CISO MindMap 2024
Uploaded by
aquaellaCISO MindMap 2024
Uploaded by
aquaellaCISO MindMap 2024
Security
Operations
Resilience
Threat Prevention Threat Detection Incident Management
What do Security Professionals Really do?
(NIST CSF Identify & Protect) (NIST CSF Detect) (NIST CSF Respond & Recover)
Network/Application Log Analysis/correlation/SIEM Create adequate
Firewalls Incident Response
Alerting (IDS/IPS, FIM, capability
Vulnerability WAF, Antivirus, etc)
Management Incident Response Playbooks
NetFlow analysis
Incident Readiness Assessment
DLP
Scope Forensic Investigation
Threat hunting and Insider threat
Managing Security Projects Data Breach
Operating Systems MSSP integration Preparation
Business Case Development
Network Devices Threat Detection
Alignment with IT Projects capability assessment
Update and Test
Balancing budget for Applications
Incident Response Plan
People, Trainings, and Manage Infosec Budget
Databases Gap assessment
Tools/Technology Set Leadership
Code Review Expectations
CapEx and OpEx considerations Prioritization to fill gaps
Physical Security Business Continuity
Technology amortization SOC Operations Plan
Retire redundant & under utilized tools Team Management Cloud misconfiguration testing
Forensic and IR
Mobile Devices & Apps SOC Resource Mgmt Partner, retainer
Staff engagement and retention
Containers SOC Staff continuous training Adequate Logging
Staff burnout prevention
Staffing and Talent Management Breach exercises
Balance FTE and contractors Attack surface management Shift management
(e.g. simulations)
Staff training an skills update IoT SOC procedures
First responders
OT/SCADA SOC Metrics and Reports Training
Identify (periodic or continuous) SOC and NOC Integration IR Playbook testing
Acquisition Risk Assessment
Classify SOC Tech stack management Media Relations
Network/Application/Cloud Integration Cost
Mergers and Acquisitions Threat Intelligence Feeds Business Continuity
Identity Management and proper utilization Planning
Risk Based Approach
Security tools rationalization SOC DR exercise Ransomware
Prioritize (e.g. use of EPSS)
Multi-Cloud architecture Partnerships with ISACs
Mitigation (Fix, verify)
Strategy and Guidelines Long term trend analysis Identify critical systems
Measure
Cloud Security Posture Management (CSPM) Unstructured data from IoT Perform ransomware BIA
Ownership/Liability/Incidents Integrate new data Tie with BC/DR Plans
Baseline
sources (see areas
Vendor's Financial Strength Devise containment
Metrics under skills development)
strategy
SLAs Application Skills Development
Ensure adequate backups
Security
Infrastructure Audit
Periodic backup test
Proof of Application Security Machine Learning
Application Development Skill Development Offline backups in case
Disaster Recovery Posture SaaS Strategy Standards backup is ransomed.
Understand
Application Architecture Cloud Computing Secure Code Algorithm Biases Mock exercises
Training and Review
Integration of Identity IOT Implement machine
Management/Federation/SSO Application Vulnerability Testing integrity checking
Autonomous
SaaS Policy and Guidelines Change Control Vehicles Automation and SOAR
File Integrity Monitoring
Cloud log integration/APIs Drones
Web Application Firewall Playbooks
Virtualized security appliances Medical Devices
Integration to SDLC Supply chain incident mgmt
Cloud-native apps security and Project Delivery Industrial Control
Systems (ICS)
Containers-to-container communication security Inventory open source components
MITRE ATT&CK Keep inventory
Service mesh, micro services Source code supply chain security of software
Soft skills components
Serverless computing security API Security
DevOps Integration Integrate into
Technology advancements Network IPS and IDS vulnerability mgmt
Prepare for unplanned work
Lost/Stolen devices Identity Management Integrate into
Mobile Technologies Use of AI, GenAI and Data Analytics SDLC and risk
BYOD and MDM (Mobile Device Management) DLP
Business Enablement mgmt process
Mobile Apps Inventory Anti Malware, Anti-spam
Use of computer Managing relationships
HR/On Boarding/Termination vision in physical with law enforcement
Proxy/Content Filtering
Processes security
Business Partnerships Post-incident analysis
DNS security/ filtering
Log Anomaly Detection
Agility, Business Continuity and Disaster Recovery Cyber Risk Insurance
Patching
ML model training, retraining
Understand industry trends (e.g. retail, financials, etc) DDoS Protection
Red team/blue team exercises
Evaluating Emerging Technologies (Quantum, Crypto, GenAI, Blockchain etc.) Hardening guidelines
Integrate threat intelligence platform (TIP)
IOT Frameworks Desktop security
Deception technologies
Hardware/Devices security features Encryption, SSL, PKI for breach detection
IOT Communication Protocols Security Health Checks Full packet inspection
Device Identity, Auth and Integrity Public software repositories Detect misconfigurations
Over the Air updates
Track and Trace
IOT Identity Credentialing
Condition Based Monitoring
Customer Experience
Last update: March 31, 2024 Account Creation/Deletions
IOT Use cases Single Sign On (SSO, Simplified sign on)
Smart Grid
Expiration date: June 30, 2025 Repository (LDAP/Active Directory, Cloud Identity, Local ID stores)
Smart Cities / Communities
Others ... Twitter: @rafeeq_rehman Federation, SAML, Shibboleth
2-Factor (multi-factor) Authentication - MFA
Downloads: http://rafeeqrehman.com
IoT SaaS Platforms
Role-Based Access Control
Data Analytics
Ecommerce and Mobile Apps
Augmented and Virtual Reality
Password resets/self-service
Drones
HR Process Integration
5G use cases and security
Integrating cloud-based identities
Edge Computing Identity Management
IoT device identities
IAM SaaS solutions
AI Governance, Policies, Transparency Unified identity profiles
LLMs and Chatbots Voice signatures
Password-less authentication
Safe and ethical uses of GenAI Face recognition
Secure AI, GenAI models
InfoSec Professionals IAM with Zero Trust technologies
Protecting Intellectual Property
Responsibilities
Privileged access management
Identify GenAI use cases Use of public identity OAuth
(Google, FB etc.)
Securing training and test data Artificial Intelligence OpenID
Adversarial attacks and Generative AI (GenAI) Digital Certificates
Deep fakes
Train InfoSec teams
Strategy and business alignment
NIST AI Risk Mgmt Framework
Security policies, standards
Use of GenAI in task automation
COSO
IMPORTANT: Be aware of hype and vendor promises
COBIT
ISO
Embedding security in Requirements ITIL
Threat modeling and Design reviews Risk Mgmt/Control Frameworks NIST - relevant NIST standards
Security Testing Project Delivery Lifecycle FAIR
Certification and Accreditation FISMA
CMMC
Traditional Network Segmentation Visibility across multiple frameworks
Micro segmentation strategy Governance Roles and Responsibilities (RACI charts)
Application protection Data Ownership, sharing, and data privacy
Defense-in-depth Conflict Management
Remote Access Operational Metrics
Encryption Technologies Metrics and Reporting Executive Metrics and Reporting
Backup/Replication/Multiple Sites Validating effectiveness of metrics
Cloud/Hybrid/Multiple Cloud Vendors Security Architecture IT, OT, IoT/IIoT Convergence
Software Defined Networking Explore options for cooperative SOC, collaborative infosec
Network Function Virtualization Tools and vendors consolidation
Zero trust models and roadmap Evaluating control effectiveness
SASE/SSE strategy, vendors Maintaining a roadmap/plan for 1-3 years
Overlay networks, secure enclaves
Multi-Cloud architecture Aligning with Corporate
Objectives
Continuous Mgmt Updates, metrics
CCPA, GDPR & other data privacy laws
Negotiation, give and take
PCI
Corporate politics, picking battles carefully
SOX
Security Team Branding Innovation and Value Creation
HIPAA and HITECH
Expectations Management
Regular Audits
Show progress/ risk reduction
SSAE 18
ROSI
NIST/FISMA Compliance and Audits
CMMC
Enable Secure Application access
HITRUST
Secure expanded attack surface
SEC notification requirements
Remote Work Security of sensitive data accessed from home
Executive order on improving the Nation's Cybersecurity
Zero trust access to applications
Other compliance needs
Automate patching
Data Discovery and Data Ownership
Secure DevOps, DevSecOps
Vendor Contracts
Embedding security tools in CI/CD pipelines
Investigations/Forensics
Legal and Human Resources Automate threat hunting
Attorney-Client Privileges
Automate risk scoring
Data Retention and Destruction
Automation and Analytics Automate asset inventory
Security infrastructure as code
Physical Security
Automate API inventory
Vulnerability Management
Automate risk register
Ongoing risk assessments/pen testing
Automate security metrics
Code Reviews, SAST
Use of Risk Assessment Methodology and framework
Policies and Procedures
Focus Areas for 2024-25
Testing effectiveness Phishing and Associate Awareness
Data Discovery
Data Classification
Access Control
Data Centric
Data Loss Prevention - DLP Approach
Partner Access
Encryption/Masking
Risk Management 1. Adopt a cautious approach towards GenAI
Monitoring and Alerting 2. Consolidate and rationalize security tools
Industrial Controls
Systems 3. Cyber Resilience - Go beyond incident response
4. Build a brand for security team
PLCs
Operational Technologies
SCADA
HMIs
Vendor risk management
5. Maximize business value of security controls
Cyber Risk Quantification (CRQ)
Risk Register
Loss, Fraud prevention © Copyright 2012-2024 - Rafeeq Rehman
You might also like
- Strategy Document For SOC Setup As An MSSPNo ratings yetStrategy Document For SOC Setup As An MSSP34 pages
- The Cybersecurity Bible Protect What Matters Most The Definitive Guide To Fortifying Your Digital Shield With Advanced... (Walker, Shawn) (Z-Library)No ratings yetThe Cybersecurity Bible Protect What Matters Most The Definitive Guide To Fortifying Your Digital Shield With Advanced... (Walker, Shawn) (Z-Library)287 pages
- Cybersecurity Reference Architectures 2023No ratings yetCybersecurity Reference Architectures 202368 pages
- Network and Device Security Awareness and ToolsNo ratings yetNetwork and Device Security Awareness and Tools54 pages
- Microsoft Cybersecurity Reference Architectures (MCRA)No ratings yetMicrosoft Cybersecurity Reference Architectures (MCRA)68 pages
- Comprehensive Guide To Cybersecurity Domains and Roles 1721466046No ratings yetComprehensive Guide To Cybersecurity Domains and Roles 172146604615 pages
- Zero Trust Solutions - IsC2 Presentations (9!26!2021) v4No ratings yetZero Trust Solutions - IsC2 Presentations (9!26!2021) v428 pages
- Module - 2 - CS701 - Information Security - Dr. M.selvamNo ratings yetModule - 2 - CS701 - Information Security - Dr. M.selvam30 pages
- UAE Regulated Solutions & Company VerticalsNo ratings yetUAE Regulated Solutions & Company Verticals53 pages
- Key Tables, Charts and Flows For SSCP - CISSPNo ratings yetKey Tables, Charts and Flows For SSCP - CISSP45 pages
- Add Structure and Credibility To Your Security Portfolio With CIS Controls v8 Cybersecurity FrameworkNo ratings yetAdd Structure and Credibility To Your Security Portfolio With CIS Controls v8 Cybersecurity Framework55 pages
- Comptia Security + (Syo-601 & Syo - 701) Exam Study GuideNo ratings yetComptia Security + (Syo-601 & Syo - 701) Exam Study Guide152 pages
- Security Techniques For Cloud Computing.No ratings yetSecurity Techniques For Cloud Computing.25 pages
- The Map of Cybersecurity Domains Henry Jiang - March 2021 - REV 3.0100% (1)The Map of Cybersecurity Domains Henry Jiang - March 2021 - REV 3.01 page
- Cybersecurity CISO Vital Part OperationsNo ratings yetCybersecurity CISO Vital Part Operations11 pages
- CISSP & CCSP Combo Training BrochurepdfNo ratings yetCISSP & CCSP Combo Training Brochurepdf17 pages
- Security Professionals Responsibilities: Focus Areas For 2021-22No ratings yetSecurity Professionals Responsibilities: Focus Areas For 2021-221 page
- Ciso Mindmap 2020 What Security Professionals Really Do?50% (2)Ciso Mindmap 2020 What Security Professionals Really Do?1 page
- Security Privacy by Design Principles SPNo ratings yetSecurity Privacy by Design Principles SP2 pages
- Informationtechnology1 250520170757 D841dba4No ratings yetInformationtechnology1 250520170757 D841dba412 pages
- A Single PPT On ERP Systems - Used in Class For MBA 12-14No ratings yetA Single PPT On ERP Systems - Used in Class For MBA 12-14182 pages
- Balancing Information Security and AccessNo ratings yetBalancing Information Security and Access3 pages
- Presentation On Cloud Based Secure Text TransferNo ratings yetPresentation On Cloud Based Secure Text Transfer30 pages
- Question Bank With Solutions On Cyber Security - Prepared by Mr. Soumya Ranjan JenaNo ratings yetQuestion Bank With Solutions On Cyber Security - Prepared by Mr. Soumya Ranjan Jena25 pages
- ISO 27001 Master List Strata GeosystemsNo ratings yetISO 27001 Master List Strata Geosystems11 pages
- Templated Controls Databinding: Notes Burhan SaadiNo ratings yetTemplated Controls Databinding: Notes Burhan Saadi81 pages
- Reset The Password On A Dell EqualLogic SAN100% (1)Reset The Password On A Dell EqualLogic SAN2 pages
- 2V0-21.20 Exam - Free Actual Q&As, Page 2 ExamTopicsNo ratings yet2V0-21.20 Exam - Free Actual Q&As, Page 2 ExamTopics2 pages
- File Organization (IS 211) : Dr. Howida YoussryNo ratings yetFile Organization (IS 211) : Dr. Howida Youssry15 pages
- Prof. Dr.S.Sujatha, MCA Dept, Anna Univ, TrichyNo ratings yetProf. Dr.S.Sujatha, MCA Dept, Anna Univ, Trichy27 pages
- Backup AND Restore / Update Firmware: Doug WendykerNo ratings yetBackup AND Restore / Update Firmware: Doug Wendyker12 pages
- Sap Business Bydesign Implementation ProcessNo ratings yetSap Business Bydesign Implementation Process2 pages
- All About TransactionScope - CodeProjectNo ratings yetAll About TransactionScope - CodeProject16 pages
- Operationalizing Information Security: Putting the Top 10 SIEM Best Practices to WorkFrom EverandOperationalizing Information Security: Putting the Top 10 SIEM Best Practices to WorkNo ratings yet
