-
Notifications
You must be signed in to change notification settings - Fork 0
/
Cybersecurity Domains 3.1.mm
183 lines (183 loc) · 6.79 KB
/
Cybersecurity Domains 3.1.mm
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
<map version="0.9.0">
<node TEXT=" Cybersecurity Domains">
<node TEXT="Security Architecture">
<node TEXT="Network Design">
<node TEXT="DDoS Prevention"></node>
</node>
<node TEXT="Security Engineering"></node>
<node TEXT="Data Protection ">
<node TEXT="Data Leakage Prevention"></node>
</node>
<node TEXT="Access Control">
<node TEXT="Identity Management ">
<node TEXT="Privileged Access
Management"></node>
<node TEXT="Identity & Access
Management "></node>
</node>
<node TEXT="Federated Identity"></node>
<node TEXT="MFA & SSO"></node>
</node>
<node TEXT="Cloud Security"></node>
<node TEXT="Secure System Build">
<node TEXT="Baseline Configuration "></node>
<node TEXT="Patch Management"></node>
</node>
<node TEXT="Cryptography">
<node TEXT="Key and Secret Management">
<node TEXT="Vaulting"></node>
<node TEXT="HSM"></node>
</node>
<node TEXT="Encryption Standards"></node>
<node TEXT="Certificate Management"></node>
</node>
<node TEXT="Endpoint Hygiene "></node>
<node TEXT="Container Security"></node>
</node>
<node TEXT="Security Operation ">
<node TEXT="Security Operation Centers"></node>
<node TEXT="Incident Response ">
<node TEXT="Breach Notification "></node>
<node TEXT="Containment "></node>
<node TEXT="Eradication "></node>
<node TEXT="Investigation ">
<node TEXT="Forensics "></node>
</node>
<node TEXT="Blue Team"></node>
<node TEXT="Red Team"></node>
<node TEXT="Detection"></node>
</node>
<node TEXT="SIEM">
<node TEXT="SOAR"></node>
</node>
<node TEXT="Vulnerability
Management"></node>
<node TEXT="Active Defense"></node>
<node TEXT="Threat Hunting"></node>
</node>
<node TEXT="Governance ">
<node TEXT="Laws and Regulations">
<node TEXT="Regional">
<node TEXT="CCPA"></node>
<node TEXT="NYS-DFS 23 NYCRR 500"></node>
</node>
<node TEXT="Central Government">
<node TEXT="GDPR"></node>
<node TEXT="GLBA"></node>
</node>
<node TEXT="Industry Specific ">
<node TEXT="PCI"></node>
<node TEXT="HIPAA"></node>
</node>
</node>
<node TEXT="Company's Written Policies">
<node TEXT="Policy"></node>
<node TEXT="Procedure "></node>
<node TEXT="Standard"></node>
<node TEXT="Guideline "></node>
<node TEXT="Compliance & Enforcement "></node>
</node>
<node TEXT="Executive Management Involvement ">
<node TEXT="Reports and Scorecards">
<node TEXT="KPIs/KRIs"></node>
</node>
<node TEXT="Risk Informed"></node>
</node>
</node>
<node TEXT="Risk Assessment ">
<node TEXT="3rd Party Risk ">
<node TEXT="4th Party Risk"></node>
</node>
<node TEXT="Penetration test">
<node TEXT="Infrastructure
(Network and Systems)"></node>
<node TEXT="Application Pen Tests"></node>
<node TEXT="Social Engineering "></node>
<node TEXT="DAST"></node>
</node>
<node TEXT="Vulnerability
scan"></node>
<node TEXT="Assets Inventory "></node>
<node TEXT="Risk Monitoring Services
(Risk score)"></node>
</node>
<node TEXT="User Education">
<node TEXT="Training (new skills)"></node>
<node TEXT="Awareness (reinforcement) "></node>
<node TEXT="Cyber security table-top
exercise "></node>
</node>
<node TEXT="Threat Intelligence ">
<node TEXT="Internal ">
<node TEXT="IOCs"></node>
<node TEXT="Intel. Sharing "></node>
</node>
<node TEXT="External">
<node TEXT="Contextual"></node>
</node>
</node>
<node TEXT="Career Development">
<node TEXT="Training"></node>
<node TEXT="Certifications"></node>
<node TEXT="Conferences "></node>
<node TEXT="Peer Groups"></node>
<node TEXT="Self Study"></node>
<node TEXT="Coaches and
Role Models"></node>
</node>
<node TEXT="Frameworks
and Standards ">
<node TEXT="NIST Cybersecurity
Framework"></node>
<node TEXT="ISO 27001
27017
27018"></node>
<node TEXT="OWASP Top 10
(WebApp & API)"></node>
<node TEXT="CIS Top 20 Controls
CIS Benchmarks"></node>
<node TEXT="MITRE
ATT&CK
Framework"></node>
</node>
<node TEXT="Physical Security">
<node TEXT="IoT Security"></node>
</node>
<node TEXT="Enterprise Risk Management">
<node TEXT="Lines of Defense ">
<node TEXT="3. Audit">
<node TEXT="SOC1/SOC2"></node>
</node>
<node TEXT="1. Process Owners"></node>
<node TEXT="2. Risk Mgmt Group"></node>
</node>
<node TEXT="Risk Treatment
Actions"></node>
<node TEXT="Risk Appetite "></node>
<node TEXT="Cyber Insurance"></node>
<node TEXT="BCP/DR"></node>
<node TEXT="Crisis Management"></node>
<node TEXT="Risk
Acceptance
Statement"></node>
<node TEXT="Risk Register"></node>
</node>
<node TEXT="Application Security">
<node TEXT="S-SDLC">
<node TEXT=""Shift Left"">
<node TEXT="CI/CD integration"></node>
</node>
</node>
<node TEXT="Source Code Scan">
<node TEXT="Open Source Scan"></node>
<node TEXT="SAST"></node>
</node>
<node TEXT="Data-Flow Diagram"></node>
<node TEXT="API Security"></node>
<node TEXT="Security UX"></node>
<node TEXT="Security QA"></node>
</node>
</node>
<node TEXT="The Map of Cybersecurity Domains
Henry Jiang | March 2021 | REV 3.1"></node>
</map>