Professional Documents
Culture Documents
• A c tiv e D e fe n s e • C r is is M a n a g e m e n t
• P a tc h in g • B r e a c h C o m m u n ic a tio n s
Identity and Access
Risk Management Management
P r o v is io n in g / D e p r o v is io n in g
Security R is k F r a m e w o r k s
• F A IR
• N IS T R M F
S in g le S ig n O n ( S S O )
F e d e r a t e d S in g le S ig n O n ( F S S O )
Leadership • O CTAVE
• TARA Governance
M u lt i- F a c t o r A u t h e n t ic a t io n
R o le - B a s e d A c c e s s C o n t r o l ( R B A C )
R is k A s s e s s m e n t M e t h o d o lo g y Stra te g y R o le s a n d R e s p o n s ib ilit ie s Id e n tity S to r e (L D A P , A c tiv e D ir e c to r y )
P O S T E R B u s in e s s Im p a c t A n a ly s is
B u s in e s s A lig n m e n t W o r k fo r c e P la n n in g
R is k A s s e s s m e n t P r o c e s s
R is k M a n a g e m e n t R eso u rce M a n a g em en t
R is k A n a ly s is a n d Q u a n t ifi c a t io n Leadership Skills
P ro g ra m Fra m ew o rk s D a t a C la s s ifi c a t io n
S e c u r ity A w a r e n e s s
• N IS T C S F S e c u r it y P o lic y B u s in e s s S tr a te g y S t a k e h o ld e r M a n a g e m e n t F in a n c ia l P la n n in g
V u ln e r a b ilit y M a n a g e m e n t • IS O 2 7 0 0 0
CISO Mind Map C r e a t in g a S e c u r it y C u lt u r e In d u s t r y K n o w le d g e N e g o tia tio n s B u d g e tin g
V e n d o r R is k M a n a g e m e n t
Version 1.1 C o n tro l Fra m e w o rk s S e c u r ity T r a in in g B u s in e s s A c u m e n M is s io n a n d V is io n In n o v a tio n
P h y s ic a l S e c u r ity • N IS T 8 0 0 -5 3
AND • A w a r e n e s s T r a in in g C o m m u n ic a t io n S k ills V a lu e s a n d C u lt u r e M a r k e tin g
D is a s te r R e c o v e r y (D R ) • C IS C o n t r o ls
Security Operations Center (SOC) B u s in e s s C o n t in u it y P la n n in g
• R o le - B a s e d T r a in in g P r e s e n t a t io n S k ills R o a d m a p D e v e lo p m e n t L e a d in g C h a n g e
P ro g ra m Stru ctu re M e tr ic s a n d R e p o r tin g
Essential Functions P o lic ie s a n d P r o c e d u r e s S t r a t e g ic P la n n in g B u s in e s s C a s e D e v e lo p m e n t C u s t o m e r R e la t io n s h ip s
P ro g ra m M a n a g em en t IT P o r t fo lio M a n a g e m e n t
R is k T r e a tm e n t T e c h n ic a l L e a d e r s h ip P r o je c t M a n a g e m e n t T e a m B u ild in g
For Cyber Leaders of Today and Tomorrow C o m m u n ic a t io n s P la n Change M anagem ent
• M it ig a t io n P la n n in g , V e r ifi c a t io n S e c u r it y C o n s u lt in g E m p lo y e e D e v e lo p m e n t M e n to r in g
s a n s .o r g / c u r r ic u la / m a n a g e m e n t • R e m e d ia tio n , C y b e r In s u r a n c e B o a r d C o m m u n ic a tio n s
Based on CISO MindMap by Rafeeq Rehman @rafeeq_rehman http://rafeeqrehman.com Used with permission.
MGT-PSTR-CISO/SOC-0118
Security Operations Center (SOC) Essential Functions
H IS T O R IC A L A S S E S S M E N T Learn how to design, build, operate, and mature a
W IT H N E W IO C s Security Operations Center (SOC)
MGT517: Managing Security Operations: Detection, Response, and Intelligence
O VERALL P RO CESS
www.sans.org/MGT517
Honeypots Full PCAP
H IG H -V A L U E IN D IC A T O R S • L O N G -T E R M A N A L Y S IS
• D A T A M IN IN G CO RRELATE ALERTS
A N D L O G E N T R IE S
IS O L A T E A N D • S T U D Y O F IN T E R A C T IO N TO R AW D ATA
C O N T A IN A S S E T S : • T H R E A T H U N T IN G
• L O G IC A L L Y
Business Units • P H Y S IC A L L Y External Systems
C O L L E C T O P E N -SO U R C E R E T A IN A D V E R S A R Y
N E T W O R K ID S W IR E L E S S ID S IN F O C H A R A C T E R IS T IC S
N ETW O RK LO G S H O ST LO G S
S W E E P E N T E R P R IS E
Open-Source Resources Attribution Info
IN T E R N A L T H R E A T A C T O R
A T T R IB U T IO N A N D C H A R A C T E R IS T IC S
H O S T ID S M ALW ARE
Steering Committee D E T O N A T IO N A P P L IC A T IO N L O G S
Internal
Incident response works with Systems C O L L E C T IN T E R N A L A D V E R S A R Y IN F O CO RRELATE EVEN TS
T H R E A T H U N T IN G TO TH R E AT ACTO R S
other SOC functions to:
• O B T A IN S U P P O R T A N D A N A L Y S IS
• P R O V ID E S T A T U S A N D R E P O R T IN G E R A D IC A T E R E TU R N TO
IS S U E S S E R V IC E
S E C U R I T Y O P E R AT I O N S C E N T E R
Management Internal Information Sources
Network
Incident Threat
Security
Response Intelligence
Monitoring
Configuration Monitoring Penetration Testing
• C R E A T E B A S E L IN E S • M O D E L A T T A C K E R S C E N A R IO S
• ID E N T IF Y C O N F IG U R A T IO N C H A N G E S • E X P L O IT S Y S T E M S
P R O V ID E IN F O R E L A T E D T O C A S E • M A IN T A IN S Y S T E M S • R E C O N N A IS S A N C E ,
IO C S F O R IN V E S T IG A T IO N
Command Self O R G A N IZ A T IO N A L IN T E L L IG E N C E
Host Forensics Forensics
M E M O R Y A N D D IS K A C Q U IS IT IO N Center Assessment • D E C O N F L IC T IO N
Network Forensics
Reverse L O G , E V E N T IN F O , Vulnerability Assessment Exercises
Engineering A N D P C A P A C Q U IS IT IO N
• ID E N T IF Y R IS K A N D E X P O S U R E • T A B L E T O P S C E N A R IO S
D E V IC E , S O F T W A R E ,
O R C O D E A C Q U IS IT IO N • AN ALYZE ASSET • S C A N S Y S T E M S F O R K N O W N V U L N E R A B IL IT IE S • M O D EL TH REATS AN D EVEN TS
• M A IN T A IN C H A IN O F C U S T O D Y
• E N S U R E A S S E T IN T E G R IT Y
• IM P A C T O F N E W V U L N E R A B IL IT IE S • T R A IN A N D A S S E S S S T A F F
• D R/B CP