wurstbrot
Excel Export
As a CISO, I have to copy the information from dsomm to excel, manually. The excel sheet is shared with an auditor.
An xlsx or CSV export would help to reduce manual work.
@ioggstream
Usually the CISO needs to put the data from DSOMM to the SoA (Statement of Applicability), which is a default ISO27001-document. Attached you can find the Excel I usually use for it - based on ISO27001:2013, and with the two sheets "Mandatory controls" as well as "Annex A controls" - both are needed for the ISMS & a typical ISO27001-Audit. In both sheets you can find the column "Section", which refers to the ISO27001-section, and would be the key-value for the DSOMM-ISO27001-mapping. SoA_ISO27001_empty.xlsx
So, as a CISO I would like to have such a default ISO27001-SoA, where in a separate column all DSOMM-activities are listed/linked which are implemented in my organization, and where the value of "ISO 27001 Controls" within DSOMM matches the "Section" value of the SoA.
python pandas can do something like that easily (eg. export activities in a csv)
import pandas as pd
from yaml import safe_load
from pathlib import Path
def as_list(risk):
if isinstance(risk, str):
return [risk]
return risk
columns = ["dimension", "subdimension", "activity", "risk"]
dimensions = safe_load(Path("data/dimensions.yaml").read_text())
activities = [
(dimension, subdimension, activity, risk)
for dimension, v in d.items()
if not dimension.startswith("_")
for subdimension, activity_d in v.items()
if not subdimension.startswith("_")
for activity, data in activity_d.items()
if not activity.startswith("_")
for risk in as_list(data.get("risk", []))
]
df = pd.DataFrame(activities, columns=columns)
df.to_csv("activities.csv")