1.9 KiB
OK, clear picture. Here's the honest assessment:
What you have is a manually curated, vault-specific MoC — essentially a flat link directory organized loosely by concept cluster. It's useful as a navigation aid but it's not a taxonomy, it has no definitions, inconsistent depth across topics, and it'll drift out of sync as your vault grows.
Standardized alternatives worth knowing about:
NIST IR 7298 (Glossary of Key Information Security Terms) Probably the closest drop-in. It's a freely available, regularly revised glossary of ~1000 terms, directly derived from NIST SP 800-x publications and FIPS standards. Flat A–Z with authoritative definitions. No topology though.
ISO/IEC 27000:2018 You already reference ISO 27002 Annex A in your frontmatter. ISO 27000 is specifically the vocabulary and definitions standard for the whole 27k family. If you're building ISO27DIY content, this is the canonical source. It's not free, but you presumably have it.
NIST Cybersecurity Framework (CSF) 2.0 — Taxonomy Organizes concepts into Functions → Categories → Subcategories. Gives you a proper hierarchy rather than a flat list. Better as a structure than a dictionary.
MITRE ATT&CK / CAPEC Only relevant if you go deep on threat modeling — not general InfoSec concepts.
The real question: what is this MoC for in your context?
If it's internal navigation in your vault → keep it, it's fine for that, no standard replaces it.
If it's meant to underpin the ISO27DIY corpus/knowledge base → you should anchor definitions to ISO 27000 + NIST IR 7298, and restructure around the CSF taxonomy or the ISO 27001/27002 clause structure instead of this ad hoc list.
If it's for end-user-facing content (glossary in the platform) → NIST IR 7298 is the most defensible, plain-English source to derive from.
Which of those is the actual use case?