richardk/iso27diy-corp
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
iso27diy-corp/Corpus/InfoSec-concepts-MoC-Suggestions-for-improvement.md
Richard Kranendonk edf18ed518 Notes added
2026-05-11 23:57:58 +02:00

25 lines
No EOL
1.9 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

[Claude Chat](https://claude.ai/share/a27adc09-6f72-4951-b20d-ce6b94b23f92):
OK, clear picture. Here's the honest assessment:
**What you have** is a manually curated, vault-specific MoC — essentially a flat link directory organized loosely by concept cluster. It's useful as a navigation aid but it's not a taxonomy, it has no definitions, inconsistent depth across topics, and it'll drift out of sync as your vault grows.
**Standardized alternatives worth knowing about:**
**NIST IR 7298 (Glossary of Key Information Security Terms)** Probably the closest drop-in. It's a freely available, regularly revised glossary of ~1000 terms, directly derived from NIST SP 800-x publications and FIPS standards. Flat AZ with authoritative definitions. No topology though.
**ISO/IEC 27000:2018** You already reference ISO 27002 Annex A in your frontmatter. ISO 27000 is specifically the vocabulary and definitions standard for the whole 27k family. If you're building ISO27DIY content, this is the canonical source. It's not free, but you presumably have it.
**NIST Cybersecurity Framework (CSF) 2.0 — Taxonomy** Organizes concepts into Functions → Categories → Subcategories. Gives you a proper hierarchy rather than a flat list. Better as a _structure_ than a dictionary.
**MITRE ATT&CK / CAPEC** Only relevant if you go deep on threat modeling — not general InfoSec concepts.
**The real question:** what is this MoC _for_ in your context?
If it's internal navigation in your vault → keep it, it's fine for that, no standard replaces it.
If it's meant to underpin the ISO27DIY corpus/knowledge base → you should anchor definitions to ISO 27000 + NIST IR 7298, and restructure around the CSF taxonomy or the ISO 27001/27002 clause structure instead of this ad hoc list.
If it's for end-user-facing content (glossary in the platform) → NIST IR 7298 is the most defensible, plain-English source to derive from.
Which of those is the actual use case?
Reference in a new issue View git blame Copy permalink