Security

Operations
Resilience

CISO MindMap 2023

Threat Prevention Threat Detection Incident Management
(NIST CSF Identify & Protect) (NIST CSF Detect) (NIST CSF Respond & Recover)

Network/Application Log Analysis/correlation/SIEM Create adequate

Firewalls Incident Response
Alerting (IDS/IPS, FIM, capability
Vulnerability WAF, Antivirus, etc)

What do Security Professionals Really do?

Management Media Relations
NetFlow analysis
Incident Readiness Assessment
DLP
Scope Forensic Investigation
Threat hunting and Insider threat
Data Breach
Operating Systems MSSP integration Preparation

Network Devices Threat Detection

capability assessment
Update and Test
Applications
Incident Response Plan
Databases Gap assessment Set Leadership
Code Review Expectations
Prioritization to fill gaps
Physical Security Business Continuity
Security Projects SOC Operations Plan
Cloud misconfiguration testing
Business Case Development Forensic and IR
Mobile Devices & Apps SOC Resource Mgmt Partner, retainer
Alignment with IT Projects
Attack surface management SOC Staff continuous training Adequate Logging
Balance FTE and contractors
IoT Shift management Breach exercises
Balancing budget for (e.g. simulations)
People, Trainings, and OT/SCADA SOC procedures
Tools/Technology Budget First responders
Identify SOC Metrics and Reports Training
CapEx and OpEx considerations
SOC and NOC Integration Ransomware
Cyber Risk Insurance
Periodic (or continuous) SOC Tech stack management
Technology amortization
Comprehensive Threat Intelligence Feeds Identify critical systems
Retire redundant & under utilized tools and proper utilization
Classify Perform ransomware BIA
SOC DR exercise
Tie with BC/DR Plans

Acquisition Risk Assessment Risk Based Approach Partnerships with ISACs

Devise containment
Long term trend analysis strategy
Network/Application/Cloud Integration Cost Prioritize
Mergers and Acquisitions Ensure adequate backups
Mitigation (Fix, verify) Unstructured data from IoT
Identity Management
Integrate new data Periodic backup test
Security tools rationalization Measure
sources (see areas
Offline backups in case
Multi-Cloud architecture under skills development)
backup is ransomed.
Baseline Skills Development
Strategy and Guidelines Mock exercises
Metric
Cloud Security Posture Management (CSPM) Implement machine
Application Machine Learning integrity checking
Ownership/Liability/Incidents Security Skill Development
Automation and SOAR
Vendor's Financial Strength
Understand
Algorithm Biases
SLAs Application Development
Standards Playbooks
IOT
Infrastructure Audit
Secure Code Supply chain incident mgmt
Autonomous
Proof of Application Security Training and Review Vehicles
SaaS Strategy
Disaster Recovery Posture Application Vulnerability Testing Drones Keep inventory
Cloud Computing of software
Application Architecture Change Control Medical Devices components
File Integrity Monitoring
Integration of Identity
Industrial Control Integrate into
Management/Federation/SSO Web Application Firewall Systems (ICS) vulnerability mgmt
SaaS Policy and Guidelines Integration to SDLC Blockchain & Integrate into
and Project Delivery Smart Contracts
Cloud log integration/APIs SDLC and risk
Inventory open source components mgmt process
VIrtualized security appliances MITRE ATT&CK
Source code supply chain security Managing relationships
Cloud-native apps security Soft skills with law enforcement
API Security Human experience
Containers-to-container communication security
IPS DevOps Integration
Service mesh, micro services
Identity Management Prepare for unplanned work
serverless computing security
DLP Use of AI and Data Analytics
Technology advancements
Anti Malware, Anti-spam
Lost/Stolen devices
Mobile Technologies Proxy/Content Filtering Use of computer
BYOD and MDM (Mobile Device Management)
vision in physical
DNS security/ filtering security
Mobile Apps Inventory
Patching Log Anomaly Detection
HR/On Boarding/Termination
Processes DDoS Protection ML model training, retraining
Business Partnerships
Hardening guidelines Red team/blue team exercises (and whatever you want to call them)
Agility, Business Continuity and Disaster Recovery Business Enablement
Desktop security Integrate threat intelligence platform (TIP)
Understand industry trends (e.g. retail, financials, etc)
Encryption, SSL Deception technologies
Evaluating Emerging Technologies (Quantum, Crypto, Blockchain etc.)
for breach detection
PKI
IOT Frameworks
Full packet inspection
Security Health Checks
Hardware/Devices security features
Detect misconfigurations
Public software repositories
IOT Communication Protocols

Device Identity, Auth and Integrity

Over the Air updates Identity Credentialing

Track and Trace Account Creation/Deletions

Condition Based Monitoring

IOT
Last update: March 25, 2023 Single Sign On (SSO, Simplified sign on)

Expiration date: June 30, 2024

Customer Experience Repository (LDAP/Active Directory, Cloud Identity, Local ID stores)
IOT Use cases
Smart Grid Federation, SAML, Shibboleth

Smart Cities / Communities

Others ...
Twitter: @rafeeq_rehman 2-Factor (multi-factor) Authentication - MFA

Role-Based Access Control

IoT SaaS Platforms Downloads: http://rafeeqrehman.com Ecommerce and Mobile Apps

Data Analytics Password resets/self-service

Augmented and Virtual Reality HR Process Integration

Train InfoSec teams Integrating cloud-based identities

Identity Management
Secure models IoT device identities

Securing training and test data IAM SaaS solutions

Adversarial attacks Artificial Intelligence Unified identity profiles

Chatbots and NLP InfoSec Professionals Password-less authentication

Voice signatures

Deep fakes
Responsibilities Face recognition

ChatGPT phenomenon IAM with Zero Trust technologies

Drones Privileged access management

5G use cases and security Use of public identity OAuth

(Google, FB etc.)
Edge Computing OpenID

Digital Certificates

Embedding security in Requirements

Design reviews Strategy and business alignment

Security Testing Project Delivery Lifecycle Security policies, standards

Certification and Accreditation COSO

COBIT

ISO
Traditional Network Segmentation
Risk Mgmt/Control Frameworks ITIL
Micro segmentation strategy
NIST - relevant NIST standards and guidelines
Application protection
FAIR
Defense-in-depth
Visibility across multiple frameworks
Remote Access
Resource Management
Encryption Technologies
Roles and Responsibilities
Backup/Replication/Multiple Sites Governance
Data Ownership, sharing, and data privacy
Cloud/Hybrid/Multiple Cloud Vendors Security Architecture
Conflict Management
Software Defined Networking
Operational Metrics
Network Function Virtualization
Metrics and Reporting Executive Metrics and Reporting
Zero trust models and roadmap
Validating effectiveness of metrics
SASE/SSE strategy, vendors
IT, OT, IoT/IIoT Convergence
Overlay networks, secure enclaves
Explore options for cooperative SOC, collaborative infosec
Multi-Cloud architecture
Tools and vendors consolidation

Evaluating control effectiveness

CCPA, GDPR & other data privacy laws
Maintaining a roadmap/plan for 1-3 years
PCI

SOX
Aligning with Corporate
HIPAA and HITECH
Objectives
Regular Audits
Compliance and Audits Continuous Mgmt Updates, metrics
SSAE 18
Innovation and Value Creation
NIST/FISMA
Expectations Management
Executive order on improving the Nation's Cybersecurity
Selling InfoSec (Internal Branding)
Build project business cases
Other compliance needs
Show progress/ risk reduction

ROSI

Data Discovery and Data Ownership

Vendor Contracts
Enable Secure Application access
Investigations/Forensics
Secure expanded attack surface
Attorney-Client Privileges Legal and Human Resources Work from Home
Security of sensitive data accessed from home
Data Retention and Destruction

Team development, talent management

Automate patching

Secure DevOps, DevSecOps

Physical Security
Embedding security tools in CI/CD pipelines
Vulnerability Management
Automate threat hunting
Ongoing risk assessments/pen testing
Automate risk scoring
Integration to Project Delivery (PMO)
Automation Automate asset inventory
Code Reviews
Security infrastructure as code
Use of Risk Assessment Methodology and framework
Automate API inventory
Policies and Procedures
Automate risk register
Testing effectiveness Phishing and Associate Awareness
Automate security metrics
Data Discovery

Data Classification

Focus Areas for 2023-24

Access Control
Data Centric
Data Loss Prevention - DLP Approach

Partner Access
Risk Management
Encryption/Masking

Monitoring and Alerting

Industrial Controls
1. Increase attention on resilience
Systems

PLCs
2. Reduce and consolidate security tools and vendors
3. Build a brand for security team
Operational Technologies
SCADA

HMIs

Integrate threat intelligence 4. Untangle application web of components

Vendor risk management

Cyber Risk Quantification (CRQ)

5. Build expertise in emerging technologies
Risk Register

Loss, Fraud prevention

6. Create a security automation role

© Copyright 2012-2023 - Rafeeq Rehman