md) Related: -- [Vendor security MoC](../../🎇%20Sparks/Vendor%20security%20MoC.md) +- [Vendor security MoC](../..//Vendor%20security%20MoC.md) - [ISO 27k family](../../../../iso27DIY-gis/reference/examples/ISO%2027k%20family.md): ISO 27017, ISO 27018 ## Organized By Key Themes: Security, Management, Risk, Cloud, Data, Software, Development, Technology, Network and Project: diff --git a/Corpus/Literature notes/Checklists Gerardus Blokdyk/Checklist for auditing Cyber Threat Intelligence.md b/Corpus/Literature notes/Checklists Gerardus Blokdyk/Checklist for auditing Cyber Threat Intelligence.md index 633e55a..5d3c8de 100644 --- a/Corpus/Literature notes/Checklists Gerardus Blokdyk/Checklist for auditing Cyber Threat Intelligence.md +++ b/Corpus/Literature notes/Checklists Gerardus Blokdyk/Checklist for auditing Cyber Threat Intelligence.md @@ -14,7 +14,7 @@ Relevant ISO 27002:2022 clauses/controls: - [a-5.7-Threat-intelligence](../../Standards/ISO27x/OST/27002/EN/a-5.7-Threat-intelligence.md) Related: -- [Threat Intelligence](../../🎇%20Sparks/Threat%20Intelligence.md) +- [Threat Intelligence](../..//Threat%20Intelligence.md) ## Cyber Threat Intelligence: Ask This; diff --git a/Corpus/Literature notes/Checklists Gerardus Blokdyk/Checklist for auditing DevOps IoT.md b/Corpus/Literature notes/Checklists Gerardus Blokdyk/Checklist for auditing DevOps IoT.md index 3c58861..7c40864 100644 --- a/Corpus/Literature notes/Checklists Gerardus Blokdyk/Checklist for auditing DevOps IoT.md +++ b/Corpus/Literature notes/Checklists Gerardus Blokdyk/Checklist for auditing DevOps IoT.md @@ -9,7 +9,7 @@ Relevant ISO 27001 clauses/controls: - [ISO 27001 A.14.2 Security in development and support processes](../../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A.14.2%20Security%20in%20development%20and%20support%20processes.md) Related: -- [Operational Technology](../../💡Drafts%20and%20Ideas/Operational%20Technology.md) +- [Operational Technology](../../Sparks/Operational%20Technology.md) - [DevSecOps and ISO 27k](../../Sparks/DevSecOps%20and%20ISO%2027k.md) ## DevOps IoT: Ask This; diff --git a/Corpus/Literature notes/Checklists Gerardus Blokdyk/Checklist for auditing Security Operations.md b/Corpus/Literature notes/Checklists Gerardus Blokdyk/Checklist for auditing Security Operations.md index 6ebf935..d8f29a8 100644 --- a/Corpus/Literature notes/Checklists Gerardus Blokdyk/Checklist for auditing Security Operations.md +++ b/Corpus/Literature notes/Checklists Gerardus Blokdyk/Checklist for auditing Security Operations.md @@ -124,7 +124,7 @@ Administer and maintain security systems in the cybersecurity security operation How do you identify which assets are being compromised and what type of data is involved? -Warrant that your organization is involved in network security environment (Security Operations Center, Security Incident Response Team, or Cyber Security Incident Response) investigating targeted intrusions through complex network segments or Be certain that your company is involved in [Operational Technology](../../💡Drafts%20and%20Ideas/Operational%20Technology.md) engineering and security concepts.  +Warrant that your organization is involved in network security environment (Security Operations Center, Security Incident Response Team, or Cyber Security Incident Response) investigating targeted intrusions through complex network segments or Be certain that your company is involved in [Operational Technology](../../Sparks/Operational%20Technology.md) engineering and security concepts.  Have external information aggregators been evaluated for value in API security operations? diff --git a/Corpus/Literature notes/Checklists Gerardus Blokdyk/Checklist for auditing Threat Intelligence.md b/Corpus/Literature notes/Checklists Gerardus Blokdyk/Checklist for auditing Threat Intelligence.md index 330ae74..df6a461 100644 --- a/Corpus/Literature notes/Checklists Gerardus Blokdyk/Checklist for auditing Threat Intelligence.md +++ b/Corpus/Literature notes/Checklists Gerardus Blokdyk/Checklist for auditing Threat Intelligence.md @@ -398,7 +398,7 @@ Serve on a team of Cyber threat analysts responsible for the 24x7 analyses and r -Do you actively share [Operational Technology](../../💡Drafts%20and%20Ideas/Operational%20Technology.md) threat related intelligence with your peers? +Do you actively share [Operational Technology](../../Sparks/Operational%20Technology.md) threat related intelligence with your peers? Maintain and drive the development of new reports of Cyber Threat Intelligence analysis to peers, management and (internal) customer teams for purposes of situational awareness and making threat intelligence actionable.  diff --git a/Corpus/Literature notes/Checklists Gerardus Blokdyk/Checklist for auditing Threat Management.md b/Corpus/Literature notes/Checklists Gerardus Blokdyk/Checklist for auditing Threat Management.md index 7cb66cd..98f6e52 100644 --- a/Corpus/Literature notes/Checklists Gerardus Blokdyk/Checklist for auditing Threat Management.md +++ b/Corpus/Literature notes/Checklists Gerardus Blokdyk/Checklist for auditing Threat Management.md @@ -7,7 +7,7 @@ Relevant ISO 27001 clauses/controls: - [ISO 27001 A.18.2 Information security reviews](../../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A.18.2%20Information%20security%20reviews.md) Related: -- [Assets, Vulnerabilities, Threats, Risks](../../🎇%20Sparks/Assets,%20Vulnerabilities,%20Threats,%20Risks.md) +- [Assets, Vulnerabilities, Threats, Risks](../..//Assets,%20Vulnerabilities,%20Threats,%20Risks.md) Author: [Gerardus Blokdyk](https://www.linkedin.com/in/gerardblokdijk/) Retrieved from [LinkedIn](https://www.linkedin.com/pulse/address-threat-management-challenges-ensuring-all-tied-blokdyk) on January 9, 2022 diff --git a/Corpus/Literature notes/Checklists Gerardus Blokdyk/Checklist for auditing Threat Modeling.md b/Corpus/Literature notes/Checklists Gerardus Blokdyk/Checklist for auditing Threat Modeling.md index b83a499..7d538f1 100644 --- a/Corpus/Literature notes/Checklists Gerardus Blokdyk/Checklist for auditing Threat Modeling.md +++ b/Corpus/Literature notes/Checklists Gerardus Blokdyk/Checklist for auditing Threat Modeling.md @@ -12,7 +12,7 @@ Relevant ISO 27002:2022 clauses/controls: - [a-5.7-Threat-intelligence](../../Standards/ISO27x/OST/27002/EN/a-5.7-Threat-intelligence.md) Related: -- [Threat Intelligence](../../🎇%20Sparks/Threat%20Intelligence.md) +- [Threat Intelligence](../..//Threat%20Intelligence.md) ## Threat Modeling: Ask This; diff --git a/Corpus/Literature notes/Checklists Gerardus Blokdyk/Checklist for auditing Vendor Management.md b/Corpus/Literature notes/Checklists Gerardus Blokdyk/Checklist for auditing Vendor Management.md index 454f113..ecba756 100644 --- a/Corpus/Literature notes/Checklists Gerardus Blokdyk/Checklist for auditing Vendor Management.md +++ b/Corpus/Literature notes/Checklists Gerardus Blokdyk/Checklist for auditing Vendor Management.md @@ -10,7 +10,7 @@ Relevant ISO 27001 clauses/controls: - [ISO 27001 A 18 Compliance](../../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%2018%20Compliance.md) Related: -- [Vendor security MoC](../../🎇%20Sparks/Vendor%20security%20MoC.md) +- [Vendor security MoC](../..//Vendor%20security%20MoC.md) ## Vendor Management: Ask This; diff --git a/Corpus/Literature notes/Datatags System.md b/Corpus/Literature notes/Datatags System.md index 929fd01..354d353 100644 --- a/Corpus/Literature notes/Datatags System.md +++ b/Corpus/Literature notes/Datatags System.md @@ -4,7 +4,7 @@ Science. 2015101601. October 16, 2015. http://techscience.org/a/2015101601; PDF Related: - [ISO 27001 A 8.2 Information classification](../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%208.2%20Information%20classification.md) -- [Privacy](../Drafts%20and%20Ideas/Privacy.md) +- [Privacy 1](../Sparks/Privacy%201.md) Sweeney at all have developed a privacy oriented data classification system with six levels: diff --git a/Corpus/Literature notes/Def_Sec_Handbook_Chapter_10.md b/Corpus/Literature notes/Def_Sec_Handbook_Chapter_10.md index 4527d6c..535d6dd 100644 --- a/Corpus/Literature notes/Def_Sec_Handbook_Chapter_10.md +++ b/Corpus/Literature notes/Def_Sec_Handbook_Chapter_10.md @@ -1,6 +1,6 @@ # Chapter 10: Password Management and Multifactor Authentication -See also: [Identity and Access Management (IAM)](../💡Drafts%20and%20Ideas/Identity%20and%20Access%20Management%20(IAM).md), [Roles in Identity and Access Management (IAM)](Roles%20in%20Identity%20and%20Access%20Management%20(IAM).md) +See also: [Identity and Access Management (IAM)](../Sparks/Identity%20and%20Access%20Management%20(IAM).md), [Roles in Identity and Access Management (IAM)](Roles%20in%20Identity%20and%20Access%20Management%20(IAM).md) ## Password practices Password complexity and brute force cracking: diff --git a/Corpus/Literature notes/Draft Vendor and Product checklist.md b/Corpus/Literature notes/Draft Vendor and Product checklist.md index 1ffb948..2094a8d 100644 --- a/Corpus/Literature notes/Draft Vendor and Product checklist.md +++ b/Corpus/Literature notes/Draft Vendor and Product checklist.md @@ -1,4 +1,4 @@ -Related: [Vendor security MoC](../🎇%20Sparks/Vendor%20security%20MoC.md) +Related: [Vendor security MoC](..//Vendor%20security%20MoC.md) ESCROW BOM diff --git a/Corpus/Literature notes/Factor Analysis of Information Risk (FAIR).md b/Corpus/Literature notes/Factor Analysis of Information Risk (FAIR).md index feab8e9..3690157 100644 --- a/Corpus/Literature notes/Factor Analysis of Information Risk (FAIR).md +++ b/Corpus/Literature notes/Factor Analysis of Information Risk (FAIR).md @@ -5,5 +5,5 @@ FAIR principles can be applied "to clarify organizational risk appetite and tole [Source](https://www.fairinstitute.org/blog/cyber-risk-management-establishing-a-blueprint-with-fair) Related: -- [Risk appetite](../💡Drafts%20and%20Ideas/Risk%20appetite.md) -- [Risk tolerance](../🎇%20Sparks/Risk%20tolerance.md) +- [Risk appetite 1](../Sparks/Risk%20appetite%201.md) +- [Risk tolerance](..//Risk%20tolerance.md) diff --git a/Corpus/Literature notes/Implementing Segregation of Duties ISACA.md b/Corpus/Literature notes/Implementing Segregation of Duties ISACA.md index c9dc4af..5d3f5c3 100644 --- a/Corpus/Literature notes/Implementing Segregation of Duties ISACA.md +++ b/Corpus/Literature notes/Implementing Segregation of Duties ISACA.md @@ -5,7 +5,7 @@ Article in ISACA Journal Retrieved: July 13, 2022 See also: -- [Roles and Responsibilities](../🎇%20Sparks/Roles%20and%20Responsibilities.md) +- [Roles and Responsibilities](../Sparks/Roles%20and%20Responsibilities.md) - [a-5.3-Segregation-of-duties](../Standards/ISO27x/OST/27002/EN/a-5.3-Segregation-of-duties.md) - [ISO_27002_2022_5.3_PE Segregation of duties](../../../iso27DIY-gis/reference/Paraphrased/ISO27002-2022-EN/ISO_27002_2022_5.3_PE%20Segregation%20of%20duties.md) diff --git a/Corpus/Literature notes/Managing Risks - A New Framework.md b/Corpus/Literature notes/Managing Risks - A New Framework.md index ed5a4e1..2c7dab1 100644 --- a/Corpus/Literature notes/Managing Risks - A New Framework.md +++ b/Corpus/Literature notes/Managing Risks - A New Framework.md @@ -1,7 +1,9 @@ --- Related: - - "[Risk management](../🎇%20Sparks/Risk%20management.md)" + - "[Risk management](../Sparks/Risk%20management.md)" --- +# Managing Risks: A New Framework + by Robert S. Kaplan and Anette Mikes, June 2012 [Source](https://hbr.org/2012/06/managing-risks-a-new-framework) diff --git a/Corpus/Literature notes/Roles in Information security management.md b/Corpus/Literature notes/Roles in Information security management.md index 1d66ed6..74f832b 100644 --- a/Corpus/Literature notes/Roles in Information security management.md +++ b/Corpus/Literature notes/Roles in Information security management.md @@ -9,9 +9,9 @@ For examples of defined roles, see: - [OrgFit Architectuurprincipes Humankind](../../Clients/Humankind/OrgFit%20Architectuurprincipes%20Humankind.md) Related: -- [Asset ownership](../🎇%20Sparks/Asset%20ownership.md) +- [Asset ownership](../Sparks/Asset%20ownership.md) - [Control ownership](../Sparks/Control%20ownership.md) -- [Risk ownership](../🎇%20Sparks/Risk%20ownership.md) +- [Risk ownership](../Sparks/Risk%20ownership.md) - [Segregation of Duties](Segregation%20of%20Duties.md) - [Access Control Models](../Sparks/Access%20Control%20Models.md) diff --git a/Corpus/Literature notes/Security Threat Modeling.md b/Corpus/Literature notes/Security Threat Modeling.md index 8cd6434..d75259f 100644 --- a/Corpus/Literature notes/Security Threat Modeling.md +++ b/Corpus/Literature notes/Security Threat Modeling.md @@ -3,7 +3,7 @@ https://insights.sei.cmu.edu/blog/threat-modeling-12-available-methods/ Related: - - [Create a threat analysis chatbot](../Drafts%20and%20Ideas/Controls/Create%20a%20threat%20analysis%20chatbot.md) + - [Create a threat analysis chatbot](../Sparks/Create%20a%20threat%20analysis%20chatbot.md) ![700](Threat%20scenario%20elements.jpeg) \ No newline at end of file diff --git a/Corpus/Literature notes/Single Sign On (SSO).md b/Corpus/Literature notes/Single Sign On (SSO).md index a0623d7..604eb9d 100644 --- a/Corpus/Literature notes/Single Sign On (SSO).md +++ b/Corpus/Literature notes/Single Sign On (SSO).md @@ -20,7 +20,7 @@ For both users and IT administrators, securely handling thousands of accounts an ## SSO’s challenges -- **Extra-strong passwords must be enforced.** If an SSO account is cracked, others under the same authentication can also be endangered. -> combine with [Multi-factor authentication](../🎇%20Sparks/Multi-factor%20authentication.md) +- **Extra-strong passwords must be enforced.** If an SSO account is cracked, others under the same authentication can also be endangered. -> combine with [Multi-factor authentication](../Sparks/Multi-factor%20authentication.md) - **When SSO is down, access to all connected sites is stopped.** This is a big reason to exercise great care in choosing an SSO system. It must be exceptionally reliable and plans should be in place for dealing with breakdowns. - **What’s more, when your identity provider goes down, your SSO does too.** The provider’s vulnerability to any kind of interruption becomes your vulnerability as well, and it is probably beyond your control. Once again, the choice of vendors is critical. - **If a hacker breaches your identity provider user account, all your linked systems could be open to attack.** This can be a classic single point of failure and should be headed off in the planning process. On the plus side, high-quality identity providers have top-notch security. diff --git a/Corpus/Literature notes/Threat Catalogues.md b/Corpus/Literature notes/Threat Catalogues.md index e0122af..b95afa6 100644 --- a/Corpus/Literature notes/Threat Catalogues.md +++ b/Corpus/Literature notes/Threat Catalogues.md @@ -1,4 +1,4 @@ -See also [Risk inventories](../🎇%20Sparks/Risk%20inventories.md) +See also [Risk inventories](../Sparks/Risk%20inventories.md) https://cs4e.pages.labranet.jamk.fi/ooc/30-Cyber_Attack/01-Threats_and_Attacks/ diff --git a/Corpus/Literature notes/Threat.md b/Corpus/Literature notes/Threat.md index 3130569..da9049c 100644 --- a/Corpus/Literature notes/Threat.md +++ b/Corpus/Literature notes/Threat.md @@ -1,6 +1,6 @@ -[Risks vs Threats vs Vulnerabilities](../🎇%20Sparks/Risks%20vs%20Threats%20vs%20Vulnerabilities.md) +[Risks vs Threats vs Vulnerabilities](../Sparks/Risks%20vs%20Threats%20vs%20Vulnerabilities.md) -[Threat Intelligence](../🎇%20Sparks/Threat%20Intelligence.md) +[Threat Intelligence](../Sparks/Threat%20Intelligence.md) [Threat intelligence sources](../Sparks/Threat%20intelligence%20sources.md) [Threat Modeling](Security%20Threat%20Modeling.md) [Threat Catalogues](Threat%20Catalogues.md) diff --git a/Corpus/Literature notes/Topical InfoSec Kanban’s.md b/Corpus/Literature notes/Topical InfoSec Kanban’s.md index 7a36f87..770aef5 100644 --- a/Corpus/Literature notes/Topical InfoSec Kanban’s.md +++ b/Corpus/Literature notes/Topical InfoSec Kanban’s.md @@ -1,6 +1,6 @@ The planning function of AuditGlue may take the form of a (series of) Kanban boards. -For inspiration, below is a collection of Kanban boards on information security topics, published by [The Art of Service](../Drafts%20and%20Ideas/The%20Art%20of%20Service.md). Offering Kanban's in cooperation with them should be considered. +For inspiration, below is a collection of Kanban boards on information security topics, published by [The Art of Service](../Sparks/The%20Art%20of%20Service.md). Offering Kanban's in cooperation with them should be considered. Note that these boards where created with Airtable.com. @@ -30,7 +30,7 @@ Note that these boards where created with Airtable.com. ### Related notes: - [📼 ISO27DIY Video Series](../Standards/ISO27x/legacy/iso27DIY%20mk%20I/📼%20ISO27DIY%20Video%20Series.md) - [ISO27DIY Additional resources](../Standards/ISO27x/legacy/iso27DIY%20mk%20I/ISO27DIY%20Additional%20resources.md) -- [List of possible partners](../Drafts%20and%20Ideas/List%20of%20possible%20partners.md) +- [List of possible partners 1](../Sparks/List%20of%20possible%20partners%201.md) - [ISO27DIY Workshop Overview template](../Standards/ISO27x/legacy/iso27DIY%20mk%20I/📒%20Templates/ISO27DIY%20Workshop%20Overview%20template.md) - [Advised Documents for ISO 27001](../../../iso27DIY-gis/reference/Advised%20Documents%20for%20ISO%2027001.md) - [💾 AuditGlue software](../Standards/ISO27x/legacy/iso27DIY%20mk%20I/💾%20AuditGlue%20software.md) diff --git a/Corpus/Literature notes/Treating vendors as a risk.md b/Corpus/Literature notes/Treating vendors as a risk.md index 2118900..0b11374 100644 --- a/Corpus/Literature notes/Treating vendors as a risk.md +++ b/Corpus/Literature notes/Treating vendors as a risk.md @@ -9,7 +9,7 @@ Miessler proposes treating vendors and vendor solutions as a risk and perform a Assume a breach will happen and take preventive measures to reduce the impact, by improving the risk visibility, and look for ways to reduce the scope, penetration, and access that the vendor tool has to minimum levels. Related: -- [Awareness](../🎇%20Sparks/Awareness.md) -- [Vendor security MoC](../🎇%20Sparks/Vendor%20security%20MoC.md) -- [Risk analysis](../🎇%20Sparks/Risk%20analysis.md) +- [Awareness](../Sparks/Awareness.md) +- [Vendor security MoC](../Sparks/Vendor%20security%20MoC.md) +- [Risk analysis](../Sparks/Risk%20analysis.md) diff --git a/Corpus/MoCs/ISO_27001_2022_4.3_MoC Determining the scope of the information security management system.md b/Corpus/MoCs/ISO_27001_2022_4.3_MoC Determining the scope of the information security management system.md index 2219fe5..28dcda1 100644 --- a/Corpus/MoCs/ISO_27001_2022_4.3_MoC Determining the scope of the information security management system.md +++ b/Corpus/MoCs/ISO_27001_2022_4.3_MoC Determining the scope of the information security management system.md @@ -4,6 +4,6 @@ [[ISO_27001_PE 4.3 Determining the scope of the information security management system\|Plain English]] -[About the Statement of Applicability](../Drafts%20and%20Ideas/ISMS/About%20the%20Statement%20of%20Applicability.md) +[About the Statement of Applicability](../Sparks/ISMS/About%20the%20Statement%20of%20Applicability.md) [PECB Auditor training: Context of the organization](../Standards/ISO27x/PECB-Lead-Auditor-Training/PECB%2027001%20LA%20S05%20E01a%20-%20Context%20of%20the%20organization.md) \ No newline at end of file diff --git a/Corpus/MoCs/ISO_27001_2022_6.1.3_MoC Information security risk treatment.md b/Corpus/MoCs/ISO_27001_2022_6.1.3_MoC Information security risk treatment.md index 89a8b55..740c295 100644 --- a/Corpus/MoCs/ISO_27001_2022_6.1.3_MoC Information security risk treatment.md +++ b/Corpus/MoCs/ISO_27001_2022_6.1.3_MoC Information security risk treatment.md @@ -3,4 +3,4 @@ - [Original Text](../ISO-27001-OST/ISO27001-EN-2022/ISO_27001_OT%206.1.3%20Information%20security%20risk%20treatment.md) - [[ISO_27001_PE 6.1.3 Information security risk treatment\|Plain English]] -[About the Statement of Applicability](../Drafts%20and%20Ideas/ISMS/About%20the%20Statement%20of%20Applicability.md) +[About the Statement of Applicability](../Sparks/ISMS/About%20the%20Statement%20of%20Applicability.md) diff --git a/Corpus/MoCs/ISO_27002_2022_5.29_MoC Information security during disruption.md b/Corpus/MoCs/ISO_27002_2022_5.29_MoC Information security during disruption.md index 9a8ffb0..df2b895 100644 --- a/Corpus/MoCs/ISO_27002_2022_5.29_MoC Information security during disruption.md +++ b/Corpus/MoCs/ISO_27002_2022_5.29_MoC Information security during disruption.md @@ -4,5 +4,5 @@ [[ISO_27002_2022_5.29_PE Information security during disruption \|Plain English]] ISO 27002:2013: 17.1.1, 17.1.2, 17.1.3 -[Business Impact Analysis (BIA)](../🎇%20Sparks/Business%20Impact%20Analysis%20(BIA).md) +[Business Impact Analysis (BIA)](../Sparks/Business%20Impact%20Analysis%20(BIA).md) diff --git a/Corpus/MoCs/ISO_27002_2022_5.30_MoC ICT readiness for business continuity.md b/Corpus/MoCs/ISO_27002_2022_5.30_MoC ICT readiness for business continuity.md index ffab90b..30a4830 100644 --- a/Corpus/MoCs/ISO_27002_2022_5.30_MoC ICT readiness for business continuity.md +++ b/Corpus/MoCs/ISO_27002_2022_5.30_MoC ICT readiness for business continuity.md @@ -7,6 +7,6 @@ ISO 27002:2013: n/a See also: - [BCP_Bedrijfscontinuïteitsplanning](../📚️%20Literature%20notes/BCP_Bedrijfscontinuïteitsplanning.md) -- [Business Impact Analysis (BIA)](../🎇%20Sparks/Business%20Impact%20Analysis%20(BIA).md) -- [Disaster Recovery Planning](../🎇%20Sparks/Disaster%20Recovery%20Planning.md) +- [Business Impact Analysis (BIA)](../Sparks/Business%20Impact%20Analysis%20(BIA).md) +- [Disaster Recovery Planning](../Sparks/Disaster%20Recovery%20Planning.md) diff --git a/Corpus/MoCs/ISO_27002_2022_5.9_MoC Inventory of information and other associated assets.md b/Corpus/MoCs/ISO_27002_2022_5.9_MoC Inventory of information and other associated assets.md index 1638ada..4055ab2 100644 --- a/Corpus/MoCs/ISO_27002_2022_5.9_MoC Inventory of information and other associated assets.md +++ b/Corpus/MoCs/ISO_27002_2022_5.9_MoC Inventory of information and other associated assets.md @@ -6,5 +6,5 @@ ISO 27002:2013: 08.1.1, 08.1.2 [Brontekst](../ISO-27002-OST/ISO27002-NL-2022/a-5.9-Inventarisatie-van-informatie-en-andere-gerelateerde-bedrijfsmiddelen.md) -The inventory serves as input for the [Business Impact Analysis (BIA)](../🎇%20Sparks/Business%20Impact%20Analysis%20(BIA).md) +The inventory serves as input for the [Business Impact Analysis (BIA)](../Sparks/Business%20Impact%20Analysis%20(BIA).md) [ISO_27001_2022_00_MoC Index EXT](ISO_27001_2022_00_MoC%20Index%20EXT.md) diff --git a/Corpus/MoCs/iso27DIY-MoC.md b/Corpus/MoCs/iso27DIY-MoC.md index 3756f24..dc06fd3 100644 --- a/Corpus/MoCs/iso27DIY-MoC.md +++ b/Corpus/MoCs/iso27DIY-MoC.md @@ -29,14 +29,14 @@ tags: ## Design [Modules Canvas](../../AuditGlue/iso27DIY%20content%20modules.canvas) -[About the flow](../Drafts%20and%20Ideas/About%20iso27diy/About%20the%20flow.md) +[About the flow](../Sparks/About%20iso27diy/About%20the%20flow.md) [UI ideas](AuditGlue/System%20alternative/iso27DIY%20UI%20ideas.md) ### Agents [Create a proactive conversational agent](../Sparks/Create%20a%20proactive%20conversational%20agent.md) [Create an interview agent](../Sparks/Create%20an%20interview%20agent.md) [Agent Design Intent Card](AuditGlue/System%20alternative/Agent%20Design%20Intent%20Card.md) -[Create a threat analysis chatbot](../Drafts%20and%20Ideas/Controls/Create%20a%20threat%20analysis%20chatbot.md) +[Create a threat analysis chatbot](../Sparks/Create%20a%20threat%20analysis%20chatbot.md) [Instruct an LLM on available tools](../Sparks/Instruct%20an%20LLM%20on%20available%20tools.md) [LLM Prompt types](../Sparks/LLM%20Prompt%20types.md) diff --git a/Corpus/Sparks/2023-scf-risk-management-ecosystem 1.jpg b/Corpus/Sparks/2023-scf-risk-management-ecosystem-diagram.jpg similarity index 100% rename from Corpus/Sparks/2023-scf-risk-management-ecosystem 1.jpg rename to Corpus/Sparks/2023-scf-risk-management-ecosystem-diagram.jpg diff --git a/Corpus/Sparks/AI Threat Modeling 2.md b/Corpus/Sparks/AI Threat Modeling 2.md deleted file mode 100644 index c4c561c..0000000 --- a/Corpus/Sparks/AI Threat Modeling 2.md +++ /dev/null @@ -1,4 +0,0 @@ - - -[PLOT4AI](https://plot4.ai) (Privacy Library Of Threats 4 Artificial Intelligence): A threat modeling library to help you build responsible AI -by [Isabel Barbéra](https://www.linkedin.com/in/isabelbarbera/) \ No newline at end of file diff --git a/Corpus/Sparks/AI Threat Modeling.md b/Corpus/Sparks/AI Threat Modeling.md index 7d3058f..00fccd6 100644 --- a/Corpus/Sparks/AI Threat Modeling.md +++ b/Corpus/Sparks/AI Threat Modeling.md @@ -1 +1,5 @@ -[Create a threat analysis chatbot](../Drafts%20and%20Ideas/Controls/Create%20a%20threat%20analysis%20chatbot.md) +[Create a threat analysis chatbot](Create%20a%20threat%20analysis%20chatbot.md) + + +[PLOT4AI](https://plot4.ai) (Privacy Library Of Threats 4 Artificial Intelligence): A threat modeling library to help you build responsible AI +by [Isabel Barbéra](https://www.linkedin.com/in/isabelbarbera/) \ No newline at end of file diff --git a/Corpus/Drafts and Ideas/About iso27diy/About the Industry.md b/Corpus/Sparks/About iso27diy/About the Industry.md similarity index 100% rename from Corpus/Drafts and Ideas/About iso27diy/About the Industry.md rename to Corpus/Sparks/About iso27diy/About the Industry.md diff --git a/Corpus/Drafts and Ideas/About iso27diy/About the flow.md b/Corpus/Sparks/About iso27diy/About the flow.md similarity index 100% rename from Corpus/Drafts and Ideas/About iso27diy/About the flow.md rename to Corpus/Sparks/About iso27diy/About the flow.md diff --git a/Corpus/Drafts and Ideas/About iso27diy/Interactie met de gebruiker.md b/Corpus/Sparks/About iso27diy/Interactie met de gebruiker.md similarity index 100% rename from Corpus/Drafts and Ideas/About iso27diy/Interactie met de gebruiker.md rename to Corpus/Sparks/About iso27diy/Interactie met de gebruiker.md diff --git a/Corpus/Drafts and Ideas/About iso27diy/Ocean Sailing Metaphor.md b/Corpus/Sparks/About iso27diy/Ocean Sailing Metaphor.md similarity index 100% rename from Corpus/Drafts and Ideas/About iso27diy/Ocean Sailing Metaphor.md rename to Corpus/Sparks/About iso27diy/Ocean Sailing Metaphor.md diff --git a/Corpus/Drafts and Ideas/About iso27diy/iso27DYI - How this works.md b/Corpus/Sparks/About iso27diy/iso27DYI - How this works.md similarity index 100% rename from Corpus/Drafts and Ideas/About iso27diy/iso27DYI - How this works.md rename to Corpus/Sparks/About iso27diy/iso27DYI - How this works.md diff --git a/Corpus/Sparks/Access Control Models.md b/Corpus/Sparks/Access Control Models.md index dccf5f9..1cb2241 100644 --- a/Corpus/Sparks/Access Control Models.md +++ b/Corpus/Sparks/Access Control Models.md @@ -1,6 +1,6 @@ See also: - [Authorization vs Access Control](Authorization%20vs%20Access%20Control.md) -- [Identity and Access Management (IAM)](../💡Drafts%20and%20Ideas/Identity%20and%20Access%20Management%20(IAM).md) +- [Identity and Access Management (IAM)](Identity%20and%20Access%20Management%20(IAM).md) - [RBAC Access levels](../Literature%20notes/RBAC%20Access%20levels.md) - [CRUD Matrices](CRUD%20Matrices.md) diff --git a/Corpus/Sparks/Assets, Vulnerabilities, Threats, Risks.md b/Corpus/Sparks/Assets, Vulnerabilities, Threats, Risks.md index 11e2574..f5d289f 100644 --- a/Corpus/Sparks/Assets, Vulnerabilities, Threats, Risks.md +++ b/Corpus/Sparks/Assets, Vulnerabilities, Threats, Risks.md @@ -3,7 +3,7 @@ * The relationship between assets, vulnerabilities, and threats is often called the Operations Security Triple. [Assets](Assets.md) -[Vulnerability](../💡Drafts%20and%20Ideas/Vulnerability.md) +[Vulnerability 1](Vulnerability%201.md) [Threat](../📚️%20Literature%20notes/Threat.md) [Risks](Risks.md) diff --git a/Corpus/Drafts and Ideas/Context, Strategy, and Leadership/Sources for the Context sessions.md b/Corpus/Sparks/Context, Strategy, and Leadership/Sources for the Context sessions.md similarity index 96% rename from Corpus/Drafts and Ideas/Context, Strategy, and Leadership/Sources for the Context sessions.md rename to Corpus/Sparks/Context, Strategy, and Leadership/Sources for the Context sessions.md index a17707e..1df6171 100644 --- a/Corpus/Drafts and Ideas/Context, Strategy, and Leadership/Sources for the Context sessions.md +++ b/Corpus/Sparks/Context, Strategy, and Leadership/Sources for the Context sessions.md @@ -27,7 +27,7 @@ Functiehuis (4.1) Organogram (4.1) Bedrijfsprocessen (4.1) SWOT (4.1) -- [SWOT Analyses template](../../Sparks/SWOT%20Analyses%20template.md) +- [SWOT Analyses template](../SWOT%20Analyses%20template.md) DESTEP (4.2) Stakeholder analyse (4.2) Wet- en regelgeving (4.2, A5.31-A5.34) diff --git a/Corpus/Drafts and Ideas/Context, Strategy, and Leadership/The ISMS in its context.md b/Corpus/Sparks/Context, Strategy, and Leadership/The ISMS in its context.md similarity index 100% rename from Corpus/Drafts and Ideas/Context, Strategy, and Leadership/The ISMS in its context.md rename to Corpus/Sparks/Context, Strategy, and Leadership/The ISMS in its context.md diff --git a/Corpus/Drafts and Ideas/Controls/Create a threat analysis chatbot.md b/Corpus/Sparks/Create a threat analysis chatbot.md similarity index 100% rename from Corpus/Drafts and Ideas/Controls/Create a threat analysis chatbot.md rename to Corpus/Sparks/Create a threat analysis chatbot.md diff --git a/Corpus/Drafts and Ideas/Dealing with a reported application vulnerability Log4j.md b/Corpus/Sparks/Dealing with a reported application vulnerability Log4j.md similarity index 100% rename from Corpus/Drafts and Ideas/Dealing with a reported application vulnerability Log4j.md rename to Corpus/Sparks/Dealing with a reported application vulnerability Log4j.md diff --git a/Corpus/Drafts and Ideas/GRC software is geschreven voor domeindeskundigen.md b/Corpus/Sparks/GRC software is geschreven voor domeindeskundigen.md similarity index 100% rename from Corpus/Drafts and Ideas/GRC software is geschreven voor domeindeskundigen.md rename to Corpus/Sparks/GRC software is geschreven voor domeindeskundigen.md diff --git a/Corpus/Sparks/Handreiking risicobeoordeling 2.o.pdf b/Corpus/Sparks/Handreiking risicobeoordeling 2.0.pdf similarity index 100% rename from Corpus/Sparks/Handreiking risicobeoordeling 2.o.pdf rename to Corpus/Sparks/Handreiking risicobeoordeling 2.0.pdf diff --git a/Corpus/Drafts and Ideas/ISMS/About implementation and proof.md b/Corpus/Sparks/ISMS/About implementation and proof.md similarity index 100% rename from Corpus/Drafts and Ideas/ISMS/About implementation and proof.md rename to Corpus/Sparks/ISMS/About implementation and proof.md diff --git a/Corpus/Drafts and Ideas/ISMS/About policies controls and risks.md b/Corpus/Sparks/ISMS/About policies controls and risks.md similarity index 100% rename from Corpus/Drafts and Ideas/ISMS/About policies controls and risks.md rename to Corpus/Sparks/ISMS/About policies controls and risks.md diff --git a/Corpus/Drafts and Ideas/ISMS/About the Statement of Applicability.md b/Corpus/Sparks/ISMS/About the Statement of Applicability.md similarity index 100% rename from Corpus/Drafts and Ideas/ISMS/About the Statement of Applicability.md rename to Corpus/Sparks/ISMS/About the Statement of Applicability.md diff --git a/Corpus/Drafts and Ideas/ISMS/Basic ISMS governance model.md b/Corpus/Sparks/ISMS/Basic ISMS governance model.md similarity index 100% rename from Corpus/Drafts and Ideas/ISMS/Basic ISMS governance model.md rename to Corpus/Sparks/ISMS/Basic ISMS governance model.md diff --git a/Corpus/Sparks/Ideas about enforcement 1.md b/Corpus/Sparks/Ideas about enforcement 1.md new file mode 100644 index 0000000..07d43bc --- /dev/null +++ b/Corpus/Sparks/Ideas about enforcement 1.md @@ -0,0 +1,13 @@ +# Ideas about enforcement +The coverage of [[Enforcement tooling]] will not be complete, if only because their implementation will always be one step behind organizational reality. There will be information assets out of scope, by choice or accident. + +There will be situations where the improper handling of assets is not prevented by such tooling, and employees would need to be aware of, or deduce from content, the classification of those assets, and make an informed decission on the proper handling. + +The underlying idea is that I personally prefer that people have freedom of choice and be supported in making informed decissions. +that is not only morally preferable, but it's a necessigty precisely because there will always be situations in which they *need* to decide for themselves. + +There's also a link here to different stakeholders with different interests. Think of your stereotypical IT Guy, who wants to screw everything down, and Marketing Guy, who wants maximum freedom in the data lake. + +Related: +- [Labeling of information in the digital domain](Labeling%20of%20information%20in%20the%20digital%20domain.md). +- [Stakeholder Analysis](Stakeholder%20Analysis.md) \ No newline at end of file diff --git a/Corpus/Drafts and Ideas/Ideas about enforcement.md b/Corpus/Sparks/Ideas about enforcement.md similarity index 94% rename from Corpus/Drafts and Ideas/Ideas about enforcement.md rename to Corpus/Sparks/Ideas about enforcement.md index 1921759..07d43bc 100644 --- a/Corpus/Drafts and Ideas/Ideas about enforcement.md +++ b/Corpus/Sparks/Ideas about enforcement.md @@ -10,4 +10,4 @@ There's also a link here to different stakeholders with different interests. Thi Related: - [Labeling of information in the digital domain](Labeling%20of%20information%20in%20the%20digital%20domain.md). -- [Stakeholder Analysis](../Sparks/Stakeholder%20Analysis.md) \ No newline at end of file +- [Stakeholder Analysis](Stakeholder%20Analysis.md) \ No newline at end of file diff --git a/Corpus/Sparks/Identification.md b/Corpus/Sparks/Identification.md new file mode 100644 index 0000000..7c89c15 --- /dev/null +++ b/Corpus/Sparks/Identification.md @@ -0,0 +1,15 @@ +# Identification +Identification is the claim of a subject of its identity. + +See also: +- [Authentication](../Standards/ISO27x/Authentication.md) +- [Authorization](../Standards/ISO27x/Authorization.md) +- [Identity and Access Management (IAM)](Identity%20and%20Access%20Management%20(IAM).md) + +# Identification +Identification is the claim of a subject of its identity. + +See also: +- [Authentication](../Standards/ISO27x/Authentication.md) +- [Authorization](../Standards/ISO27x/Authorization.md) +- [Identity and Access Management (IAM)](Identity%20and%20Access%20Management%20(IAM).md) diff --git a/Corpus/Sparks/Identity and Access Management (IAM).md b/Corpus/Sparks/Identity and Access Management (IAM).md new file mode 100644 index 0000000..0d4911e --- /dev/null +++ b/Corpus/Sparks/Identity and Access Management (IAM).md @@ -0,0 +1,29 @@ +## How IAM works + +With IAM, you manage access control by defining _who_ (identity) has _what access_ (role) for _which resource_. For example, Compute Engine virtual machine instances, Google Kubernetes Engine (GKE) clusters, and Cloud Storage buckets are all Google Cloud resources. The organizations, folders, and projects that you use to organize your resources are also resources. + +In IAM, permission to access a resource isn't granted _directly_ to the end user. Instead, permissions are grouped into _roles_, and roles are granted to authenticated _principals_. (In the past, IAM often referred to principals as _members_. Some APIs still use this term.) + +An _allow policy_, also known as an _IAM policy_, defines and enforces what roles are granted to which principals. Each allow policy is attached to a resource. When an authenticated principal attempts to access a resource, IAM checks the resource's allow policy to determine whether the action is permitted. + +See: +- [Identification](Identification.md) – "This is who I am" +- [Authentication](../Standards/ISO27x/Authentication.md) – "This is how I prove it" +- [Authorization](../Standards/ISO27x/Authorization.md) – "... then this is what you get access to" +- [CISSP_Domain_5_1](../Standards/CISSP/CISSP_Domain_5_1.md), [CISSP_Domain_5_2](../Standards/CISSP/CISSP_Domain_5_2.md) +- [Roles in Identity and Access Management (IAM)](../Literature%20notes/Roles%20in%20Identity%20and%20Access%20Management%20(IAM).md) + +## How IAM works + +With IAM, you manage access control by defining _who_ (identity) has _what access_ (role) for _which resource_. For example, Compute Engine virtual machine instances, Google Kubernetes Engine (GKE) clusters, and Cloud Storage buckets are all Google Cloud resources. The organizations, folders, and projects that you use to organize your resources are also resources. + +In IAM, permission to access a resource isn't granted _directly_ to the end user. Instead, permissions are grouped into _roles_, and roles are granted to authenticated _principals_. (In the past, IAM often referred to principals as _members_. Some APIs still use this term.) + +An _allow policy_, also known as an _IAM policy_, defines and enforces what roles are granted to which principals. Each allow policy is attached to a resource. When an authenticated principal attempts to access a resource, IAM checks the resource's allow policy to determine whether the action is permitted. + +See: +- [Identification](Identification.md) – "This is who I am" +- [Authentication](../Standards/ISO27x/Authentication.md) – "This is how I prove it" +- [Authorization](../Standards/ISO27x/Authorization.md) – "... then this is what you get access to" +- [CISSP_Domain_5_1](../Standards/CISSP/CISSP_Domain_5_1.md), [CISSP_Domain_5_2](../Standards/CISSP/CISSP_Domain_5_2.md) +- [Roles in Identity and Access Management (IAM)](../Literature%20notes/Roles%20in%20Identity%20and%20Access%20Management%20(IAM).md) \ No newline at end of file diff --git a/Corpus/Drafts and Ideas/Impact of Disruption.md b/Corpus/Sparks/Impact of Disruption.md similarity index 66% rename from Corpus/Drafts and Ideas/Impact of Disruption.md rename to Corpus/Sparks/Impact of Disruption.md index e03b86e..e5cce1d 100644 --- a/Corpus/Drafts and Ideas/Impact of Disruption.md +++ b/Corpus/Sparks/Impact of Disruption.md @@ -4,5 +4,5 @@ [](../Attachments/TLP_Impact_matrix_NL.xlsx) [BCP_Bedrijfscontinuïteitsplanning](../📚️%20Literature%20notes/BCP_Bedrijfscontinuïteitsplanning.md) -[Business Impact Analysis (BIA)](../🎇%20Sparks/Business%20Impact%20Analysis%20(BIA).md) +[Business Impact Analysis (BIA)](..//Business%20Impact%20Analysis%20(BIA).md) diff --git a/Corpus/Drafts and Ideas/Information Security.md b/Corpus/Sparks/Information Security.md similarity index 100% rename from Corpus/Drafts and Ideas/Information Security.md rename to Corpus/Sparks/Information Security.md diff --git a/Corpus/Sparks/Labeling of information in the digital domain.md b/Corpus/Sparks/Labeling of information in the digital domain.md new file mode 100644 index 0000000..0a3e25e --- /dev/null +++ b/Corpus/Sparks/Labeling of information in the digital domain.md @@ -0,0 +1,37 @@ +[ISO 27001 A 8.2.2 Labelling of information](../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%208.2.2%20Labelling%20of%20information.md) makes procedures for information labelling in accordance with the classification scheme mandatory. + +For physical assets it’s straightforward: a ‘restricted area’ sign on the door to the server room, a ‘classified’ mark on a folder, a ‘privacy sensitive’ sticker on a backup tape, etc. + +But how would you implement labeling in the digital domain of databases, file systems, SaaS environments, etc.? + +Brahman Thiyagalingham suggested in [this LinkedIn thread](https://www.linkedin.com/feed/update/urn:li:activity:6878704465160007680/?commentUrn=urn%3Ali%3Acomment%3A(groupPost%3A67493-6878704464929316864%2C6878973141931094016)&replyUrn=urn%3Ali%3Acomment%3A(groupPost%3A67493-6878704464929316864%2C6879367802243866624)) that, to ensure the proper handling of (digital) information assets, you would rely on "something like a proper RBAC model, Identity Access solution with a PAM, DRM and DLP". Implying the concept of labeling has been replaced by applying these tools. + +It could be said that these tools apply labeling implicitely, because effective implementation of these solutions requires that the solution ’knows’ what forms of protection each information asset needs. +That means classifying information assets (control 8.2.1) and determining acceptable use (control 8.1.3). +Labeling of digital information assets ‘close to the source’ – e.g. assign a classification-label to a database column – will help create a consistent approach across individual solutions. + +Looking at it that way, any metadata that helps ensure the acceptable use and proper handling of information assets could be identified as ‘labeling’. A data dictionary that contains classification information could also be considered to use labeling. + +Related: +- [ISO 27001 A 8.2.1 Classification of information](../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%208.2.1%20Classification%20of%20information.md) +- [ISO 27001 A 8.1.3 Acceptable use of assets](../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%208.1.3%20Acceptable%20use%20of%20assets.md) +- [[Enforcement tooling]] + +[ISO 27001 A 8.2.2 Labelling of information](../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%208.2.2%20Labelling%20of%20information.md) makes procedures for information labelling in accordance with the classification scheme mandatory. + +For physical assets it’s straightforward: a ‘restricted area’ sign on the door to the server room, a ‘classified’ mark on a folder, a ‘privacy sensitive’ sticker on a backup tape, etc. + +But how would you implement labeling in the digital domain of databases, file systems, SaaS environments, etc.? + +Brahman Thiyagalingham suggested in [this LinkedIn thread](https://www.linkedin.com/feed/update/urn:li:activity:6878704465160007680/?commentUrn=urn%3Ali%3Acomment%3A(groupPost%3A67493-6878704464929316864%2C6878973141931094016)&replyUrn=urn%3Ali%3Acomment%3A(groupPost%3A67493-6878704464929316864%2C6879367802243866624)) that, to ensure the proper handling of (digital) information assets, you would rely on "something like a proper RBAC model, Identity Access solution with a PAM, DRM and DLP". Implying the concept of labeling has been replaced by applying these tools. + +It could be said that these tools apply labeling implicitely, because effective implementation of these solutions requires that the solution ’knows’ what forms of protection each information asset needs. +That means classifying information assets (control 8.2.1) and determining acceptable use (control 8.1.3). +Labeling of digital information assets ‘close to the source’ – e.g. assign a classification-label to a database column – will help create a consistent approach across individual solutions. + +Looking at it that way, any metadata that helps ensure the acceptable use and proper handling of information assets could be identified as ‘labeling’. A data dictionary that contains classification information could also be considered to use labeling. + +Related: +- [ISO 27001 A 8.2.1 Classification of information](../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%208.2.1%20Classification%20of%20information.md) +- [ISO 27001 A 8.1.3 Acceptable use of assets](../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%208.1.3%20Acceptable%20use%20of%20assets.md) +- [[Enforcement tooling]] \ No newline at end of file diff --git a/Corpus/Drafts and Ideas/List of possible partners.md b/Corpus/Sparks/List of possible partners 1.md similarity index 100% rename from Corpus/Drafts and Ideas/List of possible partners.md rename to Corpus/Sparks/List of possible partners 1.md diff --git a/Corpus/Sparks/List of possible partners.md b/Corpus/Sparks/List of possible partners.md new file mode 100644 index 0000000..47bdcf1 --- /dev/null +++ b/Corpus/Sparks/List of possible partners.md @@ -0,0 +1,4 @@ +- [The Art of Service](The%20Art%20of%20Service.md) offers topical InfoSec Kanban boards +- 'Certificeringsadvies' offers independent external audits, they were employed by Networking4all +- [Muddassir via Gumroad](https://community.gumroad.com/c/share-your-wins/boring-fields-like-supply-chains-can-be-creative-enough-to-sell-digital-products?login_token=RyhWoyqXw2kT5de2eNp6RYjL6U4NY1aKLPmS#comment_wrapper_4014940). Runs a site on SCM and has offered to cross post content. + diff --git a/Corpus/Drafts and Ideas/Measures vs Workability.md b/Corpus/Sparks/Measures vs Workability.md similarity index 100% rename from Corpus/Drafts and Ideas/Measures vs Workability.md rename to Corpus/Sparks/Measures vs Workability.md diff --git a/Corpus/Drafts and Ideas/Modules, Screens and Content.md b/Corpus/Sparks/Modules, Screens and Content.md similarity index 100% rename from Corpus/Drafts and Ideas/Modules, Screens and Content.md rename to Corpus/Sparks/Modules, Screens and Content.md diff --git a/Corpus/Drafts and Ideas/Most Challenging Clauses in ISO 27001.md b/Corpus/Sparks/Most Challenging Clauses in ISO 27001.md similarity index 100% rename from Corpus/Drafts and Ideas/Most Challenging Clauses in ISO 27001.md rename to Corpus/Sparks/Most Challenging Clauses in ISO 27001.md diff --git a/Corpus/Drafts and Ideas/NHC ISMS tool_template nieuw.xlsx b/Corpus/Sparks/NHC ISMS tool_template nieuw.xlsx similarity index 100% rename from Corpus/Drafts and Ideas/NHC ISMS tool_template nieuw.xlsx rename to Corpus/Sparks/NHC ISMS tool_template nieuw.xlsx diff --git a/Corpus/Drafts and Ideas/Nedap ISMS tool structure.md b/Corpus/Sparks/Nedap ISMS tool structure.md similarity index 100% rename from Corpus/Drafts and Ideas/Nedap ISMS tool structure.md rename to Corpus/Sparks/Nedap ISMS tool structure.md diff --git a/Corpus/Drafts and Ideas/Operational Technology.md b/Corpus/Sparks/Operational Technology.md similarity index 100% rename from Corpus/Drafts and Ideas/Operational Technology.md rename to Corpus/Sparks/Operational Technology.md diff --git a/Corpus/Drafts and Ideas/Overzicht beveiliging nieuw.xlsx b/Corpus/Sparks/Overzicht beveiliging nieuw.xlsx similarity index 100% rename from Corpus/Drafts and Ideas/Overzicht beveiliging nieuw.xlsx rename to Corpus/Sparks/Overzicht beveiliging nieuw.xlsx diff --git a/Corpus/Drafts and Ideas/Perverse prikkels in de normindustrie.md b/Corpus/Sparks/Perverse prikkels in de normindustrie.md similarity index 100% rename from Corpus/Drafts and Ideas/Perverse prikkels in de normindustrie.md rename to Corpus/Sparks/Perverse prikkels in de normindustrie.md diff --git a/Corpus/Drafts and Ideas/Privacy.md b/Corpus/Sparks/Privacy 1.md similarity index 84% rename from Corpus/Drafts and Ideas/Privacy.md rename to Corpus/Sparks/Privacy 1.md index 6cdadc9..01aa61c 100644 --- a/Corpus/Drafts and Ideas/Privacy.md +++ b/Corpus/Sparks/Privacy 1.md @@ -1,4 +1,4 @@ -[Core concepts of Privacy](../Sparks/Core%20concepts%20of%20Privacy.md) +[Core concepts of Privacy](Core%20concepts%20of%20Privacy.md) [AVG GDPR resources](../Standards/AVG/AVG%20GDPR%20resources.md) Privacy in ISO 27001: diff --git a/Corpus/Drafts and Ideas/Problems solved.md b/Corpus/Sparks/Problems solved 1.md similarity index 100% rename from Corpus/Drafts and Ideas/Problems solved.md rename to Corpus/Sparks/Problems solved 1.md diff --git a/Corpus/Drafts and Ideas/Risk appetite.md b/Corpus/Sparks/Risk appetite 1.md similarity index 92% rename from Corpus/Drafts and Ideas/Risk appetite.md rename to Corpus/Sparks/Risk appetite 1.md index 016b411..16b25ae 100644 --- a/Corpus/Drafts and Ideas/Risk appetite.md +++ b/Corpus/Sparks/Risk appetite 1.md @@ -12,4 +12,4 @@ Articulate the risk appetite to: See [Topical InfoSec Kanban’s](../Literature%20notes/Topical%20InfoSec%20Kanban’s.md) for inspiration. -See also [Risk tolerance](../🎇%20Sparks/Risk%20tolerance.md) \ No newline at end of file +See also [Risk tolerance](..//Risk%20tolerance.md) \ No newline at end of file diff --git a/Corpus/Sparks/Risk tolerance.md b/Corpus/Sparks/Risk tolerance.md index 9d6ef1d..8927e58 100644 --- a/Corpus/Sparks/Risk tolerance.md +++ b/Corpus/Sparks/Risk tolerance.md @@ -6,5 +6,5 @@ NIST gives [several definitions](https://csrc.nist.gov/glossary/term/risk_tolera "The level of risk or the degree of uncertainty that is acceptable to an organization." -See also [Risk appetite](../💡Drafts%20and%20Ideas/Risk%20appetite.md) +See also [Risk appetite 1](Risk%20appetite%201.md) diff --git a/Corpus/Sparks/Risks vs Threats vs Vulnerabilities.md b/Corpus/Sparks/Risks vs Threats vs Vulnerabilities.md index 9f85e26..09c1101 100644 --- a/Corpus/Sparks/Risks vs Threats vs Vulnerabilities.md +++ b/Corpus/Sparks/Risks vs Threats vs Vulnerabilities.md @@ -4,4 +4,4 @@ Risks, threats and vulnerabilities are commonly misunderstood. Fundamentally, vulnerability and risk management practices exist to achieve a minimum level of protection for an organization, which equates to a reduction in the total risk due to the protections offered by implemented controls. This can be conceptualized as a "risk management ecosystem" as it pertains to an organization's overall cybersecurity & data protection efforts. These ecosystem components have unique meanings that need to be understood to reasonably protect people, processes, technology and data, as shown below: -![](2023-scf-risk-management-ecosystem%201.jpg) +![](2023-scf-risk-management-ecosystem-diagram.jpg) diff --git a/Corpus/Sparks/Risks.md b/Corpus/Sparks/Risks.md index a0958dc..325adf2 100644 --- a/Corpus/Sparks/Risks.md +++ b/Corpus/Sparks/Risks.md @@ -1,12 +1,12 @@ [Assets, Vulnerabilities, Threats, Risks](Assets,%20Vulnerabilities,%20Threats,%20Risks.md) -[Vulnerability](../💡Drafts%20and%20Ideas/Vulnerability.md) +[Vulnerability 1](Vulnerability%201.md) [Information security concepts MoC](../Information%20security%20concepts%20MoC.md) [Assets, Vulnerabilities, Threats, Risks](../📚️%20Literature%20notes/Assets,%20Vulnerabilities,%20Threats,%20Risks.md) See also slide decks made for workshop sessions. Those for Kaliber, Nedap and Networking4AL are the most recent. -See also [Risk appetite](../💡Drafts%20and%20Ideas/Risk%20appetite.md) +See also [Risk appetite 1](Risk%20appetite%201.md) See also [Classificatie van risico's obv Oorzaken](Classificatie%20van%20risico's%20obv%20Oorzaken.md) ## Definitions diff --git a/Corpus/Sparks/SURF Toolkit risicobeoordeling.md b/Corpus/Sparks/SURF Toolkit risicobeoordeling.md index 71c18e4..f6ae731 100644 --- a/Corpus/Sparks/SURF Toolkit risicobeoordeling.md +++ b/Corpus/Sparks/SURF Toolkit risicobeoordeling.md @@ -3,7 +3,7 @@ Bron: [SURF website](https://sec.surf.nl/asset/toolkit-risicobeoordeling/) -![](Handreiking%20risicobeoordeling%202.o.pdf) +![](Handreiking%20risicobeoordeling%202.0.pdf) **Powerpoint voor workshop** diff --git a/Corpus/Drafts and Ideas/Service management system block diagram.png b/Corpus/Sparks/Service management system block diagram.png similarity index 100% rename from Corpus/Drafts and Ideas/Service management system block diagram.png rename to Corpus/Sparks/Service management system block diagram.png diff --git a/Corpus/Sparks/Sticky labels.md b/Corpus/Sparks/Sticky labels.md index ab7e7c2..0ac314c 100644 --- a/Corpus/Sparks/Sticky labels.md +++ b/Corpus/Sparks/Sticky labels.md @@ -1,4 +1,4 @@ Data travels; how to make labels stick? -Links to the [Privacy](../Drafts%20and%20Ideas/Privacy.md) issue of [Data Provenance](Data%20Provenance.md) . +Links to the [Privacy 1](Privacy%201.md) issue of [Data Provenance](Data%20Provenance.md) . diff --git a/Corpus/Drafts and Ideas/The Art of Service.md b/Corpus/Sparks/The Art of Service.md similarity index 100% rename from Corpus/Drafts and Ideas/The Art of Service.md rename to Corpus/Sparks/The Art of Service.md diff --git a/Corpus/Sparks/Three user modes for AuditGlue.md b/Corpus/Sparks/Three user modes for AuditGlue.md new file mode 100644 index 0000000..96a47a9 --- /dev/null +++ b/Corpus/Sparks/Three user modes for AuditGlue.md @@ -0,0 +1,11 @@ +I foresee different user modes for AuditGlue: + +- Guided implementation: the novice user is taken step by step through the process of setting up the ISMS, including the identification of risks and the definition of controls. There is a lot of content (text, animations, video's) explaining the process and ISO 27001. +- Operational: aimed at users with ISO 27001 domain knowledge and experience. Offers traditional GRC software forms and dashboards +- Audits: offers an interface to facilitate internal and external audits. Based on a matrix with the ISO 27001 clauses and controls, against columns for identified risks, defined controls, stated policies, implementation (planned or achieved), measurements, monitoring activities, and evaluation outcomes. Each cell contains (links to) proofs. + +I foresee different user modes for AuditGlue: + +- Guided implementation: the novice user is taken step by step through the process of setting up the ISMS, including the identification of risks and the definition of controls. There is a lot of content (text, animations, video's) explaining the process and ISO 27001. +- Operational: aimed at users with ISO 27001 domain knowledge and experience. Offers traditional GRC software forms and dashboards +- Audits: offers an interface to facilitate internal and external audits. Based on a matrix with the ISO 27001 clauses and controls, against columns for identified risks, defined controls, stated policies, implementation (planned or achieved), measurements, monitoring activities, and evaluation outcomes. Each cell contains (links to) proofs. \ No newline at end of file diff --git a/Corpus/Drafts and Ideas/Toegevoegde waarde van ISO27DIY.md b/Corpus/Sparks/Toegevoegde waarde van ISO27DIY 1.md similarity index 100% rename from Corpus/Drafts and Ideas/Toegevoegde waarde van ISO27DIY.md rename to Corpus/Sparks/Toegevoegde waarde van ISO27DIY 1.md diff --git a/Corpus/Sparks/Using Obsidian 2.md b/Corpus/Sparks/Using Obsidian 2.md deleted file mode 100644 index 2622c06..0000000 --- a/Corpus/Sparks/Using Obsidian 2.md +++ /dev/null @@ -1,21 +0,0 @@ -The choice between frontmatter and main text for internal links in Obsidian depends on the purpose and nature of the links: - -**Put links in frontmatter when:** - -- Creating structured metadata relationships (like tags, categories, or formal associations) -- Building MOCs (Maps of Content) or index pages where you want clean, scannable link lists -- Using plugins that specifically read frontmatter fields (like Dataview queries) -- Creating "up" links to parent topics or broader categories -- Setting up formal taxonomies or hierarchical relationships - -**Put links in main text when:** - -- The links are part of your natural writing flow and thinking process -- You're making contextual connections that relate to specific ideas or sentences -- The links represent your active thought process while writing -- You want the links to be part of your reading experience when reviewing notes -- The connections are discoveries or insights that emerged while writing - -**Hybrid approach:** Many Obsidian users combine both methods. For example, you might put formal category links in frontmatter (`parent: [[Project Management]]`) while keeping contextual, thought-based links in the body text where they naturally arise during writing. - -The main text approach tends to be more organic and supports the "thinking in writing" philosophy that many note-takers prefer, while frontmatter links are better for systematic organization and plugin automation. Consider your primary use case: if you're building a knowledge system for later querying and analysis, lean toward frontmatter structure. If you're thinking through ideas and making connections as you write, embed them naturally in your text. \ No newline at end of file diff --git a/Corpus/Drafts and Ideas/Verantwoordelijkheid en middelen.md b/Corpus/Sparks/Verantwoordelijkheid en middelen.md similarity index 100% rename from Corpus/Drafts and Ideas/Verantwoordelijkheid en middelen.md rename to Corpus/Sparks/Verantwoordelijkheid en middelen.md diff --git a/Corpus/Drafts and Ideas/Voordelen van processvolwassenheid.md b/Corpus/Sparks/Voordelen van processvolwassenheid.md similarity index 100% rename from Corpus/Drafts and Ideas/Voordelen van processvolwassenheid.md rename to Corpus/Sparks/Voordelen van processvolwassenheid.md diff --git a/Corpus/Drafts and Ideas/Vulnerability.md b/Corpus/Sparks/Vulnerability 1.md similarity index 88% rename from Corpus/Drafts and Ideas/Vulnerability.md rename to Corpus/Sparks/Vulnerability 1.md index 37085b3..14b1365 100644 --- a/Corpus/Drafts and Ideas/Vulnerability.md +++ b/Corpus/Sparks/Vulnerability 1.md @@ -4,10 +4,10 @@ A vulnerability is a weakness that exposes an asset to possible compromise. Weak See also: -- [Assets](../🎇%20Sparks/Assets.md) -- [Risks](../🎇%20Sparks/Risks.md) +- [Assets](..//Assets.md) +- [Risks](..//Risks.md) - [Threat](../📚️%20Literature%20notes/Threat.md) -- [Vulnerability Disclosure Policy](../Sparks/Vulnerability%20Disclosure%20Policy.md) +- [Vulnerability Disclosure Policy](Vulnerability%20Disclosure%20Policy.md) - [Dealing with a reported application vulnerability Log4j](Dealing%20with%20a%20reported%20application%20vulnerability%20Log4j.md) - [Software vulnerability databases](../Literature%20notes/Software%20vulnerability%20databases.md) - (https://www.google.nl/search?q=software+vulnerability+databases) diff --git a/Corpus/Standards/ISO27x/Authentication.md b/Corpus/Standards/ISO27x/Authentication.md index 44e1e13..b5c4cbf 100644 --- a/Corpus/Standards/ISO27x/Authentication.md +++ b/Corpus/Standards/ISO27x/Authentication.md @@ -6,7 +6,7 @@ Authentication is the proof of identity that is achieved through providing crede See also: - [a-8.5-Secure-authentication](OST/27002/EN/a-8.5-Secure-authentication.md) - [Authentication Methods Used for Network Security](../../Literature%20notes/Authentication%20Methods%20Used%20for%20Network%20Security.md) -- [Identity and Access Management (IAM)](../../💡Drafts%20and%20Ideas/Identity%20and%20Access%20Management%20(IAM).md) +- [Identity and Access Management (IAM)](../../Sparks/Identity%20and%20Access%20Management%20(IAM).md) - [Authorization](Authorization.md) -- [Identification](../../💡Drafts%20and%20Ideas/Identification.md) +- [Identification](../../Sparks/Identification.md) diff --git a/Corpus/Standards/ISO27x/Authorization.md b/Corpus/Standards/ISO27x/Authorization.md index 7d0400a..9bab89d 100644 --- a/Corpus/Standards/ISO27x/Authorization.md +++ b/Corpus/Standards/ISO27x/Authorization.md @@ -5,9 +5,9 @@ See also: - [Authorization vs Access Control](../../Sparks/Authorization%20vs%20Access%20Control.md) - [Access Control Models](../../Sparks/Access%20Control%20Models.md) - [Authentication](Authentication.md) -- [Identification](../../💡Drafts%20and%20Ideas/Identification.md) +- [Identification](../../Sparks/Identification.md) - [CASSM Consumer Authentication Strength Maturity Model](../../Literature%20notes/CASSM%20Consumer%20Authentication%20Strength%20Maturity%20Model.md) -- [Identity and Access Management (IAM)](../../💡Drafts%20and%20Ideas/Identity%20and%20Access%20Management%20(IAM).md) +- [Identity and Access Management (IAM)](../../Sparks/Identity%20and%20Access%20Management%20(IAM).md) - [a-5.15-Access-control](OST/27002/EN/a-5.15-Access-control.md) ??? diff --git a/Corpus/Standards/ISO27x/Governance model for Policies and Controls.md b/Corpus/Standards/ISO27x/Governance model for Policies and Controls.md index 411f016..794077e 100644 --- a/Corpus/Standards/ISO27x/Governance model for Policies and Controls.md +++ b/Corpus/Standards/ISO27x/Governance model for Policies and Controls.md @@ -2,7 +2,7 @@ Based on ISO 27001 and ISO 27002, a governance model for your ISMS should be structured around **Top Management's accountability** while delegating the **tactical execution** to specific information security roles. -*See [Basic ISMS governance model](../../Drafts%20and%20Ideas/ISMS/Basic%20ISMS%20governance%20model.md) for a compacted version* +*See [Basic ISMS governance model](../../Sparks/ISMS/Basic%20ISMS%20governance%20model.md) for a compacted version* ## Related to the Policies Lifecycle Here is a suggested governance model mapping the lifecycle of security policies (commissioning, drafting, approving, etc.) to the specific roles mandated by the standards. diff --git a/Corpus/Standards/ISO27x/Implementation Products/BIA Workshop.md b/Corpus/Standards/ISO27x/Implementation Products/BIA Workshop.md index 3d4d5d5..62d444f 100644 --- a/Corpus/Standards/ISO27x/Implementation Products/BIA Workshop.md +++ b/Corpus/Standards/ISO27x/Implementation Products/BIA Workshop.md @@ -7,7 +7,7 @@ Voorbeelden: [Verbeterlijst](Verbeterlijst%20Producten.md#BIA%20Workshop) Literature notes: -- [Business Impact Analysis (BIA)](../../../🎇%20Sparks/Business%20Impact%20Analysis%20(BIA).md) +- [Business Impact Analysis (BIA)](../../../Sparks/Business%20Impact%20Analysis%20(BIA).md) **Doel:** diff --git a/Corpus/Standards/ISO27x/Implementation Products/DRP Workshop.md b/Corpus/Standards/ISO27x/Implementation Products/DRP Workshop.md index 0eb7f93..7573cdb 100644 --- a/Corpus/Standards/ISO27x/Implementation Products/DRP Workshop.md +++ b/Corpus/Standards/ISO27x/Implementation Products/DRP Workshop.md @@ -5,7 +5,7 @@ Voorbeelden: - [BIA en DRP Sessies HK](../../../../Clients/Humankind/BIA%20en%20DRP%20Sessies%20HK.md) Literatuur: -- [Disaster Recovery Planning](../../../🎇%20Sparks/Disaster%20Recovery%20Planning.md) +- [Disaster Recovery Planning](../../../Sparks/Disaster%20Recovery%20Planning.md) Doelen: - RPO – Recovery Point Objective (assets) – acceptable data loss; the point in time that you wish to recover to (maar wellicht ook een maat voor hoe vaak je een noodvoorziening (als een print-out van een rooster) moet verversen) diff --git a/Corpus/Standards/ISO27x/MoC Roles and responsibilities in ISO 27001.md b/Corpus/Standards/ISO27x/MoC Roles and responsibilities in ISO 27001.md index 6b051e7..7e62e9d 100644 --- a/Corpus/Standards/ISO27x/MoC Roles and responsibilities in ISO 27001.md +++ b/Corpus/Standards/ISO27x/MoC Roles and responsibilities in ISO 27001.md @@ -7,13 +7,13 @@ Recent: - [ISO 27001 Leadership Responsibilities](ISO%2027001%20Leadership%20Responsibilities.md) - [ISO 27001 Top Management responsibilities](ISO%2027001%20Top%20Management%20responsibilities.md) - [Governance model for Policies and Controls](Governance%20model%20for%20Policies%20and%20Controls.md) -- [Basic ISMS governance model](../../Drafts%20and%20Ideas/ISMS/Basic%20ISMS%20governance%20model.md) +- [Basic ISMS governance model](../../Sparks/ISMS/Basic%20ISMS%20governance%20model.md) - [m400-more-governance](../../../../iso27DIY-gis/guide/m400/m400-more-governance.md) Older: -- [Roles and Responsibilities](../../🎇%20Sparks/Roles%20and%20Responsibilities.md) -- [Risk ownership](../../🎇%20Sparks/Risk%20ownership.md) +- [Roles and Responsibilities](../../Sparks/Roles%20and%20Responsibilities.md) +- [Risk ownership](../../Sparks/Risk%20ownership.md) - [Ideas on Risk Ownership](../../Sparks/Ideas%20on%20Risk%20Ownership.md) -- [Asset ownership](../../🎇%20Sparks/Asset%20ownership.md) +- [Asset ownership](../../Sparks/Asset%20ownership.md) - [Procuratieregeling](../../Various/Procuratieregeling.md) - [Control ownership](../../Sparks/Control%20ownership.md) diff --git a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.7-Threat-intelligence.md b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.7-Threat-intelligence.md index b21bede..bd51f12 100644 --- a/Corpus/Standards/ISO27x/OST/27002/EN/a-5.7-Threat-intelligence.md +++ b/Corpus/Standards/ISO27x/OST/27002/EN/a-5.7-Threat-intelligence.md @@ -74,5 +74,5 @@ c)  as input to the information security test processes and techniques. The organization should share threat intelligence with other organizations on a mutual basis in order to improve overall threat intelligence. # Related: -- [Threat Intelligence](../../../../../🎇%20Sparks/Threat%20Intelligence.md) +- [Threat Intelligence](../../../../../Sparks/Threat%20Intelligence.md) - [[ISO_27002_PE 5.7 Threat intelligence]] diff --git a/Corpus/Standards/ISO27x/PECB-Lead-Auditor-Training/PECB 27001 LA S05 E03a - Risk treatment.md b/Corpus/Standards/ISO27x/PECB-Lead-Auditor-Training/PECB 27001 LA S05 E03a - Risk treatment.md index fb5d8c3..4357b51 100644 --- a/Corpus/Standards/ISO27x/PECB-Lead-Auditor-Training/PECB 27001 LA S05 E03a - Risk treatment.md +++ b/Corpus/Standards/ISO27x/PECB-Lead-Auditor-Training/PECB 27001 LA S05 E03a - Risk treatment.md @@ -50,4 +50,4 @@ The controls in Annex A are often described in just one or two sentences. You mu ## Footnotes [^1]: There's also a [Clause 8.3](../../../MoCs/ISO_27001_2022_8.3_MoC%20Information%20security%20risk%20treatment.md) Information security risk treatment in ISO 27001. It's very short: The organization shall implement the information security risk treatment plan, and it shall retain documented information on the treatments' results. -[^2]: See also [About the Statement of Applicability](../../../Drafts%20and%20Ideas/ISMS/About%20the%20Statement%20of%20Applicability.md). \ No newline at end of file +[^2]: See also [About the Statement of Applicability](../../../Sparks/ISMS/About%20the%20Statement%20of%20Applicability.md). \ No newline at end of file diff --git a/Corpus/Standards/ISO27x/legacy/AuditGlue Business model.md b/Corpus/Standards/ISO27x/legacy/AuditGlue Business model.md index 0e4125d..ded6dbc 100644 --- a/Corpus/Standards/ISO27x/legacy/AuditGlue Business model.md +++ b/Corpus/Standards/ISO27x/legacy/AuditGlue Business model.md @@ -1 +1 @@ -[Concurrenten](../../../../../💡Permanent%20ideas/Concurrenten.md) +[Concurrenten](../../../../../Permanent%20ideas/Concurrenten.md) diff --git a/Corpus/Standards/ISO27x/legacy/ISO 27001 2013/ISO 27001 A 8.2.2 Labelling of information.md b/Corpus/Standards/ISO27x/legacy/ISO 27001 2013/ISO 27001 A 8.2.2 Labelling of information.md index 187a470..b3c042a 100644 --- a/Corpus/Standards/ISO27x/legacy/ISO 27001 2013/ISO 27001 A 8.2.2 Labelling of information.md +++ b/Corpus/Standards/ISO27x/legacy/ISO 27001 2013/ISO 27001 A 8.2.2 Labelling of information.md @@ -3,4 +3,4 @@ An appropriate set of procedures for information labelling shall be developed and implemented in accordance with the information classification scheme adopted by the organization. Related: -- [Labeling of information in the digital domain](../../../../Drafts%20and%20Ideas/Labeling%20of%20information%20in%20the%20digital%20domain.md) \ No newline at end of file +- [Labeling of information in the digital domain](../../../../Sparks/Labeling%20of%20information%20in%20the%20digital%20domain.md) \ No newline at end of file diff --git a/Corpus/Standards/ISO27x/legacy/iso27DIY mk I/About ISO27DIY Policy Cards.md b/Corpus/Standards/ISO27x/legacy/iso27DIY mk I/About ISO27DIY Policy Cards.md index 3194b57..91ba364 100644 --- a/Corpus/Standards/ISO27x/legacy/iso27DIY mk I/About ISO27DIY Policy Cards.md +++ b/Corpus/Standards/ISO27x/legacy/iso27DIY mk I/About ISO27DIY Policy Cards.md @@ -27,6 +27,6 @@ Related ISO clauses and controls: Related ideas: - [ISO27DIY Recipe for Policy Cards](ISO27DIY%20Recipe%20for%20Policy%20Cards.md) - [BC5701_Training_Tab_03_MS](../../../BC%205701/BC5701_Training_Tab_03_MS.md#Beleid) -- [Modules, Screens and Content](../../../../Drafts%20and%20Ideas/Modules,%20Screens%20and%20Content.md) +- [Modules, Screens and Content](../../../../Sparks/Modules,%20Screens%20and%20Content.md) - [🧰 Resource portal](🧰%20Resource%20portal.md) - [Topical InfoSec Kanban’s](../../../../Literature%20notes/Topical%20InfoSec%20Kanban’s.md) diff --git a/Corpus/Standards/ISO27x/legacy/iso27DIY mk I/ISO 27001 in 27000 words.md b/Corpus/Standards/ISO27x/legacy/iso27DIY mk I/ISO 27001 in 27000 words.md index 4fb835a..17dd0a4 100644 --- a/Corpus/Standards/ISO27x/legacy/iso27DIY mk I/ISO 27001 in 27000 words.md +++ b/Corpus/Standards/ISO27x/legacy/iso27DIY mk I/ISO 27001 in 27000 words.md @@ -175,7 +175,7 @@ Again, don't loose yourself in academic discussions on the exact likelihoods of Also, don't try to create the 'Complete list of risks': start with the top-of-mind risks and expand and refine in the next iterations. -See also [Assets, Vulnerabilities, Threats, Risks](../../../../🎇%20Sparks/Assets,%20Vulnerabilities,%20Threats,%20Risks.md). +See also [Assets, Vulnerabilities, Threats, Risks](../../../../Sparks/Assets,%20Vulnerabilities,%20Threats,%20Risks.md). Next, you need to decide on Risk Treatment. diff --git a/Corpus/Standards/ISO27x/legacy/iso27DIY mk I/ISO 27001 structure diagram.md b/Corpus/Standards/ISO27x/legacy/iso27DIY mk I/ISO 27001 structure diagram.md index e414688..61d6566 100644 --- a/Corpus/Standards/ISO27x/legacy/iso27DIY mk I/ISO 27001 structure diagram.md +++ b/Corpus/Standards/ISO27x/legacy/iso27DIY mk I/ISO 27001 structure diagram.md @@ -1,6 +1,6 @@ The following picture is actually about a more general 'IT Service Managment system' but can be adapted to clarify the structure of [ISO 27001 A.13.2 Information transfer](../ISO%2027001%202013/ISO%2027001%20A.13.2%20Information%20transfer.md). -![](../../../../Drafts%20and%20Ideas/Service%20management%20system%20block%20diagram.png) +![](../../../../Sparks/Service%20management%20system%20block%20diagram%201.png) Source: https://theartofservice.com/wp-content/uploads/2021/07/Picture-1.png diff --git a/Corpus/Standards/ISO27x/legacy/iso27DIY mk I/ISO27DIY Business drivers.md b/Corpus/Standards/ISO27x/legacy/iso27DIY mk I/ISO27DIY Business drivers.md index ed76ab3..e21ab7d 100644 --- a/Corpus/Standards/ISO27x/legacy/iso27DIY mk I/ISO27DIY Business drivers.md +++ b/Corpus/Standards/ISO27x/legacy/iso27DIY mk I/ISO27DIY Business drivers.md @@ -1,3 +1,3 @@ -- [Perverse prikkels in de normindustrie](../../../../Drafts%20and%20Ideas/Perverse%20prikkels%20in%20de%20normindustrie.md) -- [GRC software is geschreven voor domeindeskundigen](../../../../Drafts%20and%20Ideas/GRC%20software%20is%20geschreven%20voor%20domeindeskundigen.md) -- [Problems solved](../../../../Drafts%20and%20Ideas/Problems%20solved.md) +- [Perverse prikkels in de normindustrie](../../../../Sparks/Perverse%20prikkels%20in%20de%20normindustrie.md) +- [GRC software is geschreven voor domeindeskundigen](../../../../Sparks/GRC%20software%20is%20geschreven%20voor%20domeindeskundigen.md) +- [Problems solved 1](../../../../Sparks/Problems%20solved%201.md) diff --git a/Corpus/Standards/ISO27x/legacy/iso27DIY mk I/ISO27DIY Business model.md b/Corpus/Standards/ISO27x/legacy/iso27DIY mk I/ISO27DIY Business model.md index efa064b..b951581 100644 --- a/Corpus/Standards/ISO27x/legacy/iso27DIY mk I/ISO27DIY Business model.md +++ b/Corpus/Standards/ISO27x/legacy/iso27DIY mk I/ISO27DIY Business model.md @@ -1,9 +1,9 @@ Child notes: - [Blurbs](../../../../Sparks/Blurbs.md) -- [Toegevoegde waarde van ISO27DIY](../../../../Drafts%20and%20Ideas/Toegevoegde%20waarde%20van%20ISO27DIY.md) +- [Toegevoegde waarde van ISO27DIY 1](../../../../Sparks/Toegevoegde%20waarde%20van%20ISO27DIY%201.md) - [Friendly targets](../../../../../../💡Permanent%20ideas/Friendly%20targets.md) - [Possible Colabs](../../../../Sparks/Possible%20Colabs.md) -- [List of possible partners](../../../../Drafts%20and%20Ideas/List%20of%20possible%20partners.md) +- [List of possible partners 1](../../../../Sparks/List%20of%20possible%20partners%201.md) - [ISO27DIY Business drivers](ISO27DIY%20Business%20drivers.md) - [AuditGlue Business model](../AuditGlue%20Business%20model.md) - [[### Related notes diff --git a/Corpus/Standards/ISO27x/legacy/iso27DIY mk I/💾 AuditGlue software.md b/Corpus/Standards/ISO27x/legacy/iso27DIY mk I/💾 AuditGlue software.md index 0326852..eca8294 100644 --- a/Corpus/Standards/ISO27x/legacy/iso27DIY mk I/💾 AuditGlue software.md +++ b/Corpus/Standards/ISO27x/legacy/iso27DIY mk I/💾 AuditGlue software.md @@ -4,9 +4,9 @@ Pivoting away from 'guided implementation management' to: Related: -- [Three user modes for AuditGlue](../../../../Drafts%20and%20Ideas/Three%20user%20modes%20for%20AuditGlue.md) -- [Distributed usage of AuditGlue](../../../../../../💡Permanent%20ideas/Distributed%20usage%20of%20AuditGlue.md) -- [Modules, Screens and Content](../../../../Drafts%20and%20Ideas/Modules,%20Screens%20and%20Content.md) +- [Three user modes for AuditGlue](../../../../Sparks/Three%20user%20modes%20for%20AuditGlue.md) +- [Distributed usage of AuditGlue](../../../../../../Permanent%20ideas/Distributed%20usage%20of%20AuditGlue.md) +- [Modules, Screens and Content](../../../../Sparks/Modules,%20Screens%20and%20Content.md) - [AuditGlue ERD](../AuditGlue%20ERD.md) - [AuditGlue Business model](../AuditGlue%20Business%20model.md) diff --git a/Corpus/Standards/NIST/NIST AI RMF.md b/Corpus/Standards/NIST/NIST AI RMF.md index 4603d84..2ef7577 100644 --- a/Corpus/Standards/NIST/NIST AI RMF.md +++ b/Corpus/Standards/NIST/NIST AI RMF.md @@ -6,4 +6,4 @@ Comparable to ISO/IEC 23894:2023 ? -See [Risk management](../../🎇%20Sparks/Risk%20management.md) +See [Risk management](../../Sparks/Risk%20management.md) diff --git a/Corpus/Standards/other/C2M2 Cybersecurity Capability Maturity.md b/Corpus/Standards/other/C2M2 Cybersecurity Capability Maturity.md index 05d50b6..b50cb93 100644 --- a/Corpus/Standards/other/C2M2 Cybersecurity Capability Maturity.md +++ b/Corpus/Standards/other/C2M2 Cybersecurity Capability Maturity.md @@ -8,5 +8,5 @@ Documentation, tools, practices and self-evaluation tools can be found through [ ![](C2M2%20Version%202.1%20June%202022.pdf) Related: -- [Operational Technology](../../💡Drafts%20and%20Ideas/Operational%20Technology.md) +- [Operational Technology](../../Sparks/Operational%20Technology.md) - [IEC 62443 Cybersecurity for operational technology in automation and control systems](IEC%2062443%20Cybersecurity%20for%20operational%20technology%20in%20automation%20and%20control%20systems.md) diff --git a/Corpus/Standards/other/OWASP Top 10 CI-CD Security Risks.md b/Corpus/Standards/other/OWASP Top 10 CI-CD Security Risks.md index c0c3f34..97748df 100644 --- a/Corpus/Standards/other/OWASP Top 10 CI-CD Security Risks.md +++ b/Corpus/Standards/other/OWASP Top 10 CI-CD Security Risks.md @@ -27,4 +27,4 @@ Laatste retrieval date: 5 februari 2025 [CICD-SEC-10](https://owasp.org/www-project-top-10-ci-cd-security-risks/CICD-SEC-10-Insufficient-Logging-And-Visibility): Insufficient Logging and Visibility -related: [Risk management](../../🎇%20Sparks/Risk%20management.md) +related: [Risk management](../../Sparks/Risk%20management.md) diff --git a/Corpus/Standards/other/SCF Risk Categories for Establishing a Risk Catalog.md b/Corpus/Standards/other/SCF Risk Categories for Establishing a Risk Catalog.md index d04236e..03236a8 100644 --- a/Corpus/Standards/other/SCF Risk Categories for Establishing a Risk Catalog.md +++ b/Corpus/Standards/other/SCF Risk Categories for Establishing a Risk Catalog.md @@ -11,6 +11,6 @@ More detail in Security & Privacy Risk Management Model (SP-RMM) Overview Related: - [Secure Controls Framework](../../Literature%20notes/Secure%20Controls%20Framework.md) -- [Risk analysis](../../🎇%20Sparks/Risk%20analysis.md) -- [Risk inventories](../../🎇%20Sparks/Risk%20inventories.md) +- [Risk analysis](../../Sparks/Risk%20analysis.md) +- [Risk inventories](../../Sparks/Risk%20inventories.md) diff --git a/Corpus/Standards/other/SCF Threat Categories for Establishing a Threat Catalog.md b/Corpus/Standards/other/SCF Threat Categories for Establishing a Threat Catalog.md index ef35fbd..6effdd5 100644 --- a/Corpus/Standards/other/SCF Threat Categories for Establishing a Threat Catalog.md +++ b/Corpus/Standards/other/SCF Threat Categories for Establishing a Threat Catalog.md @@ -7,8 +7,8 @@ https://securecontrolsframework.com/risk-management-model/ Related: - [Secure Controls Framework](../../Literature%20notes/Secure%20Controls%20Framework.md) -- [Threat Intelligence](../../🎇%20Sparks/Threat%20Intelligence.md) -- [Assets, Vulnerabilities, Threats, Risks](../../🎇%20Sparks/Assets,%20Vulnerabilities,%20Threats,%20Risks.md) +- [Threat Intelligence](../../Sparks/Threat%20Intelligence.md) +- [Assets, Vulnerabilities, Threats, Risks](../../Sparks/Assets,%20Vulnerabilities,%20Threats,%20Risks.md) Secure Controls Framework