Security

Operations

Threat Prevention Threat Detection Incident Management

CISO MindMap 2021 Network/Application

Firewalls
Log Analysis/correlation/SIEM

Alerting (IDS/IPS, FIM,

Create adequate
Incident Response
capability

What Do Security
Vulnerability WAF, Antivirus, etc)
Management Media Relations
NetFlow analysis
Incident Readiness Assessment

Professionals Really Do? Scope

DLP

Threat hunting and Insider threat

Forensic Investigation

Data Breach
Operating Systems Preparation
Automate
Security Projects Network Devices Threat
Business Case Development Hunting Update and Test
Applications
Incident Response Plan
Alignment with IT Projects MSSP integration
Databases
Set Leadership
Balance FTE and contractors Threat Detection Expectations
Code Review
capability assessment
Balancing budget for Budget Physical Security Media Relations
People, Trainings, and
Tools/Technology Cloud misconfiguration testing Business Continuity
Gap assessment
Plan
Cyber Risk Insurance Mobile Devices Prioritization to fill gaps
Forensic and IR
Technology amortization IoT SOC Operations Partner, retainer

Identify Adequate Logging

SOC Resource Mgmt Breach exercises

Acquisition Risk Assessment (e.g. simulations)
Periodic SOC Staff continuous training
Integration Cost Mergers and Acquisitions Ransomware
Comprehensive Shift management
Identity Management
Classify SOC procedures
Cloud architecture Identify critical systems
SOC Metrics and Reports
Strategy and Guidelines Perform ransomware BIA
Risk Based Approach
SOC and NOC Integration
Cloud risk evaluation Tie with BC/DR Plans
Prioritize
SOC Tech stack management
Compliance management Devise containment
Mitigation strategy
Threat Intelligence Feeds
Ownership/Liability/Incidents and proper utilization
Ensure adequate backups
Vendor's Financial Strength Fix SOC DR exercise
Periodic backup test
SLAs Verify Partnerships with ISACs
Mock exercises
Infrastructure Audit Measure Long term trend analysis
Implement machine
Proof of Application Security Unstructured data from IoT integrity checking
SaaS Strategy
Disaster Recovery Posture Baseline Integrate new data Automation and SOAR
Cloud Computing sources (see areas
Application Architecture Metric
under skills development)
Integration of Identity Use Awareness Playbooks
Skills Development
Management/Federation/SSO Program as a tool
Supply chain incident mgmt
SaaS Policy and Guidelines Application
Security Machine Learning
Cloud log integration/APIs Skill Development Plan for
government shutdown
Cloud configuration monitoring Understand
Application Development of critical software or
Algorithm Biases service providers
VIrtualized security appliances Standards
IOT
Cloud native apps security Secure Code
Training and Review Autonomous
Containers-to-container communication security Vehicles
Application Vulnerability Testing
Service mesh, micro services Drones
Change Control
serverless computing security File Integrity Monitoring Medical Devices
Policy Web Application Firewall Industrial Control
Systems (ICS)
Technology Integration to SDLC
and Project Delivery Blockchain &
Lost/Stolen devices Mobile Technologies
Smart Contracts
Inventory open source components
BYOD
MITRE ATT&CK
Source code supply chain security
Mobile Apps Inventory
DevOps Integration
Secure DevOps, DevSecOps
HR/On Boarding/Termination
Prepare for unplanned work
Processes IPS
Business Partnerships
Use of AI and Data Analytics
Business Enablement Identity Management
Business Continuity and Disaster Recovery
Information Security Policy
Understand industry trends (e.g. retail, financials, etc) Use of computer
DLP vision in physical
Eveluating Emerging security
Technologies (e.g. SDN, Virtual/Augmented Reality, Anti Malware, Anti-spam
Autonomous Vehicles, connected medical devices, etc) Log Anomaly Detection
Proxy/Content Filtering
IOT Frameworks ML model training, retraining
DNS security/ filtering
Hardware/Devices security features Red team/blue team exercises (and whatever you want to call them)
Patching
IOT Communication Protocols Integrate threat intelligence platform (TIP)
DDoS Protection
Device Identity, Auth and Integrity Deception technologies
Hardening guidelines for breach detection
Over the Air updates
Desktop security Full packet inspection
Track and Trace
IOT Encryption, SSL Detect misconfigurations
Condition Based Monitoring
PKI
Customer Experience
IOT Use cases Security Health Checks
Smart Grid

Smart Cities / Communities

Last Update - July 11, 2021 Credentialing
Others ...
Twitter: @rafeeq_rehman
Account Creation/Deletions
IoT SaaS Platforms Version 2021
Data Analytics Downloads Single Sign On (SSO, Simplified sign on)

Virtual Reality
http://rafeeqrehman.com Repository (LDAP/Active Directory, Cloud Identity, Local ID stores)

Federation
Augmented Reality
2-Factor (multi-factor) Authentication - MFA
Crypto currencies
Role-Based Access Control
BlockChain

Train InfoSec teams

InfoSec Professionals Ecommerce and Mobile Apps

Secure models Responsibilities Identity Management

Password resets/self-service

HR Process Integration
Securing training and test data Artificial Intelligence
Integrating cloud-based identities
Adversarial attacks
IoT device identities
Chatbots and NLP
IAM SaaS solutions
Drones
Unified identity profiles
5G use cases and security
Voice signatures
Edge Computing
Password-less authentication
Face recognition

IAM with Zero Trust technologies

Requirements

Design reviews

Security Testing Project Delivery Lifecycle Strategy and business alignment

COSO
Certification and Accreditation
COBIT

ISO
Traditional Network Segmentation
Risk Mgmt/Control Frameworks ITIL
Micro segmentation strategy
NIST - relevant NIST standards and guidelines
Application protection
FAIR
Defense-in-depth
Visibility across multiple frameworks
Remote Access
Resource Management
Encryption Technologies
Roles and Responsibilities
Backup/Replication/Multiple Sites Governance
Security Architecture Data Ownership, sharing, and data privacy
Cloud/Hybrid/Multiple Cloud Vendors
Conflict Management
Software Defined Networking
Operational Metrics
Network Function Virtualization
Metrics and Reporting Executive Metrics and Reporting
Zero trust models and roadmap
Validating effectiveness of metrics
SASE strategy, vendors
IT, OT, IoT/IIoT Convergence
Overlay networks, secure enclaves
Explore options for cooperative SOC, collaborative infosec

Tools and vendors consolidation

CCPA, Data Privacy & GDPR Maintaining a roadmap/plan for 1-3 years
PCI

SOX
Aligning with Corporate
HIPAA and HITECH Objectives

Regular Audits Continuous Mgmt Updates, metrics

Compliance and Audits
SSAE 18 Innovation and Value Creation

NIST/FISMA Expectations Management

Selling InfoSec (Internal)
Executive order on improving the Nation's Cybersecurity Build project business cases

Other compliance needs Show progress/ risk reduction

ROSI

Data Discovery and Data Ownership

Vendor Contracts Enable Secure Application access

Investigations/Forensics Secure expanded attack surface

(Permanent) Work from Home
Attorney-Client Privileges Legal and Human Resources Security of sensitive data accessed from home

Data Retention and Destruction

Team development, talent management

Focus areas for 2021-22

Physical Security

Vulnerability Management

Ongoing risk assessments/pen testing

1. Re-evaluate your ransomware defenses, do a business impact analysis
2. Reduce/consolidate security tools/technologies and vendors (less is more in many cases)
Integration to Project Delivery (PMO)
3. Monitor Cloud mis-configurations in real time and at machine speed
Code Reviews 4. Adopt borderless network strategies (SASE, Zero Trust, and/or whatever you want to call it)
Use of Risk Assessment Methodology and framework
5. Think about cooperative/collaborative SOC strategy
6. Train staff on business, ML models, model training, service mesh, containers, DevSecOps
Policies and Procedures
7. Plan for government shutdown of a critical software or service provider due to security issues
Testing effectiveness Phishing and Associate Awareness

Data Discovery © Copyright 2012-2021 - Rafeeq Rehman

Data Classification

Access Control
Data Centric
Data Loss Prevention - DLP Approach
Risk Management
Partner Access

Encryption/Masking

Monitoring and Alerting

Industrial Controls
Systems

PLCs
Operational Technologies
SCADA

HMIs

Use data from

Security Reports

Vendor risk management

Risk scoring