richardk/iso27diy-corp
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: richardk:b415f1110c2012b6829961c88a2d74d298fdfe2c
Branches Tags
richardk:main
..
compare: richardk:5906aa163f07e4f0fc1433b173bd8775581ebf12
Branches Tags
richardk:main

2 commits
b415f1110c ... 5906aa163f

Author SHA1 Message Date
Richard Kranendonk
5906aa163f moved a folder 2026-06-01 22:35:10 +02:00
Richard Kranendonk
5edd29361f moved scratch file folder 2026-06-01 20:11:34 +02:00
24 changed files with 89 additions and 29 deletions
Download patch file Download diff file Expand all files Collapse all files

2
Content Factory/Content Factory Implementation.md
View file

@ -17,7 +17,7 @@ See [PROJECT - Five Agents](PROJECT%20-%20Five%20Agents.md) for role description
- Create a single short Corpus Index Note with a list of all overview notes, with a one-line description of what they cover.
- Upload the Corpus Index Note and all Overview Notes to each agent Project. Claude will read the ones it needs and ignore the rest.
See [Corpus overview notes](../Corpus/Corpus%20overview%20notes.md).
See [Corpus overview notes](../metadata/Corpus%20overview%20notes.md).
**3. Prepare and maintain a log**

6
Content Factory/Scratch file/Data classification - how to make labels stick.md
View file

@ -1,6 +0,0 @@
# Data classification: how to make labels stick?
Data travels; how to make labels stick?
Links to the [Privacy in ISO 27001](../../Corpus/Standards/ISO27x/Privacy%20in%20ISO%2027001.md) issue of [Data Provenance](../../Corpus/Standards/AVG/Data%20Provenance.md) .

9
Content Factory/Scratch file/Example of ISO 27001 mystique.md
View file

@ -1,9 +0,0 @@
# Example of ISO 27001 mystique
ISO 27001 is a framework, and you cannot successfully implement it by treating the text of the standard as a series of instructions to be followed in the order in which they were printed. If you try that, things will become very confusing very quickly.
For example, the requirement of having an information security policy is first (?) mentioned in [Chapter 5.1](../../Corpus/MoCs/ISO_27001_2022_5.1_MoC%20Leadership%20and%20commitment.md), "Leadership and commitment", where it says that top management must have it established, *together* with information security objectives. Then in [Chapter 5.2](../../Corpus/Standards/ISO27x/OST/27001/EN/c-5.2-Policy.md), 'Policy', it states that these objectives form *part of* the information security policy, referencing forward to [Chapter 6.2](../../Corpus/MoCs/ISO_27001_2022_6.2_MoC%20Information%20security%20objectives%20and%20planning%20to%20achieve%20them.md), "Information security objectives and planning to achieve them", which demands that organizations should set objectives consistent with the policy. Of course there's also a corresponding Control called "Policies for information security" ([5.1](../../Corpus/Standards/ISO27x/legacy/iso27DIY%20mk%20I/ISO_27002_2022_5.1_MoC%20Policies%20for%20information%20security.md)), which explains that there will be an information security policy at the highest level of the organization, including objectives "or the framework for setting objectives", and further "topic-specific policies as needed", which of course need their own objectives.
Programmers may love this kind of recursiveness when it's in coding exercises.

4
Corpus/Standards/ISO27x/legacy/iso27DIY mk I/ISO27DIY Business drivers.md
View file

@ -1,3 +1,3 @@
- [Perverse prikkels in de normindustrie](../../../../../Content%20Factory/Scratch%20file/Perverse%20prikkels%20in%20de%20normindustrie.md)
- [GRC software is geschreven voor domeindeskundigen](../../../../../Content%20Factory/Scratch%20file/GRC%20software%20is%20geschreven%20voor%20domeindeskundigen.md)
- [Perverse prikkels in de normindustrie](../../../../../Marketing/content/Scratch%20file/Perverse%20prikkels%20in%20de%20normindustrie.md)
- [GRC software is geschreven voor domeindeskundigen](../../../../../Marketing/content/Scratch%20file/GRC%20software%20is%20geschreven%20voor%20domeindeskundigen.md)
- [Problems solved 1](../../../../Sparks/Problems%20solved%201.md)

2
Corpus/Standards/ISO27x/legacy/iso27DIY mk I/ISO27DIY Business model.md
View file

@ -1,6 +1,6 @@
Child notes:
- [Blurbs](../../../../Sparks/Blurbs.md)
- [Toegevoegde waarde van ISO27DIY](../../../../../Content%20Factory/Scratch%20file/Toegevoegde%20waarde%20van%20ISO27DIY.md)
- [Toegevoegde waarde van ISO27DIY](../../../../../Marketing/content/Scratch%20file/Toegevoegde%20waarde%20van%20ISO27DIY.md)
- [Friendly targets](../../../../../../💡Permanent%20ideas/Friendly%20targets.md)
- [Possible Colabs](../../../../../AuditGlue/Possible%20Colabs.md)
- [List of possible partners](../../../../../AuditGlue/List%20of%20possible%20partners.md)

2
Corpus/Standards/other/Privacy frameworks list.md
View file

@ -5,6 +5,6 @@
[Privacy in ISO 27k](../ISO27x/Privacy%20in%20ISO%2027k.md)
Related:
- [Privacy protection in Databases](../../../Content%20Factory/Scratch%20file/Privacy%20protection%20in%20Databases.md)
- [Privacy protection in Databases](../../../Marketing/content/Scratch%20file/Privacy%20protection%20in%20Databases.md)
- [ISO 27001 A.18.1.4 Privacy and protection of personally identifiable information](../ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A.18.1.4%20Privacy%20and%20protection%20of%20personally%20identifiable%20information.md)

6
marketing/content/Scratch file/Data classification - how to make labels stick.md Normal file
View file

@ -0,0 +1,6 @@
# Data classification: how to make labels stick?
Data travels; how to make labels stick?
Links to the [Privacy in ISO 27001](../../../Corpus/Standards/ISO27x/Privacy%20in%20ISO%2027001.md) issue of [Data Provenance](../../../Corpus/Standards/AVG/Data%20Provenance.md) .

9
marketing/content/Scratch file/Example of ISO 27001 mystique.md Normal file
View file

@ -0,0 +1,9 @@
# Example of ISO 27001 mystique
ISO 27001 is a framework, and you cannot successfully implement it by treating the text of the standard as a series of instructions to be followed in the order in which they were printed. If you try that, things will become very confusing very quickly.
For example, the requirement of having an information security policy is first (?) mentioned in [Chapter 5.1](../../Corpus/MoCs/ISO_27001_2022_5.1_MoC%20Leadership%20and%20commitment.md), "Leadership and commitment", where it says that top management must have it established, *together* with information security objectives. Then in [Chapter 5.2](../../../Corpus/Standards/ISO27x/OST/27001/EN/c-5.2-Policy.md), 'Policy', it states that these objectives form *part of* the information security policy, referencing forward to [Chapter 6.2](../../Corpus/MoCs/ISO_27001_2022_6.2_MoC%20Information%20security%20objectives%20and%20planning%20to%20achieve%20them.md), "Information security objectives and planning to achieve them", which demands that organizations should set objectives consistent with the policy. Of course there's also a corresponding Control called "Policies for information security" ([5.1](../../../Corpus/Standards/ISO27x/legacy/iso27DIY%20mk%20I/ISO_27002_2022_5.1_MoC%20Policies%20for%20information%20security.md)), which explains that there will be an information security policy at the highest level of the organization, including objectives "or the framework for setting objectives", and further "topic-specific policies as needed", which of course need their own objectives.
Programmers may love this kind of recursiveness when it's in coding exercises.

2
Content Factory/Scratch file/GRC software is geschreven voor domeindeskundigen.md → marketing/content/Scratch file/GRC software is geschreven voor domeindeskundigen.md
View file

@ -1,4 +1,4 @@
This note relates to the [ISO27DIY Business model](../../Corpus/Standards/ISO27x/legacy/iso27DIY%20mk%20I/ISO27DIY%20Business%20model.md)
This note relates to the [ISO27DIY Business model](../../../Corpus/Standards/ISO27x/legacy/iso27DIY%20mk%20I/ISO27DIY%20Business%20model.md)
Probleem: de GRC software wordt aangekocht om een operationeel probleem van de compliance officer op te lossen.

0
Content Factory/Scratch file/Hoe dwing je verantwoordelijkheid af.md → marketing/content/Scratch file/Hoe dwing je verantwoordelijkheid af.md
View file

0
Content Factory/Scratch file/Least privilege, need-to-know - principles vs practice.md → marketing/content/Scratch file/Least privilege, need-to-know - principles vs practice.md
View file

0
Content Factory/Scratch file/Perverse prikkels in de normindustrie.md → marketing/content/Scratch file/Perverse prikkels in de normindustrie.md
View file

0
Content Factory/Scratch file/Privacy protection in Databases.md → marketing/content/Scratch file/Privacy protection in Databases.md
View file

0
Content Factory/Scratch file/Toegevoegde waarde van ISO27DIY.md → marketing/content/Scratch file/Toegevoegde waarde van ISO27DIY.md
View file

0
Content Factory/Scratch file/Voordelen van processvolwassenheid.md → marketing/content/Scratch file/Voordelen van processvolwassenheid.md
View file

0
Content Factory/Scratch file/Weerbaarheid - bereid je voor op verstoring.md → marketing/content/Scratch file/Weerbaarheid - bereid je voor op verstoring.md
View file

0
Content Factory/Scratch file/longlist.md → marketing/content/Scratch file/longlist.md
View file

6
marketing/content/posts/ZZP/For Leadership/s02pxxnl - Toch een Cbw checklist.md
View file

@ -8,13 +8,9 @@ Deze checklist gaat niet over techniek, maar over management en beleid.
Het kost je een paar minuten, en dan weet je waar je staat, als op 1 juli 2026 de Cyberbeveiligingswet (Cbw) in werking treedt — en jij als bestuurder persoonlijk verantwoordelijk wordt voor informatiebeveiliging.
Als je na de checklist graag een uurtje wilt sparren over hoe nu verder, dan praat ik graag een uur met je.
— Cbw-compliance in 8 stappen — 5/5 \#managingsecurity \#Cbw \#NIS2
https://iso27diy.com/assets/cbw-checklist.html
---
— risicoanalyse en beveiligingsbeleid, incidentresponse, bedrijfscontinuïteit, leveranciersbeveiliging, systeembeveiliging, effectiviteitsbeoordeling, cyberhygiëne en opleiding, cryptografie, personeels- en toegangsbeheer, en authenticatie

2
marketing/content/posts/ZZP/For MSPs/Do you supply EU customers.md
View file

@ -15,4 +15,4 @@ They will check for the minimum measures listed in Art. 21(2):
You don't need to be certified. But you do need to be able to answer these questions — on paper, not just in your head. Have your answers ready!
You can find an interactive checklist [[on our site]]. If the checklist raises any questions on how to continue, I'm happy to spend an hour with you.
You can find an interactive checklist [on our site](https://iso27diy.com/assets/nis2-checklist.html). If the checklist raises any questions on how to continue, I'm happy to spend an hour with you.

0
Corpus/Corpus overview notes.md → metadata/Corpus overview notes.md
View file

0
Corpus/Metadata - ISO 27002 Themes and Attributes.md → metadata/Metadata - ISO 27002 Themes and Attributes.md
View file

0
Corpus/Obsidian Front Matter Syntax.md → metadata/Obsidian Front Matter Syntax.md
View file

4
Corpus/Standards/_Corpus-metadata.md → metadata/_Corpus-metadata.md
View file

@ -1,7 +1,7 @@
# Corpus Metadata
- All notes in this Obsidian vault need metadata.
- These metadata need to follow the [Obsidian Front Matter Syntax](../Obsidian%20Front%20Matter%20Syntax.md).
- These metadata need to follow the [Obsidian Front Matter Syntax](Obsidian%20Front%20Matter%20Syntax.md).
- Obsidian calls metadata variables 'Properties'
- In this Corpus we use General properties (every note should have them) and Specific properties (depending on the kind of note, can be inferred from other properties)
@ -33,5 +33,5 @@ For example, a note that needs to be linked to ISO 27001 clause 5.2 Policy, will
- These notes are tagged with “sourcetext”.
- The body of these notes must never be changed!
- Specific properties for ISO 27002 OST notes are deduced from chapter 4 of the standard ("Themes and Attributes"). They are: `theme`, `control_type`, `information_security_properties`, `cybersecurity_concepts`, `operational_capabilities`, and `security_domains`.
- For the possible values of these properties, see [Metadata - ISO 27002 Themes and Attributes](../Metadata%20-%20ISO%2027002%20Themes%20and%20Attributes.md).
- For the possible values of these properties, see [Metadata - ISO 27002 Themes and Attributes](Metadata%20-%20ISO%2027002%20Themes%20and%20Attributes.md).

64
metadata/front-matter-for-marketing-posts.md Normal file
View file

@ -0,0 +1,64 @@
# Front matter for marketing posts
From [claude chat](https://claude.ai/share/614ce436-307d-4740-a79f-40225461e743)
```
---
title: ""
series: "" # slug for the series this belongs to, e.g. "access-control-basics"
series-part: 1 # position within the series; omit if standalone
theme: "" # broader topic cluster, e.g. "ISO27001 myths"
channel: # list — a post can go to multiple channels
- linkedin
- newsletter
- blog
status: draft # draft | ready | scheduled | published
publish-date: # ISO 8601, e.g. 2026-06-10; can be a list if channels differ
linkedin: 2026-06-10
newsletter: 2026-06-17
blog: 2026-06-17
published-url: # fill in after publishing; one per channel
linkedin: ""
blog: ""
content-type: "" # post | article | newsletter-section | thread
source-notes: # vault notes this was drawn from
- "[[path/to/note]]"
tags: []
---
```
### Folder structure to go with it
```
Content Factory/
Publishing/
Series/
access-control-basics/
part-1.md
part-2.md
Standalone/
some-one-off-post.md
```
Or if you prefer tag-based grouping over folders, skip the subfolders and rely on `series` + Dataview to surface series views.
---
### Dataview query to check what's scheduled
dataview
```dataview
TABLE series, channel, publish-date, status
FROM "Content Factory/Publishing"
WHERE status != "published"
SORT publish-date ASC
```
---
### Issues to flag
- If you're already using front matter on content notes, check for conflicts with any existing `status` or `tags` fields before rolling this out.
- `published-url` will stay empty a lot. That's fine — it's a record, not a requirement.
- If posts get repurposed significantly between channels (not just reformatted), they probably deserve separate notes rather than one note with multiple channels listed.