Data Leakage Prevention DDoS Prevention Patch Management Network Design Secure System Build The Map of Cybersecurity Domains Henry Jiang | March 2021 | REV 3.0 Baseline Configuration Endpoint Hygiene Data Protection Certificate Management (Internal & External) Container Security Security Architecture Cloud Security Federated Identity CI/CD integration Security UX Cryptography Encryption Standards "Shift Left" Security QA Vaulting Access Control S-SDLC Key and Secret Management MFA & SSO SAST Open Source Scan API Security Source Code Scan HSM Identity Management Security Engineering Privileged Access Management CIS Top 20 Controls CIS Benchmarks Identity & Access Management NIST Cybersecurity Framework Certifications Training Conferences Career Development Coaches and Role Models Peer Groups MITRE ATT&CK Framework Cybersecurity Domains Risk Monitoring Services (Risk score) Risk Acceptance Statement Security Operation SIEM Risk Appetite User Education Security Operation Centers Threat Intelligence Eradication Blue Team Forensics Breach Notification Executive Management Involvement Cyber security table-top excersice Company's Written Policies Contextual IOCs Intel. Sharing GDPR GLBA Standard Risk Informed Reports and Scorecards Internal Policy Red Team CCPA HIPAA NYS-DFS 23 NYCRR 500 Internal External Investigation Containment Regional Governance Awareness (reinforcement) Breach Notification Central Government ISMS Laws and Regulations Detection Incident Response Industry Specific 3. Audit Crisis Management Active Defense PCI 2. Risk Mgmt Group Lines of Defense Risk Register BCP/DR Plan Application Pen Tests 1. Process Owners Cyber Insurance SOC1/SOC2 SOAR Social Engeering Penetration test DAST Enterprise Risk Management Training (new skills) Infrastructure (Network and Systems) 3rd Party Risk Data-Flow Diagram Risk Treatment Actions Vulnerability Management Threat Hunting Vulnerability scan Risk Assessment Frameworks and Standards 4th Party Risk Assets Inventory Application Security OWASP Top 10 (WebApp & API) Self Study Physical Security IoT Security ISO 27001 27017 27018 Guideline Procedure Compliance & Enforcement KPI KRI