add id/title to the top and not on the bottom

Author: wurstbrot

data-new/BuildAndDeployment/Build/1/DefinedBuildProcess.yaml

@@ -1,4 +1,6 @@
 ---
+id: DefinedBuildProcess
+title: Defined build process
 risk: Performing builds without a defined process is error prone. For example, as
   a result of incorrect security related configuration.
 measure: A well defined build process lowers the possibility of errors during the
@@ -18,6 +20,4 @@ samm2: i-secure-build|A|1
 iso27001-2017:
 - 12.1.1
 - 14.2.2
-title: Defined build process
-id: DefinedBuildProcess
 ...

data-new/BuildAndDeployment/Build/2/BuildingAndTestingOfArtifactsInVirtualEnvironments.yaml

@@ -1,4 +1,6 @@
 ---
+id: BuildingAndTestingOfArtifactsInVirtualEnvironments
+title: Building and testing of artifacts in virtual environments
 risk: While building and testing artifacts, third party systems, application frameworks
   and 3rd party libraries are used. These might be malicious as a result of vulnerable
   libraries or because they are altered during the delivery phase.
@@ -19,6 +21,4 @@ implementation:
 samm2: i-secure-build|A|2
 iso27001-2017:
 - 14.2.6
-title: Building and testing of artifacts in virtual environments
-id: BuildingAndTestingOfArtifactsInVirtualEnvironments
 ...

data-new/BuildAndDeployment/Build/3/SigningOfArtifacts.yaml

@@ -1,4 +1,6 @@
 ---
+id: SigningOfArtifacts
+title: Signing of artifacts
 risk: Unauthorized manipulation of artifacts might be difficult to spot. For example,
   this may result in images with malicious code in the Docker registry.
 measure: Digitally signing artifacts for all steps during the build and especially
@@ -17,6 +19,4 @@ samm: OA3-B
 samm2: i-secure-build|A|1
 iso27001-2017:
 - 14.2.6
-title: Signing of artifacts
-id: SigningOfArtifacts
 ...

data-new/BuildAndDeployment/Build/3/SigningOfCode.yaml

@@ -1,4 +1,6 @@
 ---
+id: SigningOfCode
+title: Signing of code
 risk: Unauthorized manipulation of source code might be difficult to spot.
 measure: Digitally signing commits helps to prevent unauthorized manipulation of source
   code.
@@ -14,6 +16,4 @@ samm: OA3-B
 samm2: i-secure-build|A|2
 iso27001-2017:
 - 14.2.6
-title: Signing of code
-id: SigningOfCode
 ...

data-new/BuildAndDeployment/Deployment/1/DefinedDeploymentProcess.yaml

@@ -1,4 +1,6 @@
 ---
+id: DefinedDeploymentProcess
+title: Defined deployment process
 risk: Deployments without a defined process are error prone thus allowing old or untested
   artifact to be deployed.
 measure: A defined deployment process significantly lowers the likelihood of errors
@@ -13,6 +15,4 @@ samm2: i-secure-deployment|A|1
 iso27001-2017:
 - 12.1.1
 - 14.2.2
-title: Defined deployment process
-id: DefinedDeploymentProcess
 ...

data-new/BuildAndDeployment/Deployment/2/BackupBeforeDeployment.yaml

@@ -1,4 +1,6 @@
 ---
+id: BackupBeforeDeployment
+title: Backup before deployment
 risk: If errors are experienced during the deployment process you want to deploy an
   old release. However, due to changes in the database this is often unfeasible.
 measure: Performing automated backups before deployment can help facilitate deployments
@@ -17,6 +19,4 @@ samm2: TODO
 iso27001-2017:
 - "12.3"
 - 14.2.6
-title: Backup before deployment
-id: BackupBeforeDeployment
 ...

data-new/BuildAndDeployment/Deployment/2/EnvironmentDependingConfigurationParameters.yaml

@@ -1,4 +1,6 @@
 ---
+id: EnvironmentDependingConfigurationParameters
+title: Environment depending configuration parameters
 risk: Attackers who compromise source code can see confidential access information
   like database credentials.
 measure: Configuration parameters are set for each environment not in the source code.
@@ -13,6 +15,4 @@ samm2: i-secure-deployment|B|1
 iso27001-2017:
 - 9.4.5
 - 14.2.6
-title: Environment depending configuration parameters
-id: EnvironmentDependingConfigurationParameters
 ...

data-new/BuildAndDeployment/Deployment/2/UsageOfTrustedImages.yaml

@@ -1,4 +1,6 @@
 ---
+id: UsageOfTrustedImages
+title: Usage of trusted images
 risk: Developers or operations might start random images in the production cluster
   which have malicous code or known vulnerabilities.
 measure: Create image assessment criteria, perform an evaluation of images and create
@@ -16,6 +18,4 @@ iso27001-2017:
 - 15.1.2
 - 15.1.3
 - 14.1.3
-title: Usage of trusted images
-id: UsageOfTrustedImages
 ...

data-new/BuildAndDeployment/Deployment/3/HandoverOfConfidentialParameters.yaml

@@ -1,4 +1,6 @@
 ---
+id: HandoverOfConfidentialParameters
+title: Handover of confidential parameters
 risk: Attackers who compromise a system can see confidential access information like
   database credentials. Parameters are often used to set credentials, for example
   by starting containers or applications. These parameters can often be seen by any
@@ -21,6 +23,4 @@ iso27001-2017:
 - 9.4.3
 - 9.4.1
 - 10.1.2
-title: Handover of confidential parameters
-id: HandoverOfConfidentialParameters
 ...

data-new/BuildAndDeployment/Deployment/3/InventoryOfRunningArtifacts.yaml

@@ -1,4 +1,6 @@
 ---
+id: InventoryOfRunningArtifacts
+title: Inventory of running artifacts
 risk: In case a vulnerability of severity high or critical exists, it needs to be
   known where an artifacts with that vulnerability is deployed with which dependencies.
 measure: A documented inventory or a possibility to gather the needed information
@@ -14,6 +16,4 @@ samm2: o-incident-management|TODO
 iso27001-2017:
 - "8.1"
 - "8.2"
-title: Inventory of running artifacts
-id: InventoryOfRunningArtifacts
 ...