iso27diy-corp/AuditGlue/GIS-content-map.md

GIS Content Map

• m100: Implementing with ISO27DIY
  • m100s010-Modules-and-Sessions: Modules and Sessions
  • m100s020-about-AuditGlue: About AuditGlue
• m200: About ISO 27001
  • m200s010-about-ISO27001: About ISO 27001
• m300: Strategy, Risks and Leadership
  • m300s010-introduction: Introduction to Strategy, Risks and Leadership
  • m310s010-organizational-goals: Organizational Goals
  • m310s020-threat-landscape: The Threat Landscape
  • m310s030-Identifying-Strategic-Risks: Identifying Strategic Risks
  • m310s040-qualifying-risks: Qualifying Risks
  • m310s050-qualifying-impact: Qualifying Impact
  • m310s060-creating-the-risk-matrix: Creating the Risk Matrix
  • m310s070-Governance-model: Governance model
  • m310s080: Information Security Policy (ISO_27001_2022_5.2_MoC Policy)
• m400: Context of the Organization
  • m400s010-introduction: Introduction: Why Context Matters
  • m400s020: Standards, Laws and Regulations (ISO_27001_2022_4.2_MoC Understanding the needs and expectations of interested parties, ISO_27002_2022_5.31_MoC Legal, statutory, regulatory and contractual requirements, ISO_27002_2022_5.34_MoC Privacy and protection of PII)
  • m400s030: iso27diy-git-SYNC!/m300/m300s520-DESTEP-analysis: DESTEP analysis (ISO_27001_2022_4.2_MoC Understanding the needs and expectations of interested parties)
  • m400s040: iso27diy-m300s510: SWOT analysis (ISO_27001_2022_4.1_MoC Understanding the organization and its context)
  • m400s050: Stakeholder Analysis (ISO_27001_2022_4.2_MoC Understanding the needs and expectations of interested parties)
  • m410:Organizational Structures
    • Introduction for Organizational Structures
    • Organizational processes (ISO_27001_2022_4.1_MoC Understanding the organization and its context)
    • Organization Chart (ISO_27001_2022_4.1_MoC Understanding the organization and its context)
    • Job architecture (ISO_27001_2022_4.1_MoC Understanding the organization and its context)
    • Physical context (sites, buildings, areas) (ISO_27002_2022_7.1_MoC Physical security perimeters)
    • Asset identification (ISO_27002_2022_5.9_MoC Inventory of information and other associated assets, ISO_27002_2022_5.32_MoC Intellectual property rights)
  • 420: Planning the Implementation
    • m300s120-Setting-ISMS-Objectives: Setting ISMS Objectives
    • iso27diy-git-SYNC!/m300/m300s200-scope: Setting the Scope
    • Planning the ISMS implementation (ISO_27001_2022_6.1.1_MoC General)
• m500: Risks and Measures
  • Risk identification (ISO_27001_2022_6.1.2_MoC Information security risk assessment)
  • Risk analysis (ISO_27001_2022_6.1.2_MoC Information security risk assessment)
  • Data classification (ISO_27002_2022_5.12_MoC Classification of information)
  • Technical vulnerabilities Test (ISO_27002_2022_8.8_MoC Management of technical vulnerabilities)
  • Threat analysis (technical) (ISO_27001_2022_6.1.2_MoC Information security risk assessment, ISO_27002_2022_5.7_MoC Threat intelligence, ISO_27002_2022_5.6_MoC Contact with special interest groups)
  • Controls identification (ISO_27001_2022_6.1.3_MoC Information security risk treatment)
  • Roles and responsibilities (ISO_27001_2022_5.2_MoC Policy, ISO_27001_2022_5.3_MoC Organizational roles, responsibilities and authorities, ISO_27002_2022_5.4_MoC Management responsibilities, ISO_27002_2022_5.3_MoC Segregation of duties, ISO_27002_2022_5.5_MoC Contact with authorities) – see m400-more-governance
  • Planning Controls implementation (ISO_27001_2022_8.1_MoC Operational planning and control)
  • Risk Management (ISO_27001_2022_8.1_MoC Operational planning and control, ISO_27001_2022_8.2_MoC Information security risk assessment, ISO_27001_2022_8.3_MoC Information security risk treatment, ISO_27001_2022_10.1_MoC Continual improvement)
  • Controls implementation (ISO_27001_2022_8.3_MoC Information security risk treatment)
• m600: Supporting the ISMS
  • Resources (ISO_27001_2022_7.1_MoC Resources)
  • Competencies (ISO_27001_2022_7.2_MoC Competence)
  • Documentation (ISO_27002_2022_5.33_MoC Protection of records, ISO_27001_2022_7.5.2_MoC Creating and updating)
  • Policies (ISO_27002_2022_5.1_MoC Policies for information security)
  • Review calendar (ISO_27002_2022_5.35_MoC Independent review of information security, ISO_27001_2022_7.5.2_MoC Creating and updating)
  • Communication and Awareness (ISO_27001_2022_7.3_MoC Awareness, ISO_27001_2022_7.4_MoC Communication)
• m700: Securing the Business
  • m710: Business Continuity
    • Incident management (ISO_27002_2022_5.24_MoC Information security incident management planning and preparation, ISO_27002_2022_5.25_MoC Assessment and decision on information security events, ISO_27002_2022_5.26_MoC Response to information security incidents, ISO_27002_2022_5.27_MoC Learning from information security incidents, ISO_27002_2022_5.28_MoC Collection of evidence, ISO_27002_2022_5.29_MoC Information security during disruption, ISO_27002_2022_5.5_MoC Contact with authorities, ISO_27002_2022_5.6_MoC Contact with special interest groups)
    • Business Impact Analyses (ISO_27002_2022_5.29_MoC Information security during disruption, ISO_27002_2022_5.30_MoC ICT readiness for business continuity)
    • Business Continuity Planning (ISO_27002_2022_5.29_MoC Information security during disruption, ISO_27002_2022_5.30_MoC ICT readiness for business continuity, ISO_27002_2022_7.11_MoC Supporting utilities, ISO_27002_2022_5.5_MoC Contact with authorities)
  • m720: People Processes
    • HR Policies (ISO_27002_2022_6.1_MoC Screening, ISO_27002_2022_6.2_MoC Terms and conditions of employment, ISO_27002_2022_6.3_MoC Information security awareness, education and training, ISO_27002_2022_6.4_MoC Disciplinary process, ISO_27002_2022_6.5_MoC Responsibilities after termination or change of employment, ISO_27002_2022_6.6_MoC Confidentiality or non-disclosure agreements)
    • User policies (ISO_27002_2022_5.10_MoC Acceptable use of information and other associated assets, ISO_27002_2022_5.11_MoC Return of assets, ISO_27002_2022_5.12_MoC Classification of information, ISO_27002_2022_5.13_MoC Labelling of information, ISO_27002_2022_5.14_MoC Information transfer, ISO_27002_2022_5.37_MoC Documented operating procedures, ISO_27002_2022_6.7_MoC Remote working, ISO_27002_2022_6.8_MoC Information security event reporting, ISO_27002_2022_7.7_MoC Clear desk and clear screen, ISO_27002_2022_8.24_MoC Use of cryptography)
    • Training (ISO_27002_2022_6.3_MoC Information security awareness, education and training)
  • 730: Technology processes
    • Access Control (ISO_27002_2022_5.15_MoC Access control, ISO_27002_2022_5.16_MoC Identity management, ISO_27002_2022_5.17_MoC Authentication information, ISO_27002_2022_5.18_MoC Access rights, ISO_27002_2022_8.2_MoC Privileged access rights, ISO_27002_2022_8.3_MoC Information access restriction, ISO_27002_2022_8.4_MoC Access to source code, ISO_27002_2022_8.5_MoC Secure authentication)
    • Technologies lifecycle (ISO_27002_2022_5.8_MoC Information security in project management, ISO_27002_2022_5.23_MoC Information security for use of cloud services, ISO_27002_2022_8.26_MoC Application security requirements, ISO_27002_2022_8.27_MoC Secure system architecture and engineering principles, ISO_27002_2022_8.28_MoC Secure coding, ISO_27002_2022_8.29_MoC Security testing in development and acceptance, ISO_27002_2022_8.30_MoC Outsourced development, ISO_27002_2022_8.31_MoC Separation of development, test and production environments, ISO_27002_2022_8.32_MoC Change management, ISO_27002_2022_8.33_MoC Test information, ISO_27002_2022_7.13_MoC Equipment maintenance, ISO_27002_2022_7.14_MoC Secure disposal or re-use of equipment, ISO_27002_2022_8.6_MoC Capacity management)
    • Vendor management (ISO_27002_2022_5.19_MoC Information security in supplier relationships, ISO_27002_2022_5.20_MoC Addressing information security within supplier agreements, ISO_27002_2022_5.21_MoC Managing information security in the ICT supply chain, ISO_27002_2022_5.22_MoC Monitoring, review and change management of supplier services, ISO_27002_2022_5.23_MoC Information security for use of cloud services, ISO_27002_2022_8.29_MoC Security testing in development and acceptance)
    • Device management (ISO_27002_2022_7.9_MoC Security of assets off-premises, ISO_27002_2022_7.10_MoC Storage media, ISO_27002_2022_8.1_MoC User endpoint devices, ISO_27002_2022_8.7_MoC Protection against malware)
    • IT administration (ISO_27002_2022_8.7_MoC Protection against malware, ISO_27002_2022_8.8_MoC Management of technical vulnerabilities, ISO_27002_2022_8.9_MoC Configuration management, ISO_27002_2022_8.10_MoC Information deletion, ISO_27002_2022_8.11_MoC Data masking, ISO_27002_2022_8.12_MoC Data leakage prevention, ISO_27002_2022_8.13_MoC Information backup, ISO_27002_2022_8.14_MoC Redundancy of information processing facilities, ISO_27002_2022_8.15_MoC Logging, ISO_27002_2022_8.16_MoC Monitoring activities, ISO_27002_2022_8.17_MoC Clock synchronization, ISO_27002_2022_8.18_MoC Use of privileged utility programs, ISO_27002_2022_8.19_MoC Installation of software on operational systems, ISO_27002_2022_8.20_MoC Networks security, ISO_27002_2022_8.21_MoC Security of network services, ISO_27002_2022_8.22_MoC Segregation of networks, ISO_27002_2022_8.23_MoC Web filtering, ISO_27002_2022_8.24_MoC Use of cryptography, ISO_27002_2022_8.25_MoC Secure development life cycle, ISO_27002_2022_8.26_MoC Application security requirements, ISO_27002_2022_8.27_MoC Secure system architecture and engineering principles, ISO_27002_2022_8.28_MoC Secure coding, ISO_27002_2022_8.29_MoC Security testing in development and acceptance, ISO_27002_2022_8.30_MoC Outsourced development, ISO_27002_2022_8.31_MoC Separation of development, test and production environments, ISO_27002_2022_8.32_MoC Change management, ISO_27002_2022_8.33_MoC Test information, ISO_27002_2022_8.34_MoC Protection of information systems during audit testing, ISO_27002_2022_5.6_MoC Contact with special interest groups)
    • Physical security (ISO_27002_2022_7.1_MoC Physical security perimeters, ISO_27002_2022_7.2_MoC Physical entry, ISO_27002_2022_7.3_MoC Securing offices, rooms and facilities, ISO_27002_2022_7.4_MoC Physical security monitoring, ISO_27002_2022_7.5_MoC Protecting against physical and environmental threats, ISO_27002_2022_7.6_MoC Working in secure areas, ISO_27002_2022_7.7_MoC Clear desk and clear screen, ISO_27002_2022_7.8_MoC Equipment siting and protection, ISO_27002_2022_7.12_MoC Cabling security)
• 800: Evaluate and Improve (ISO_27001_2022_9_MoC Performance evaluation, ISO_27001_2022_10_MoC Improvement)
  • Audits and Reviews (ISO_27001_2022_9.2_MoC Internal audit, ISO_27002_2022_5.35_MoC Independent review of information security, ISO_27002_2022_5.36_MoC Compliance with policies, rules and standards for information security)
  • Management Reviews (ISO_27001_2022_9.3_MoC Management review)
  • Planning of Changes (ISO_27001_2022_6.3_MoC Planning of changes)
• 900: ISO 27001 Audits
  • Afwijkingen en Correcties (ISO_27001_2022_10.1_MoC Continual improvement)