Cybersecurity Domains and Concepts

(Cyber) Security Governance
Security strategy, budgeting, alignment with business & business goals, roles & responsibilities, hiring and team strategy

Data Governance
Data ownership, data rules, data usage approvals, separation of production and non-production, data masking, Personally Identifiable Information (Pll)

Asset Management
Asset inventory, (automated) asset discovery, CMDB (configuration management database), asset types (systems, network, applications, mobile, IoT.)

Risk Assessments, Threat Modeling & Security by Design, Pentesting & Red Teaming
Performing (periodic) risk assessments, pentesting or ethical hacking, red teaming, security compliance testing, application & business threat modeling, security by design

Security and Privacy Standards
Alignment with security standards, NIST (CSF), ISO 27001, SOC 2 type 1 & 2, PCI DSS, SOX, HIPAA, GDPR, TITEPA, CCPA, and other state's regulations. 

Cyber Security Threat Intelligence
Monitoring of intelligence sources, threats from attackers, dark web monitoring, CSIRT

Third Party Risk Management (TPRM)
TPRM governance, TPRM assessments for due diligence, periodic monitoring, profiling and risk tiering, secure onboarding, offboarding

Endpoint Protection & Mobile Device Management
Endpoint protection on laptops/desktops/servers, BYOD/CYOD, Mobile Device Management (MDM), secure internet access (via proxy/firewall)

Network Security
Network and Web Application Firewalls, firewall rule reviews, Virtual Private Networks (VPN), (micro) segmentation, (virtual) LANs, software defined networking, segmented management access, jump servers, zero-trust networking, DMZs (network) IDS/IPS, Proxy filtering, DDoS protection, Network Access Control (NAC), CASB Gateway, TLS/SSL offloading

Vulnerability Management
Vulnerability scanning, vulnerability remediation, credentialed & non-credentialed scanning, managing and accepting vulnerabilities

Hardening & Secure Configuration
Hardening baselines, hardening procedures, hardening scanning, deviations and deviation management

Encryption and Cryptography
Encryption of data at rest & in transit, (virtual disk encryption, database encryption, SSL/TLS, Key Management System, Public Key Infrastructure

Physical Security
Access badges, physical locks, anti-tailgating or piggybacking. turnstiles, security guards, Data Center physical security

Identity & Access Management (IAM)
HR onboarding and offboarding, HR integration, joiner + mover + leaver process, minimum password requirements, Single Sign On (SSO), Multi-Factor Authentication (MFA), Role Based Access Control (RBAC), Active Directory, Privileged Access Management, OAuth, smart cards, password managers, (key) vaults, federations, trusts

Data Loss Protection
Data classification (i.e., public, internal, confidential, etc.), classifying (office) documents, limiting external storage access, limiting online sharing, Email scanning Security Awareness & Training Compliance training, phishing training, training of special groups (ie., privileged users, senior leadership, etc.), monitoring of compliance

Brand and Domain Protection
Social media monitoring, domain monitoring, takedown requests

Secure Development & Deployment
Secure Software Development Life Cycle (SSDLC), CI/CD pipelines, CI/CD security triggers, security requirements, OWASP top 10
.

Security Logging & Monitoring
Endpoints + clients + servers + network components + applications with security logging enabled, centralized & untampered collection of logs, use case development, use of SIEM, monitoring events and follow-up

Secure Operations Center
Event monitoring, SOC investigation and response procedures, analysis of SIEM alerts, Indicators of Compromise, triage, threat intelligence, containment, recovery, isolation

Incident Management
Incident Management plans and procedures, Incident Management taskforce, classification, incident response, forensics, data breach, incident playbooks

Business Continuity Management (BCM) and Disaster Recovery (DR)
Business Continuity Plan, Disaster Recovery plans and procedures, Disaster Recovery testing, recovery sites, hot + warm + cold sites

Ransomware Preparedness and Response
Ransomware response playbook, (system) isolation, containment, eradication, Indicators of Compromise (IOC), ransomware infection artifacts, ransomware triage, command & control, decryptors, malware, ransomware payment

Newer areas which require close examination

  • Cloud Security
    Cloud migration and transformation, laaS, PaaS, SaaS, Cloud platform security policies, Cloud Security Posture Management, secure cloud (component) configuration
  • SaaS Security
    Third Party Risk Management, security assurance, SaaS authentication, data encryption, CASB, IP/VPN access restriction, single or multi-tenant, secure deployment, secure connections to internal application, SaaS security reporting, software stack inventory
  • Internet of Things (loT) Security
    loT identification, loT segmentation, loT Network Access Control, loT (remote) exposure, loT resource constraints, loT PKI and digital certificates, loT network security
  • OT / ICS / SCADA Security
    SCADA systems, Industrial Control Systems (ICS), Distributed Control Systems (DCS), PLCs, physical plant equipment, remote industrial software, machinery, embedded computing, secure separation of OT and IT, digital twin, IT & OT connectivity

Privacy Centric Information

What is done with a Risk Analysis and Security Assessment?

  • How to create more items in this list?
    Press Enter to create a new bullet. To create an answer for a question, press Shift+Enter.
  • Can I create sites for commerical projects?
    Yes, Mobirise is free for both non-profit and commercial sites.
  • How to install more extensions?
    Open the main menu in the app and find the Extensions tab. Click on it to open the Extensions list.
  • What is Mobirise Kit?
    Mobirise Kit is a service that provides the access to all current and new themes/extensions developed by Mobirise.
  • What is Code Editor?
    This extension allows editing the code of block in the app. Also, it's possible to add code to the head and body parts of pages.

© Copyright 2023 Pleasant Health - All Rights Reserved. Privacy Policy