Cyber Mind Map DOC ID 2017063 V1R1
1
Credits Mark E.S. Bernard Credits Mark E.S. Bernard Credits Mark E.S. Bernard Cyber Mind Map *** THIS DOCUMENT HAS BEEN CLASSIFIED FOR PUBLIC ACCESS BY SECUREKM *** Governance Communication Chief Cyber Security Officer Architecture Risk Management Monitoring Integration Knowledge Management Legal obligations Known Vulnerabilities Awareness Training Incident Management SIEM, IDS, IPS, HID Audit Events & Incidents ISO 27001 NIST ITIL Program Management Security Testing Legal Registry Executive Oversight Roles and Responsibilities COSO ERM Statutes Regulations Contracts Penetration Testing Vendor Management Enterprise Security Policy Access Control Service Management NIST CSF Incident Management Tacit Vendor Management Operational Risk Financial Risk Strategic Risk Hazard Risk Compliance Risk Risk Management Explicit Implicit Employee Induction Contractor Vendor /Supplier Customer Breach or Privacy Breach , media /Enterprise Q&A speaking points (both) short /long, predefined scripts Service Continuity Management Investigations Procurement Management Contract Management Development Vulnerability Management Plan Change Management Release Management Progressive Disciplinary OWSAP SSDLC RM Policy InfoSec Policy Acceptable Use Policy BYOD Policy Resource Allocation Budget Allocation Project Management Continual Improvement SOC Business Plan Strategic, Tactical Goals, Objectives KPI, KRI, Information Architecture Application Architecture Infrastructure Architecture Triage Annual Strategy /Plan Social Engineering Insider Threat Fraud Supply Chain Assurance SSAE16, ISAE3402, SOC1, SOC2, SOC3 FISMA ITAR GDPR QA Configuration Management Asset Management Valuation UAT Security Standards /4IQ Configuration Items DOC ID: 2017063 V1R2 Problem Management Law Enforcement Playbook SOX PCI DSS HITECH HIPPA IPO Due Diligence Engineering Methodology CSIRT Termination General Counsel Threat Intelligence RFP, RFI, RFQ Cryptography NIST SP 800-53 NIST SP 800-171 NOTE: This illustration is not the “absolute” complete Cyber mind map, but it is as much as I could fit on one page to provide some context on the subject while identifying 8 critical processes. Biz User Privileged User FedRAMP NERC CIP PMO ISO 9001 ISO 22301 ISO 31000 ISO 38500 Risk Registry Risk Treatment Plan 3PE Assessment Black, Grey, Blue, White Box Security Testing Vulnerability Scanning FOIPPA PIPEDA Risk Treatment Plan Risk Registry GAAP IFRS SFFAC PCAOB NIST COSO ERM SLA /SLO Internal Facing External Facing Forensics Service Continuity People Management Performance Management Designated point of contact Capacity Management
-
Upload
wwwsecurekmcom-secure-knowledge-management-inc -
Category
Business
-
view
1.187 -
download
16
Transcript of Cyber Mind Map DOC ID 2017063 V1R1
Credits Mark E.S. Bernard
Credits Mark E.S. Bernard
Credits Mark E.S. Bernard
Cyber Mind Map
*** THIS DOCUMENT HAS BEEN CLASSIFIED FOR PUBLIC ACCESS BY SECUREKM ***
Governance
Communication
Chief Cyber
Security Officer Architecture
Risk Management
Monitoring
Integration
Knowledge Management
Legal obligations
Known Vulnerabilities
Awareness
Training
Incident Management SIEM, IDS, IPS, HID
Audit
Events & Incidents
ISO 27001
NIST
ITIL
Program Management
Security Testing
Legal Registry
Executive Oversight
Roles and Responsibilities
COSO ERM
Statutes
Regulations
Contracts
Penetration Testing
Vendor Management
Enterprise Security Policy
Access Control
Service Management
NIST CSF
Incident Management
Tacit
Vendor Management
Operational RiskFinancial Risk
Strategic Risk
Hazard Risk
Compliance Risk
Risk Management
Explicit Implicit
Employee Induction
Contractor
Vendor /Supplier Customer Breach or Privacy Breach , media /Enterprise Q&A speaking points
(both) short /long, predefined scriptsService Continuity Management
Investigations
Procurement Management
Contract Management
Development
Vulnerability Management Plan
Change Management
Release Management
Progressive Disciplinary
OWSAP
SSDLC
RM Policy
InfoSec Policy
Acceptable Use Policy
BYOD Policy
Resource Allocation
Budget Allocation
Project Management
Continual Improvement
SOC
Business Plan Strategic, Tactical Goals, Objectives
KPI, KRI,
Information Architecture
Application Architecture
Infrastructure Architecture
Triage
Annual Strategy /Plan
Social Engineering
Insider ThreatFraud
Supply ChainAssuranceSSAE16, ISAE3402, SOC1, SOC2, SOC3
FISMA
ITAR
GDPR
QA
Configuration Management
Asset ManagementValuation
UAT
Security Standards /4IQ Configuration Items
DOC ID: 2017063 V1R2
Problem Management
Law EnforcementPlaybookSOX
PCI DSS
HITECHHIPPA
IPO Due Diligence
Engineering Methodology
CSIRT
Termination
General Counsel
Threat Intelligence
RFP, RFI, RFQ
Cryptography
NIST SP 800-53
NIST SP 800-171
NOTE: This illustration is not the “absolute” complete Cyber mind map, but it is as much as I could fit on one page to provide some context on the subject while identifying 8 critical processes.
Biz User
Privileged User
FedRAMP
NERC CIP
PMO
ISO 9001
ISO 22301
ISO 31000
ISO 38500
Risk Registry
Risk Treatment Plan
3PE Assessment
Black, Grey, Blue, White Box Security Testing
Vulnerability Scanning
FOIPPA
PIPEDA
Risk Treatment Plan
Risk Registry
GAAP
IFRS
SFFAC
PCAOB
NIST
COSO ERM
SLA /SLO
Internal Facing
External Facing
Forensics
Service Continuity
People Management
Performance Management
Designated point of contact
Capacity Management
