-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcybersecurity-domains-2021.json
125 lines (125 loc) · 4.06 KB
/
cybersecurity-domains-2021.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
{
"CyberSecurity Domains": {
"Security Architecture": {
"Network Design": ["DDoS Prevention"],
"Security Engineering": [],
"Data Protection": ["Data Leakage Prevention"],
"Access Control": {
"Identity Management": [
"Privileged Access Management",
"Identity & Access Management"
],
"Federated Identity": [],
"MFA & SSO": []
},
"Cloud Security": [],
"Secure System Build": [
"Baseline Configuration",
"Patch Management"
],
"Cryptography": {
"Key and Secret Management": ["Vaulting", "HSM"],
"Encryption Standards": [],
"Certificate Management": []
},
"Endpoint Hygiene": [],
"Container Security": []
},
"Security Operations": {
"Security Operation Centers": [],
"Incident Response": {
"Breach Notification": [],
"Containment": [],
"Eradication": [],
"Investigation": ["Forensics"]
},
"Blue Team": [],
"Red Team": [],
"Detection": [],
"SIEM": ["SOAR"],
"Vulnerability Management": [],
"Active Defense": [],
"Threat Hunting": []
},
"Governance": {
"Laws and Regulations": {
"Regional": ["CCPA", "NYS-DFS 23 NYCRR 500"],
"Central Government": ["GDPR", "GLBA"],
"Industry Specific": ["PCI", "HIPAA"]
},
"Company's Written Policies": [
"Policy",
"Procedure",
"Standard",
"Guideline",
"Compliance & Enforcement"
],
"Executive Management Involvement": {
"Reports and Scorecards": ["KPIs/KRIs"],
"Risk Informed": []
}
},
"Risk Assessment": {
"3rd Party Risk": ["4th Party Risk"],
"Penetration Test": [
"Infrastructure (Network and Systems)",
"Application Pen Tests",
"Social Engineering",
"DAST"
],
"Vulnerability Scan": [],
"Assets Inventory": [],
"Risk Monitoring Services": ["Risk Score"]
},
"User Education": [
"Training (new skills)",
"Awareness (reinforcement)",
"Cybersecurity table-top exercise"
],
"Threat Intelligence": {
"Internal": [],
"IOCs": [],
"Intel Sharing": {
"External": [],
"Contextual": []
}
},
"Career Development": [
"Training",
"Certifications",
"Conferences",
"Peer Groups",
"Self Study",
"Coaches and Role Models"
],
"Frameworks and Standards": [
"NIST Cybersecurity Framework",
"ISO 27001 27017 27018",
"OWASP Top 10 (WebApp & API)",
"CIS Top 20 Controls",
"CIS Benchmarks",
"MITRE ATT&CK Framework"
],
"Physical Security": ["IoT Security"],
"Enterprise Risk Management": {
"Lines of Defense": ["Process Owners", "Risk Mgmt Group", "Audit"],
"Risk Treatment Actions": [],
"Risk Appetite": [],
"Cyber Insurance": [],
"BCP/DR": [],
"Crisis Management": [],
"Risk Acceptance Statement": [],
"Risk Register": []
},
"Application Security": {
"S-SDLC": {
"\"Shift Left\"": ["CI/CD Integration"]
},
"Source Code Scan": ["Open Source Scan", "SAST"],
"Data-Flow Diagram": [],
"API Security": [],
"Security UX": [],
"Security QA": []
}
}
}