Scribd Logo
Upload

Welcome to Scribd!

  • Cybersecurity Domains 3.1

    Uploaded by

    Shun Kam
    310 views1 page
    The document presents a map of cybersecurity domains that outlines key areas such as identity and access management, data protection, cloud security, application security, risk management, and compliance. It shows the relationships between domains like how identity management relates to access control and privileged access management. The map is intended to help organizations understand the breadth of the cybersecurity field and where their programs may need improvement.

    Original Description:

    Good example of CISO mind map from Henry Jiang

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document presents a map of cybersecurity domains that outlines key areas such as identity and access management, data protection, cloud security, application security, risk management, and compliance. It shows the relationships between domains like how identity management relates to access control and privileged access management. The map is intended to help organizations understand the breadth of the cybersecurity field and where their programs may need improvement.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    310 views1 page

    Cybersecurity Domains 3.1

    Uploaded by

    Shun Kam
    The document presents a map of cybersecurity domains that outlines key areas such as identity and access management, data protection, cloud security, application security, risk management, and compliance. It shows the relationships between domains like how identity management relates to access control and privileged access management. The map is intended to help organizations understand the breadth of the cybersecurity field and where their programs may need improvement.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 1

    Data Leakage Prevention DDoS Prevention Patch Management Baseline Configuration

    The Map of Cybersecurity Domains


    Henry Jiang | March 2021 | REV 3.1
    Endpoint Hygiene
    Data Protection Network Design Secure System Build
    Certificate Management CI/CD integration
    Container Security
    Security UX
    Security Architecture Cryptography "Shift Left"
    Cloud Security Encryption Standards
    Federated Identity Security QA
    SAST Open Source Scan
    Vaulting
    Access Control Key and Secret Management S-SDLC API Security
    MFA & SSO Source Code Scan
    HSM
    Identity Management
    Security Engineering CIS Top 20 Controls 4th Party Risk
    ISO 27001 Application Security Assets Inventory
    CIS Benchmarks Vulnerability
    27017
    Privileged Access Identity & Access 27018 scan Infrastructure
    Management Management NIST Cybersecurity 3rd Party Risk (Network and Systems)
    Framework OWASP Top 10 Data-Flow Diagram
    Certifications
    (WebApp & API)
    Penetration test Social Engineering
    Training Conferences Risk Assessment
    Career Development MITRE DAST
    Frameworks
    ATT&CK Risk Monitoring Services
    and Standards
    Coaches and Framework Risk (Risk score) Application Pen Tests
    Role Models Acceptance
    Peer Groups Self Study Risk Treatment
    Statement
    Actions 1. Process Owners
    Cyber Insurance

    IoT Security Physical Security Cybersecurity Domains 2. Risk Mgmt Group PCI
    Enterprise Risk Management Lines of Defense

    Industry Specific HIPAA


    Vulnerability Risk Register 3. Audit
    Threat Hunting Management BCP/DR
    Training (new skills) Risk Appetite
    GDPR
    SOC1/SOC2 Central Government
    SOAR SIEM Security Operation Crisis Management
    Active Defense GLBA
    User Education CCPA
    Laws and Regulations Regional
    Detection Threat Intelligence Governance
    Security Operation Centers Incident Response NYS-DFS 23 NYCRR 500
    Awareness (reinforcement) Executive Management Involvement
    Breach Notification External Internal Risk Informed

    Investigation Cyber security table-top


    exercise Reports and Scorecards KPIs/KRIs
    Containment Blue Team Policy Company's Written Policies

    Red Team Contextual IOCs Intel. Sharing


    Forensics
    Eradication

    Standard Guideline
    Procedure

    Compliance & Enforcement

    You might also like