Context
Following a risk analysis with MONARC v2.13.3, I identified several issues regarding the ISO 27001/27002 standard shipped by default.
Issues Identified
1. Outdated standard version
- MONARC currently ships with ISO 27001:2013 by default
- ISO 27001:2022 version is not available natively
2. Incomplete ISO 27002:2022 standard
- ISO 27002:2022 standard exists in MOSP but only in English
- After importing into the knowledge base, risks are not linked to ISO 27001:2022
Developed Solution
I solved these issues by developing a set of SQL commands to:
- Migrate the database to ISO 27002:2022
- Create links between risks and the new standard
- Ensure data consistency
Contribution Proposal
I would like to propose an update to ./db-bootstrap/monarc_data.sql including:
- ISO 27002:2022 standard by default
- Mapping tables between ISO 27002:2013 and ISO 27002:2022
- Updated risk-measure links
Question
What is the recommended procedure to submit this contribution?
- Fork + Pull Request?
- Prior discussion with the team?
- Specific format for SQL data?
I remain available to discuss this enhancement.
Context
Following a risk analysis with MONARC v2.13.3, I identified several issues regarding the ISO 27001/27002 standard shipped by default.
Issues Identified
1. Outdated standard version
2. Incomplete ISO 27002:2022 standard
Developed Solution
I solved these issues by developing a set of SQL commands to:
Contribution Proposal
I would like to propose an update to
./db-bootstrap/monarc_data.sqlincluding:Question
What is the recommended procedure to submit this contribution?
I remain available to discuss this enhancement.