richardk/iso27diy-corp
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
iso27diy-corp/AuditGlue/GIS-content-map.md

74 lines
No EOL
12 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# GIS Content Map
- **m100: Implementing with ISO27DIY**
- [[m100s010-Modules-and-Sessions|m100s010]]: Modules and Sessions
- [[m100s020-about-AuditGlue|m100s020]]: About AuditGlue
- **m200: About ISO 27001**
- [[m200s010-about-ISO27001|m200s010]]: About ISO 27001
- **m300: Strategy, Risks and Leadership**
- [[m300s010-introduction|m300s010]]: Introduction to Strategy, Risks and Leadership
- [[m310s010-organizational-goals|m310s010]]: Organizational Goals
- [[m310s020-threat-landscape|m310s020]]: The Threat Landscape
- [[m310s030-Identifying-Strategic-Risks|m310s030]]: Identifying Strategic Risks
- [[m310s040-qualifying-risks|m310s040]]: Qualifying Risks
- [[m310s050-qualifying-impact|m310s050]]: Qualifying Impact
- [[m310s060-creating-the-risk-matrix|m310s060]]: Creating the Risk Matrix
- [[m310s070-Governance-model|m310s070]]: Governance model
- m310s080: Information Security Policy ([[ISO_27001_2022_5.2_MoC Policy|C5.2]])
- **m400: Context of the Organization**
- [[m400s010-introduction|m400s010]]: Introduction: Why Context Matters
- m400s020: Standards, Laws and Regulations ([[ISO_27001_2022_4.2_MoC Understanding the needs and expectations of interested parties|C4.2]], [[ISO_27002_2022_5.31_MoC Legal, statutory, regulatory and contractual requirements|A5.31]], [[ISO_27002_2022_5.34_MoC Privacy and protection of PII|A5.34]])
- m400s030: [[iso27diy-git-SYNC!/m300/m300s520-DESTEP-analysis|m300s520]]: **DESTEP analysis** ([[ISO_27001_2022_4.2_MoC Understanding the needs and expectations of interested parties|C4.2]])
- m400s040: [[iso27diy-m300s510|m300s510]]: **SWOT analysis** ([[ISO_27001_2022_4.1_MoC Understanding the organization and its context|C4.1]])
- m400s050: Stakeholder Analysis ([[ISO_27001_2022_4.2_MoC Understanding the needs and expectations of interested parties|C4.2]])
- **m410:Organizational Structures**
- [[Introduction for Organizational Structures]]
- Organizational processes ([[ISO_27001_2022_4.1_MoC Understanding the organization and its context|C4.1]])
- Organization Chart ([[ISO_27001_2022_4.1_MoC Understanding the organization and its context|C4.1]])
- Job architecture ([[ISO_27001_2022_4.1_MoC Understanding the organization and its context|C4.1]])
- Physical context (sites, buildings, areas) ([[ISO_27002_2022_7.1_MoC Physical security perimeters|A7.1]])
- Asset identification ([[ISO_27002_2022_5.9_MoC Inventory of information and other associated assets|A5.9]], [[ISO_27002_2022_5.32_MoC Intellectual property rights|A5.32]])
- **420: Planning the Implementation**
- [[m300s120-Setting-ISMS-Objectives|m300s120]]: Setting ISMS Objectives
- [[iso27diy-git-SYNC!/m300/m300s200-scope|m300s200]]: Setting the Scope
- Planning the ISMS implementation ([[ISO_27001_2022_6.1.1_MoC General|C6.1.1]])
- **m500: Risks and Measures**
- Risk identification ([[ISO_27001_2022_6.1.2_MoC Information security risk assessment|C6.1.2]])
- Risk analysis ([[ISO_27001_2022_6.1.2_MoC Information security risk assessment|C6.1.2]])
- Data classification ([[ISO_27002_2022_5.12_MoC Classification of information|A5.12]])
- Technical vulnerabilities Test ([[ISO_27002_2022_8.8_MoC Management of technical vulnerabilities|A8.8]])
- Threat analysis (technical) ([[ISO_27001_2022_6.1.2_MoC Information security risk assessment|C6.1.2]], [[ISO_27002_2022_5.7_MoC Threat intelligence|A5.7]], [[ISO_27002_2022_5.6_MoC Contact with special interest groups|A5.6]])
- Controls identification ([[ISO_27001_2022_6.1.3_MoC Information security risk treatment|C6.1.3]])
- Roles and responsibilities ([[ISO_27001_2022_5.2_MoC Policy|C5.2]], [[ISO_27001_2022_5.3_MoC Organizational roles, responsibilities and authorities|C5.3]], [[ISO_27002_2022_5.4_MoC Management responsibilities|A5.4]], [[ISO_27002_2022_5.3_MoC Segregation of duties|A5.3]], [[ISO_27002_2022_5.5_MoC Contact with authorities|A5.5]]) see [[m400-more-governance]]
- Planning Controls implementation ([[ISO_27001_2022_8.1_MoC Operational planning and control|C8.1]])
- Risk Management ([[ISO_27001_2022_8.1_MoC Operational planning and control|C8.1]], [[ISO_27001_2022_8.2_MoC Information security risk assessment|C8.2]], [[ISO_27001_2022_8.3_MoC Information security risk treatment|C8.3]], [[ISO_27001_2022_10.1_MoC Continual improvement|C10.1]])
- Controls implementation ([[ISO_27001_2022_8.3_MoC Information security risk treatment|C8.3]])
- **m600: Supporting the ISMS**
- Resources ([[ISO_27001_2022_7.1_MoC Resources|C7.1]])
- Competencies ([[ISO_27001_2022_7.2_MoC Competence|C7.2]])
- Documentation ([[ISO_27002_2022_5.33_MoC Protection of records|A5.33]], [[ISO_27001_2022_7.5.2_MoC Creating and updating|C7.5.2]])
- Policies ([[ISO_27002_2022_5.1_MoC Policies for information security|A5.1]])
- Review calendar ([[ISO_27002_2022_5.35_MoC Independent review of information security|A5.35]], [[ISO_27001_2022_7.5.2_MoC Creating and updating|C7.5.2]])
- Communication and Awareness ([[ISO_27001_2022_7.3_MoC Awareness|C7.3]], [[ISO_27001_2022_7.4_MoC Communication|C7.4]])
- **m700: Securing the Business**
- m710: Business Continuity
- Incident management ([[ISO_27002_2022_5.24_MoC Information security incident management planning and preparation|A5.24]], [[ISO_27002_2022_5.25_MoC Assessment and decision on information security events|A5.25]], [[ISO_27002_2022_5.26_MoC Response to information security incidents|A5.26]], [[ISO_27002_2022_5.27_MoC Learning from information security incidents|A5.27]], [[ISO_27002_2022_5.28_MoC Collection of evidence|A5.28]], [[ISO_27002_2022_5.29_MoC Information security during disruption|A5.29]], [[ISO_27002_2022_5.5_MoC Contact with authorities|A5.5]], [[ISO_27002_2022_5.6_MoC Contact with special interest groups|A5.6]])
- Business Impact Analyses ([[ISO_27002_2022_5.29_MoC Information security during disruption|A5.29]], [[ISO_27002_2022_5.30_MoC ICT readiness for business continuity|A5.30]])
- Business Continuity Planning ([[ISO_27002_2022_5.29_MoC Information security during disruption|A5.29]], [[ISO_27002_2022_5.30_MoC ICT readiness for business continuity|A5.30]], [[ISO_27002_2022_7.11_MoC Supporting utilities|A7.11]], [[ISO_27002_2022_5.5_MoC Contact with authorities|A5.5]])
- m720: People Processes
- HR Policies ([[ISO_27002_2022_6.1_MoC Screening|A6.1]], [[ISO_27002_2022_6.2_MoC Terms and conditions of employment|A6.2]], [[ISO_27002_2022_6.3_MoC Information security awareness, education and training|A6.3]], [[ISO_27002_2022_6.4_MoC Disciplinary process|A6.4]], [[ISO_27002_2022_6.5_MoC Responsibilities after termination or change of employment|A6.5]], [[ISO_27002_2022_6.6_MoC Confidentiality or non-disclosure agreements|A6.6]])
- User policies ([[ISO_27002_2022_5.10_MoC Acceptable use of information and other associated assets|A5.10]], [[ISO_27002_2022_5.11_MoC Return of assets|A5.11]], [[ISO_27002_2022_5.12_MoC Classification of information|A5.12]], [[ISO_27002_2022_5.13_MoC Labelling of information|A5.13]], [[ISO_27002_2022_5.14_MoC Information transfer|A5.14]], [[ISO_27002_2022_5.37_MoC Documented operating procedures|A5.37]], [[ISO_27002_2022_6.7_MoC Remote working|A6.7]], [[ISO_27002_2022_6.8_MoC Information security event reporting|A6.8]], [[ISO_27002_2022_7.7_MoC Clear desk and clear screen|A7.7]], [[ISO_27002_2022_8.24_MoC Use of cryptography|A8.24]])
- Training ([[ISO_27002_2022_6.3_MoC Information security awareness, education and training|A6.3]])
- 730: Technology processes
- Access Control ([[ISO_27002_2022_5.15_MoC Access control|A5.15]], [[ISO_27002_2022_5.16_MoC Identity management|A5.16]], [[ISO_27002_2022_5.17_MoC Authentication information|A5.17]], [[ISO_27002_2022_5.18_MoC Access rights|A5.18]], [[ISO_27002_2022_8.2_MoC Privileged access rights|A8.2]], [[ISO_27002_2022_8.3_MoC Information access restriction|A8.3]], [[ISO_27002_2022_8.4_MoC Access to source code|A8.4]], [[ISO_27002_2022_8.5_MoC Secure authentication|A8.5]])
- Technologies lifecycle ([[ISO_27002_2022_5.8_MoC Information security in project management|A5.8]], [[ISO_27002_2022_5.23_MoC Information security for use of cloud services|A5.23]], [[ISO_27002_2022_8.26_MoC Application security requirements|A8.26]], [[ISO_27002_2022_8.27_MoC Secure system architecture and engineering principles|A8.27]], [[ISO_27002_2022_8.28_MoC Secure coding|A8.28]], [[ISO_27002_2022_8.29_MoC Security testing in development and acceptance|A8.29]], [[ISO_27002_2022_8.30_MoC Outsourced development|A8.30]], [[ISO_27002_2022_8.31_MoC Separation of development, test and production environments|A8.31]], [[ISO_27002_2022_8.32_MoC Change management|A8.32]], [[ISO_27002_2022_8.33_MoC Test information|A8.33]], [[ISO_27002_2022_7.13_MoC Equipment maintenance|A7.13]], [[ISO_27002_2022_7.14_MoC Secure disposal or re-use of equipment|A7.14]], [[ISO_27002_2022_8.6_MoC Capacity management|A8.6]])
- Vendor management ([[ISO_27002_2022_5.19_MoC Information security in supplier relationships|A5.19]], [[ISO_27002_2022_5.20_MoC Addressing information security within supplier agreements|A5.20]], [[ISO_27002_2022_5.21_MoC Managing information security in the ICT supply chain|A5.21]], [[ISO_27002_2022_5.22_MoC Monitoring, review and change management of supplier services|A5.22]], [[ISO_27002_2022_5.23_MoC Information security for use of cloud services|A5.23]], [[ISO_27002_2022_8.29_MoC Security testing in development and acceptance|A8.29]])
- Device management ([[ISO_27002_2022_7.9_MoC Security of assets off-premises|A7.9]], [[ISO_27002_2022_7.10_MoC Storage media|A7.10]], [[ISO_27002_2022_8.1_MoC User endpoint devices|A8.1]], [[ISO_27002_2022_8.7_MoC Protection against malware|A8.7]])
- IT administration ([[ISO_27002_2022_8.7_MoC Protection against malware|A8.7]], [[ISO_27002_2022_8.8_MoC Management of technical vulnerabilities|A8.8]], [[ISO_27002_2022_8.9_MoC Configuration management|A8.9]], [[ISO_27002_2022_8.10_MoC Information deletion|A8.10]], [[ISO_27002_2022_8.11_MoC Data masking|A8.11]], [[ISO_27002_2022_8.12_MoC Data leakage prevention|A8.12]], [[ISO_27002_2022_8.13_MoC Information backup|A8.13]], [[ISO_27002_2022_8.14_MoC Redundancy of information processing facilities|A8.14]], [[ISO_27002_2022_8.15_MoC Logging|A8.15]], [[ISO_27002_2022_8.16_MoC Monitoring activities|A8.16]], [[ISO_27002_2022_8.17_MoC Clock synchronization|A8.17]], [[ISO_27002_2022_8.18_MoC Use of privileged utility programs|A8.18]], [[ISO_27002_2022_8.19_MoC Installation of software on operational systems|A8.19]], [[ISO_27002_2022_8.20_MoC Networks security|A8.20]], [[ISO_27002_2022_8.21_MoC Security of network services|A8.21]], [[ISO_27002_2022_8.22_MoC Segregation of networks|A8.22]], [[ISO_27002_2022_8.23_MoC Web filtering|A8.23]], [[ISO_27002_2022_8.24_MoC Use of cryptography|A8.24]], [[ISO_27002_2022_8.25_MoC Secure development life cycle|A8.25]], [[ISO_27002_2022_8.26_MoC Application security requirements|A8.26]], [[ISO_27002_2022_8.27_MoC Secure system architecture and engineering principles|A8.27]], [[ISO_27002_2022_8.28_MoC Secure coding|A8.28]], [[ISO_27002_2022_8.29_MoC Security testing in development and acceptance|A8.29]], [[ISO_27002_2022_8.30_MoC Outsourced development|A8.30]], [[ISO_27002_2022_8.31_MoC Separation of development, test and production environments|A8.31]], [[ISO_27002_2022_8.32_MoC Change management|A8.32]], [[ISO_27002_2022_8.33_MoC Test information|A8.33]], [[ISO_27002_2022_8.34_MoC Protection of information systems during audit testing|A8.34]], [[ISO_27002_2022_5.6_MoC Contact with special interest groups|A5.6]])
- Physical security ([[ISO_27002_2022_7.1_MoC Physical security perimeters|A7.1]], [[ISO_27002_2022_7.2_MoC Physical entry|A7.2]], [[ISO_27002_2022_7.3_MoC Securing offices, rooms and facilities|A7.3]], [[ISO_27002_2022_7.4_MoC Physical security monitoring|A7.4]], [[ISO_27002_2022_7.5_MoC Protecting against physical and environmental threats|A7.5]], [[ISO_27002_2022_7.6_MoC Working in secure areas|A7.6]], [[ISO_27002_2022_7.7_MoC Clear desk and clear screen|A7.7]], [[ISO_27002_2022_7.8_MoC Equipment siting and protection|A7.8]], [[ISO_27002_2022_7.12_MoC Cabling security|A7.12]])
- **800: Evaluate and Improve** ([[ISO_27001_2022_9_MoC Performance evaluation|C9]], [[ISO_27001_2022_10_MoC Improvement|C10]])
- Audits and Reviews ([[ISO_27001_2022_9.2_MoC Internal audit|C9.2]], [[ISO_27002_2022_5.35_MoC Independent review of information security|A5.35]], [[ISO_27002_2022_5.36_MoC Compliance with policies, rules and standards for information security|A5.36]])
- Management Reviews ([[ISO_27001_2022_9.3_MoC Management review|C9.3]])
- Planning of Changes ([[ISO_27001_2022_6.3_MoC Planning of changes|C6.3]])
- **900: ISO 27001 Audits**
- Afwijkingen en Correcties ([[ISO_27001_2022_10.1_MoC Continual improvement|C10.1]])
Reference in a new issue View git blame Copy permalink