Cybersecurity Mind Map

Credits Mark E.S. Bernard

Evidence Chain of Custody

Forensics

Investigations
General Counsel

Incident Management Service Continuity

Law Enforcement

Triage /Root-Cause-Analysis

Financial Risk
Program Management
Vendor Management Problem Management Identify

Strategic Risk
CSIRT Root-Cause-Analysis

Compliance Risk COSO ERM

Chief Project Management

Prepare Solution
Cybersecurity Officer Position Description
Operational Risk
(CCO) Risk Management
Test and Deploy

Risk Treatment Plan Roles and Responsibilities

Hazard Risk Validate Resolution

People Management
Performance Management
Risk Registry
IPO Due Diligence Facilitate Lessons Learned
Progressive Disciplinary Process
Procurement

RFI, RFQ, RFP

Termination /Return of Assets

Contract Management Legal Obligations

EXAMPLE
FISMA, PIPEDA, HIPPA, Statutes Risk Management
Tacit
FOIPPA, HITECH, SOX, GDPR Knowledge
Shadowing

EXAMPLE Legal Registry Knowledge Management

Implicit
Testing
. PCI DSS, NERC CIP, ITAR, Knowledge
GAAP, IFRS, PCAOB, Regulations
COSO ERM, SFFAC, NIST Vulnerability Explicit
Documenting
Management Plan Knowledge

Internal facing Known Vulnerabilities

Vulnerability Scanning Tactical Projects, Goals and

Contracts Objectives
External Facing
FedRAMP Strategic Business Plan Budget Allocation

Assurance

Executive Oversight Resource Allocation

SSAE16, ISAE3402
Risk Registry

Enterprise Security Roadmap

Black, Blue, Grey, White
Box Security Testing Risk Treatment Plan
Security Testing

Penetration Security Continual Improvement Plan

Testing Governance Terms of Reference

3PE Assessment Supply Chain Risk Management Policy

Enterprise Security Policy

Information Security Policy

Conceptualize Business Architecture

Acceptable Use Policy

Logical Data/Information Architecture

BYOD Policy

Enterprise Security Architecture

Physical Logical Architecture
Cryptography Policy

Views Viewpoints Physical Architecture

Solution Architecture Portfolio

SSDLC OWSAP

Development

QAT UAT
Insider Threat
Security Operations Center

Fraud Integration Project Management ISO 9001 Asset Management Valuation

Security Events & Incidents Monitoring

Threat Intelligence ISO 22301 Vendor Management SLA /SLO

Internal /External Audit ISO ISO 27001 Cryptography

SIEM, HID, IDS, IPS
Privledged

ISO 38500 Access Control

Annual Strategy /Plan End User

ISO 31000 Engineering

Designated Point of Contact
Media Preparation Package

Incident Handling Communications ITIL Service Management Change Management

Speaking Points, Q & A Security Breach /Privacy Breach

Release Management
NIST Cyber Security
Framework
Contractor
Predefined Scripts NIST Capacity Management
NIST SP 800-53 Configuration Items
Awareness Training
Vendor /Supplier Configuration Management
NIST SP 800-171
Security Standard /4IQ
Service Continuity
Management
Employee Induction

DOC ID 2017095V1R4
*** THIS DOCUMENT HAS BEEN CLASSIFIED FOR PUBLIC DISTRIBUTION BY SECUREKM ***