Вы находитесь на странице: 1из 1

Security

Operations

Threat Prevention Threat Detection Incident Management

Network/Application Log Analysis/correlation/SIEM Create adequate

CISO MindMap 2020


Firewalls Incident Response
Alerting (IDS/IPS, FIM, capability
Vulnerability WAF, Antivirus, etc)
Management Media Relations

What Security Professionals


NetFlow analysis
Incident Readiness Assessment
DLP
Scope Forensic Investigation

Really Do? Operating Systems


Threat hunting and Insider threat
Data Breach
Preparation
Automate
Network Devices Threat
Hunting Update and Test
Applications
Incident Response Plan
MSSP integration
Databases
Set Leadership
Security Projects Threat Detection Expectations
Code Review
capability assessment
Business Case Development Media Relations
Physical Security
ROSI Business Continuity
Cloud misconfiguration testing Gap assessment
Plan
Alignment with IT Projects
Mobile Devices Prioritization to fill gaps
Budget Forensic and IR
FTE and contractors
IoT SOC Operations Partner, retainer
Balancing budget for
Identify Cyber Risk Insurance
People, Trainings, and
Tools/Technology SOC Resource Mgmt Adequate Logging

Periodic SOC Staff continuous training Breach exercises


(e.g. simulations)
Comprehensive Shift management
Acquisition Risk Assessment
Ransomware
Classify SOC procedures
Integration Cost Mergers and Acquisitions

Identity Management SOC Metrics and Reports


Tie with BC/DR Plans
Risk Based Approach
Cloud architecture SOC and NOC Integration
Devise containment
Prioritize strategy
Strategy and Guidelines SOC Tech stack management
Mitigation Ensure adequate backups
Cloud risk evaluation Threat Intelligence Feeds
and proper utilization
Periodic backup test
Compliance
Fix SOC DR exercise
Mock exercises
Ownership/Liability/Incidents
Verify Partnerships with ISACs
Implement machine
Vendor's Financial Strength
Measure Long term trend analysis integrity checking
SLAs
Unstructured data from IoT Automation and SOAR
Infrastructure Audit Baseline
Cloud Computing Integrate new data
Proof of Application Security sources (see areas Playbooks
Metric
under skills development)
SaaS Strategy
Disaster Recovery Posture Use Awareness
Skills Development
Program as a tool
Application Architecture
Application
Integration of Identity
Security Machine Learning
Management/Federation/SSO
Skill Development
SaaS Policy and Guidelines
Understand
Application Development
Log integration Algorithm Biases
Standards
VIrtualized security appliances IOT
Secure Code
Training and Review Autonomous
Policy
Vehicles
Application
Technology Vulnerability Testing Drones
Lost/Stolen devices Mobile Technologies Change Control Medical Devices
File Integrity Monitoring
BYOD
Industrial Control
Web Application Systems (ICS)
Mobile Apps Inventory
Firewall
HR/On Boarding/Termination Blockchain &
Integration to SDLC Smart Contracts
Processes
Business Partnerships and Project Delivery
MITRE ATT&CK
Business Continuity and Disaster Recovery IPS
Business Enablement DevOps Integration
Understand industry trends (e.g. retail, financials, etc) Identity Management
Prepare for unplanned work
Eveluating Emerging Information Security Policy
Technologies (e.g. SDN, Virtual/Augmented Reality, Use of AI and Data Analytics
DLP
Autonomous Vehicles, connected medical devices, etc)
Anti Malware, Anti-spam
IOT Frameworks Use of computer
Proxy/Content Filtering vision in physical
Hardware/Devices security features
security
DNS security/ filtering
IOT Communication Protocols
Log Anomaly Detection
Patching
Device Identity, Auth and Integrity
Red team/blue team exercises
DDoS Protection
Over the Air updates
Integrate threat intelligence platform (TIP)
Hardening guidelines
Track and Trace
Deception technologies
IOT
Desktop security for breach detection
Condition Based Monitoring
Encryption, SSL Full packet inspection
Customer Experience
IOT Use cases
PKI
Smart Grid
Security Health Checks
Smart Cities / Communities
Last Update - June 13, 2020 Secure DevOps/ DevSecOps
Others ...
Twitter: @rafeeq_rehman
IoT SaaS Platforms Version 2020
Data Analytics Downloads Credentialing

Virtual Reality
http://rafeeqrehman.com Account Creation/Deletions

Augmented Reality Single Sign On (SSO, Simplified sign on)

Crypto currencies Repository (LDAP/Active Directory)

BlockChain Federation

Artificial Intelligence
InfoSec Professionals 2-Factor Authentication

Drones Responsibilities Role-Based Access Control

5G Ecommerce and Mobile Apps

Edge Computing
Identity Management Password resets/self-service

HR Process Integration

Integrating cloud-based identities


Requirements
IoT device identities
Design
IAM SaaS solutions
Security Testing Project Delivery Lifecycle
Unified identity profiles
Certification and Accreditation
Voice signatures
Password-less authentication
Face recognition
Network Segmentation

Application protection
Strategy and business alignment
Defense-in-depth
COSO
Remote Access
COBIT
Encryption Technologies
ISO
Backup/Replication/Multiple Sites
Risk Mgmt/Control Frameworks ITIL
Cloud/Hybrid/Multiple Cloud Vendors Security Architecture
NIST - relevant NIST standards and guidelines
Software Defined Networking
FAIR
Network Function Virtualization
Visibility across multiple frameworks
Zero trust models

SASE Model
Governance Resource Management

Roles and Responsibilities


Overlay networks, secure enclaves
Data Ownership

Conflict Management
CCPA, Data Privacy & GDPR
Operational Metrics
PCI
Metrics and Reporting Executive Metrics and Reporting
SOX
Validating effectiveness of metrics
HIPAA and HITECH
IT, OT, IoT/IIoT Convergence
Regular Audits Compliance and Audits
SSAE 18
Aligning with Corporate
NIST/FISMA
Objectives
Other compliance needs
Continuous Mgmt Updates, metrics

Innovation and Value Creation

Data Discovery and Data Ownership Selling InfoSec (Internal) Expectations Management

Vendor Contracts Build project business cases

Investigations/Forensics Show progress/ risk reduction

Attorney-Client Privileges Legal and Human Resources


Data Retention and Destruction
Enable Secure Application access
Team development, talent management
Secure expanded attack surface
Work from Home
Security of sensitive data accessed from home

Physical Security

Vulnerability Management

Ongoing risk assessments/pen testing

Integration to Project Delivery (PMO)

Code Reviews

Use of Risk Assessment Methodology and framework


Focus areas for 2020
Policies and Procedures

Testing effectiveness Phishing and Associate Awareness


Improve SOC analyst productivity with SOAR
Data Discovery
Reduction/consolidation of tools/technologies
Data Classification
Better protection & monitoring of Cloud
Access Control Explore new architecture models like SASE
Data Centric
Data Loss Prevention - DLP Approach Consider zero trust, secure enclaves
Edge computing security
Partner Access Risk Management Include deception technologies as part of security tools
Encryption/Masking COVID19 and Work from Home
Monitoring and Alerting

IoT Technologies
© Copyright 2020 - Rafeeq Rehman
Industrial Controls
Systems

PLCs
Operational Technologies
SCADA

HMIs

Use data from


Security Reports

Vendor risk management

Risk scoring