GIS Content Map

m100: Implementing with ISO27DIY
- m100s010: Modules and Sessions
- m100s020: About AuditGlue
m200: About ISO 27001
- m200s010: About ISO 27001
m300: Strategy, Risks and Leadership
- m300s010: Introduction to Strategy, Risks and Leadership
- m310s010: Organizational Goals
- m310s020: The Threat Landscape
- m310s030: Identifying Strategic Risks
- m310s040: Qualifying Risks
- m310s050: Qualifying Impact
- m310s060: Creating the Risk Matrix
- m310s070: Governance model
- m310s080: Information Security Policy (C5.2)
m400: Context of the Organization
- m400s010: Introduction: Why Context Matters
- m400s020: Standards, Laws and Regulations (C4.2, A5.31, A5.34)
- m400s030: iso27diy-git-SYNC!/m300/m300s520-DESTEP-analysis: DESTEP analysis (C4.2)
- m400s040: iso27diy-m300s510: SWOT analysis (C4.1)
- m400s050: Stakeholder Analysis (C4.2)
- m410:Organizational Structures
  - Introduction for Organizational Structures
  - Organizational processes (C4.1)
  - Organization Chart (C4.1)
  - Job architecture (C4.1)
  - Physical context (sites, buildings, areas) (A7.1)
  - Asset identification (A5.9, A5.32)
- 420: Planning the Implementation
  - m300s120: Setting ISMS Objectives
  - iso27diy-git-SYNC!/m300/m300s200-scope: Setting the Scope
  - Planning the ISMS implementation (C6.1.1)
m500: Risks and Measures
- Risk identification (C6.1.2)
- Risk analysis (C6.1.2)
- Data classification (A5.12)
- Technical vulnerabilities Test (A8.8)
- Threat analysis (technical) (C6.1.2, A5.7, A5.6)
- Controls identification (C6.1.3)
- Roles and responsibilities (C5.2, C5.3, A5.4, A5.3, A5.5) – see m400-more-governance
- Planning Controls implementation (C8.1)
- Risk Management (C8.1, C8.2, C8.3, C10.1)
- Controls implementation (C8.3)
m600: Supporting the ISMS
- Resources (C7.1)
- Competencies (C7.2)
- Documentation (A5.33, C7.5.2)
- Policies (A5.1)
- Review calendar (A5.35, C7.5.2)
- Communication and Awareness (C7.3, C7.4)
m700: Securing the Business
- m710: Business Continuity
  - Incident management (A5.24, A5.25, A5.26, A5.27, A5.28, A5.29, A5.5, A5.6)
  - Business Impact Analyses (A5.29, A5.30)
  - Business Continuity Planning (A5.29, A5.30, A7.11, A5.5)
- m720: People Processes
  - HR Policies (A6.1, A6.2, A6.3, A6.4, A6.5, A6.6)
  - User policies (A5.10, A5.11, A5.12, A5.13, A5.14, A5.37, A6.7, A6.8, A7.7, A8.24)
  - Training (A6.3)
- 730: Technology processes
  - Access Control (A5.15, A5.16, A5.17, A5.18, A8.2, A8.3, A8.4, A8.5)
  - Technologies lifecycle (A5.8, A5.23, A8.26, A8.27, A8.28, A8.29, A8.30, A8.31, A8.32, A8.33, A7.13, A7.14, A8.6)
  - Vendor management (A5.19, A5.20, A5.21, A5.22, A5.23, A8.29)
  - Device management (A7.9, A7.10, A8.1, A8.7)
  - IT administration (A8.7, A8.8, A8.9, A8.10, A8.11, A8.12, A8.13, A8.14, A8.15, A8.16, A8.17, A8.18, A8.19, A8.20, A8.21, A8.22, A8.23, A8.24, A8.25, A8.26, A8.27, A8.28, A8.29, A8.30, A8.31, A8.32, A8.33, A8.34, A5.6)
  - Physical security (A7.1, A7.2, A7.3, A7.4, A7.5, A7.6, A7.7, A7.8, A7.12)
800: Evaluate and Improve (C9, C10)
- Audits and Reviews (C9.2, A5.35, A5.36)
- Management Reviews (C9.3)
- Planning of Changes (C6.3)
900: ISO 27001 Audits
- Afwijkingen en Correcties (C10.1)

18 KiB Raw Blame History Unescape Escape

GIS Content Map

18 KiB

Raw Blame History