[Enhancement] ISO 27001:2022 Migration - Update default database

[dbarzin]

Context

Following a risk analysis with MONARC v2.13.3, I identified several issues regarding the ISO 27001/27002 standard shipped by default.

Issues Identified

1. Outdated standard version

• MONARC currently ships with ISO 27001:2013 by default
• ISO 27001:2022 version is not available natively

2. Incomplete ISO 27002:2022 standard

• ISO 27002:2022 standard exists in MOSP but only in English
• After importing into the knowledge base, risks are not linked to ISO 27001:2022

Developed Solution

I solved these issues by developing a set of SQL commands to:

• Migrate the database to ISO 27002:2022
• Create links between risks and the new standard
• Ensure data consistency

Contribution Proposal

I would like to propose an update to ./db-bootstrap/monarc_data.sql including:

• ISO 27002:2022 standard by default
• Mapping tables between ISO 27002:2013 and ISO 27002:2022
• Updated risk-measure links

Question

What is the recommended procedure to submit this contribution?

• Fork + Pull Request?
• Prior discussion with the team?
• Specific format for SQL data?

I remain available to discuss this enhancement.

[ruslanbaidan]

The PR is under testing and is going to be deployed within the next release of the FrontOffice and BackOffice applications.