Why should you study my CISO security mind map 2023?
Information and cyber security is a complex and evolving capability that every company must deal with.
But what is it?
How do you know you’re working on the rights topics and domains, and how do you know you’re doing a good enough job?
These are difficult questions to answer.
To help define what is information and cyber security, I have created a CISO security mind map 2023.
Identify
Cyber Security Governance: Security strategy, budgeting, alignment with business & business goals, roles & responsibilities, hiring and team strategy.
Data Governance: Data ownership, data rules, data usage approvals, separation of production and non-production, data masking, Personally Identifiable Information (PII).
Asset Management: Asset inventory, (automated) asset discovery, CMDB, asset types (systems, network, applications, etc.).
Risk Assessments, Threat Modeling, Pentesting & Red Teaming: Performing (periodic) risk assessments, pentesting or ethical hacking, red teaming, security compliance testing, application & business threat modeling, security by design.
Security and Privacy Standards: Alignment with security standards, NIST (CSF), ISO27001, SOC 2 / ISAE3402 type 1 & 2, CIS, NIS, PCI DSS, SOX, GDPR, CCPA, HIPAA.
Cyber Security Threat Intelligence: Monitoring of intelligence sources, threats from attackers, dark web monitoring, CSIRT.
Third-Party Risk Management (TPRM): TPRM governance, TPRM assessments for due diligence, periodic monitoring, profiling and risk tiering, secure onboarding, off-boarding, Software Bill of Materials (SBOM).
Protect
Endpoint Protection & Mobile Device Management: Endpoint protection on laptops/desktops/servers, BYOD/CYOD, Mobile Device Management (MDM), secure internet access (via proxy/firewall).
Network Security: Network and Web Application Firewalls, firewall rule reviews, Virtual Private Networks (VPN), (micro) segmentation, (virtual) LANs, software defined networking, segmented management access, jump servers, zero-trust networking, DMZs, (network) IDS/IPS, Proxy filtering, DDoS protection, Network Access Control (NAC), CASB Gateway, TLS/SSL offloading.
Vulnerability Management: Vulnerability scanning, vulnerability remediation, credentialed & non-credentialed scanning, managing and accepting vulnerabilities. Note: we have an article describing the differences between threat modeling and vulnerability management.
Hardening & Secure Configuration: Hardening baselines, hardening procedures, hardening scanning, deviations and deviation management.
Encryption and Cryptography: Encryption of data at rest & in transit, (virtual) disk encryption, database encryption, SSL/TLS, Key Management System, Public Key Infrastructure.
Secure Development & Deployment: Secure Software Development Life Cycle (SSDLC), CI/CD pipelines, CI/CD security triggers, security requirements, OWASP top 10.
Physical Security: Access badges, physical locks, anti-tailgating or piggybacking turnstiles, security guards, Data Center physical security.
Identity & Access Management (IAM): HR onboarding and off-boarding, HR integration, joiner + mover + leaver process, minimum password requirements, Single Sign On (SSO), Multi-Factor Authentication (MFA), Role Based Access Control (RBAC), Active Directory, Privileged Access Management, OAuth, smart cards, password managers, (key) vaults, federations, trusts.
Data Loss Protection: Data classification (i.e., public, internal, confidential, etc.), classifying (office) documents, limiting external storage access, limiting online sharing, Email scanning.
Security Awareness & Training: Compliance training, phishing training, training of special groups (i.e., privileged users, senior leadership, etc.), monitoring of compliance.
Brand and Domain Protection: Social media monitoring, domain monitoring, takedown requests, asset monitoring.
Detect
Security Logging & Monitoring: Endpoints + clients + servers + network components + applications with security logging enabled, centralized & untampered collection of logs, use case development, use of SIEM, monitoring events and follow-up.
Response and Recover
Secure Operations Center: Event monitoring, SOC investigation and response procedures, analysis of SIEM alerts, Indicators of Compromise, triage, threat intelligence, containment, recovery, isolation.
Incident Management: Incident Management plans and procedures, Incident Management task force, classification, incident response, forensics, data breach, incident playbooks.
Business Continuity Management (BCM) and Disaster Recovery (DR): Business Continuity Plan, Disaster Recovery plans and procedures, Disaster Recovery testing, recovery sites, hot + warm + cold sites.
