Security

Operations

Threat Prevention Threat Detection Incident Management

CISO MindMap 2022

(NIST CSF Identify & Protect) (NIST CSF Detect) (NIST CSF Respond & Recover)

Network/Application Log Analysis/correlation/SIEM Create adequate

Firewalls Incident Response
Alerting (IDS/IPS, FIM, capability
Vulnerability WAF, Antivirus, etc)
Management Media Relations

What do Security Professionals Really do?

NetFlow analysis
Incident Readiness Assessment
DLP
Scope Forensic Investigation
Threat hunting and Insider threat
Data Breach
Operating Systems Preparation
Automate
Network Devices Threat
Hunting Update and Test
Applications
Incident Response Plan
MSSP integration
Databases
Set Leadership
Threat Detection Expectations
Code Review
capability assessment
Physical Security Business Continuity
Security Projects Plan
Cloud misconfiguration testing Gap assessment
Business Case Development Forensic and IR
Mobile Devices Prioritization to fill gaps Partner, retainer
Alignment with IT Projects
IoT SOC Operations Adequate Logging
Balance FTE and contractors
OT/SCADA Breach exercises
Balancing budget for Budget (e.g. simulations)
People, Trainings, and Identify SOC Resource Mgmt
Tools/Technology First responders
SOC Staff continuous training Training
Cyber Risk Insurance
Periodic (or continuous) Shift management Ransomware
Technology amortization
Comprehensive SOC procedures
Classify SOC Metrics and Reports Identify critical systems

Acquisition Risk Assessment SOC and NOC Integration Perform ransomware BIA

Network / Application Integration Cost Mergers and Acquisitions Risk Based Approach Tie with BC/DR Plans
SOC Tech stack management

Identity Management Prioritize Devise containment

Threat Intelligence Feeds
and proper utilization strategy
Cloud architecture Mitigation (Fix, verify)
SOC DR exercise Ensure adequate backups
Strategy and Guidelines Measure
Partnerships with ISACs Periodic backup test
Cloud Security Posture Management (CSPM)
Baseline Long term trend analysis Offline backups in case
Ownership/Liability/Incidents backup is ransomed.
Metric Unstructured data from IoT
Vendor's Financial Strength Mock exercises
Automatic patching Integrate new data
SLAs sources (see areas Implement machine
Application under skills development) integrity checking
Infrastructure Audit Security
Skills Development Automation and SOAR
Proof of Application Security
SaaS Strategy
Disaster Recovery Posture Application Development
Standards Machine Learning Playbooks
Cloud Computing
Application Architecture Skill Development
Secure Code Supply chain incident mgmt
Integration of Identity Training and Review Understand
Management/Federation/SSO Algorithm Biases
Application Vulnerability Testing Keep inventory
SaaS Policy and Guidelines IOT of software
Change Control
Cloud log integration/APIs components
File Integrity Monitoring Autonomous
Vehicles Managing relationships
VIrtualized security appliances Web Application Firewall
with law enforcement
Drones
Cloud-native apps security Integration to SDLC
and Project Delivery Medical Devices
Containers-to-container communication security
Inventory open source components Industrial Control
Service mesh, micro services Systems (ICS)
Source code supply chain security
serverless computing security Blockchain &
Secure DevOps, DevSecOps Smart Contracts
Policy
API Security MITRE ATT&CK
Technology
IPS Soft skills
Lost/Stolen devices Mobile Technologies
Identity Management Human experience
BYOD and MDM (Mobile Device Management)
Information Security Policy DevOps Integration
Mobile Apps Inventory
DLP Prepare for unplanned work
HR/On Boarding/Termination
Processes
Business Partnerships
Business Enablement Anti Malware, Anti-spam Use of AI and Data Analytics
Proxy/Content Filtering
Business Continuity and Disaster Recovery
DNS security/ filtering Use of computer
Understand industry trends (e.g. retail, financials, etc) vision in physical
Patching security
Evaluating Emerging Technologies (Quantum, Crypto, Blockchain, etc.)
DDoS Protection Log Anomaly Detection
IOT Frameworks
Hardening guidelines ML model training, retraining
Hardware/Devices security features
Desktop security Red team/blue team exercises (and whatever you want to call them)
IOT Communication Protocols
Encryption, SSL Integrate threat intelligence platform (TIP)
Device Identity, Auth and Integrity
PKI Deception technologies
Over the Air updates for breach detection
Security Health Checks
Track and Trace Full packet inspection
Condition Based Monitoring
IOT
Last update: April 24, 2022 Public software repositories
Detect misconfigurations
Customer Experience

Smart Grid
IOT Use cases Expiration date: June 30, 2023
Credentialing
Smart Cities / Communities
Twitter: @rafeeq_rehman Account Creation/Deletions
Others ...

IoT SaaS Platforms Version: 2022 Single Sign On (SSO, Simplified sign on)

Repository (LDAP/Active Directory, Cloud Identity, Local ID stores)

Data Analytics

Augmented and Virtual Reality

Downloads: http://rafeeqrehman.com Federation, SAML, Shibboleth

2-Factor (multi-factor) Authentication - MFA

Train InfoSec teams
Role-Based Access Control
Secure models
Ecommerce and Mobile Apps
Securing training and test data Artificial Intelligence
Password resets/self-service
Adversarial attacks

Chatbots and NLP

InfoSec Professionals HR Process Integration

Drones Responsibilities Identity Management

Integrating cloud-based identities

IoT device identities

5G use cases and security
IAM SaaS solutions
Edge Computing
Unified identity profiles

Voice signatures
Password-less authentication
Requirements Face recognition
Design reviews IAM with Zero Trust technologies
Security Testing Project Delivery Lifecycle Privileged access management
Certification and Accreditation Use of public identity OAuth
(Google, FB etc.)
OpenID

Traditional Network Segmentation Digital Certificates

Micro segmentation strategy

Application protection
Strategy and business alignment
Defense-in-depth COSO
Remote Access
COBIT
Encryption Technologies
ISO
Backup/Replication/Multiple Sites Risk Mgmt/Control Frameworks ITIL
Cloud/Hybrid/Multiple Cloud Vendors Security Architecture NIST - relevant NIST standards and guidelines
Software Defined Networking
FAIR
Network Function Virtualization Visibility across multiple frameworks
Zero trust models and roadmap
Resource Management
SASE/SSE strategy, vendors
Roles and Responsibilities
Overlay networks, secure enclaves
Governance Data Ownership, sharing, and data privacy
Multi-Cloud architecture
Conflict Management

Operational Metrics

CCPA, Data Privacy & GDPR Metrics and Reporting Executive Metrics and Reporting

PCI Validating effectiveness of metrics

SOX IT, OT, IoT/IIoT Convergence

HIPAA and HITECH Explore options for cooperative SOC, collaborative infosec

Regular Audits Tools and vendors consolidation

Compliance and Audits
SSAE 18 Evaluating control effectiveness

NIST/FISMA Maintaining a roadmap/plan for 1-3 years

Executive order on improving the Nation's Cybersecurity

Other compliance needs

Aligning with Corporate
Objectives

Continuous Mgmt Updates, metrics

Data Discovery and Data Ownership
Innovation and Value Creation
Vendor Contracts
Expectations Management
Investigations/Forensics Selling InfoSec (Internal)
Build project business cases
Attorney-Client Privileges Legal and Human Resources
Show progress/ risk reduction
Data Retention and Destruction
ROSI
Team development, talent management

Enable Secure Application access

Physical Security
Secure expanded attack surface
Vulnerability Management (Permanent) Work from Home
Security of sensitive data accessed from home
Ongoing risk assessments/pen testing

Integration to Project Delivery (PMO)

Code Reviews

Use of Risk Assessment Methodology and framework

Policies and Procedures

Focus Areas for 2022-23

Testing effectiveness Phishing and Associate Awareness

Data Discovery

Data Classification

Access Control
Data Centric
Data Loss Prevention - DLP

Partner Access
Approach
1. Re-evaluate ransomware defenses, detection and response capabilities, perform a business impact analysis.
Encryption/Masking
Risk Management
2. Reduce/consolidate security tools/technologies and vendors.
3. Train staff on business acumen, value creation, influencing and human experience to serve business better.
Monitoring and Alerting

Industrial Controls

4. Take an inventory of open source software and make it part of your vulnerability management program.
Systems

PLCs
Operational Technologies
SCADA
5. Build team expertise in technology fields including machine learning (ML) models, model training, API
HMIs

Use data from

Security Reports
security, service mesh, containers, DevSecOps.
Vendor risk management 6. Maintain a risk register.
Cyber Risk Quantification (CRQ)

Risk Register

Risk scoring
© Copyright 2012-2022 - Rafeeq Rehman