Scribd Logo
Carica

Benvenuto in Scribd!

  • SOC Design, Governance, Metrics & Incident Management

    Caricato da

    Manuel Jimenez
    4K visualizzazioni1 pagina
    ciso c-i-s-o c.i.s.o schema

    Titolo originale

    ciso

    Copyright

    © © All Rights Reserved

    Formati disponibili

    PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    ciso c-i-s-o c.i.s.o schema

    Copyright:

    © All Rights Reserved
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    4K visualizzazioni1 pagina

    SOC Design, Governance, Metrics & Incident Management

    Caricato da

    Manuel Jimenez
    ciso c-i-s-o c.i.s.o schema

    Copyright:

    © All Rights Reserved
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 1

    Information security Strategy & Business Stakeholder On-Boarding & SOC Design - Outsourced /

    Employee Behaviour Threat Management Incident Management


    Governance Body Alignment Relationships termination MSSP / Co-Sourced
    • Terms of Reference • Maturity assessments & • Alignment with corporate • Staff • Employee awareness / risk
    Benchmarking strategy culture: • Knowledge transfer • Alerting from security tools • Participation of all stakeholders:
    • Ensuring relevance of content • Business Partners / Clients
    • Security strategy definition & • Updates: leadership & staff • Awareness & training • Resource commitments • Log analysis, correlation, SIEM • Exec Board
    • Member engagement • Suppliers Netflow analysis
    articulation • Conflict management • Phishing simulation tests • Metrics & KPIs • IT, HR, Legal, Comms /
    • Security programme: • Supplier management • Open Source & commercial Marketing / Media Relations
    Organisation Design • Innovation, value creation • Investigations & forensics threat feeds
    • Tactical quick wins
    Securing New Business • Clients / Customers, Suppliers
    • Expectations management • Threat hunting: automated &
    • Long term roadmap Initiatives • Incident process
    • Operating model • Coordination with others: CSO, SOC Design - In-House manual
    CRO, DPO, General Counsel • Identification of new initiatives • Runbooks for critical incident
    • Roles & Responsibilities • DNS, Social Media & Dark Web types: ransomware &
    • Org design • Engagement with new initiatives • Recruitment
    Mergers & Acquisitions customer-facing breaches
    • Team cohesion Metrics & Reporting Finance • Development, retention & promotion • Incident testing
    SOC Operations
    • Org change management • Risk management: before, • Knowledge retention • Crisis plan: cyber-attack
    Business Continuity during & after acquisition
    • Talent sourcing • Operational & Exec metrics • Business case & ROI • Team & shift management • SOC Procedures & Runbooks scenario
    Planning • Integration of acquired targets • Continuous training
    • Talent development: • Key Risk Indicators • Alignment with wider portfolio • Metrics & KPI reporting • Security Orchestration/SOAR
    • Cyber apprenticeships • Validation of metric effectiveness • Security of BC Plans • Identity integration • Managed Detection &
    • Budgeting & tracking • SOC / NOC / Svc Desk
    • Team development • Cyber attack scenario planning • Technology integration integration Response / MDR
    Vulnerability Management
    • Succession planning • Partnerships with Info Sharing & • Integration with related plans
    Securing The Business • Identification: Analysis Centres • Crisis plan
    Strategy, Leadership & Governance
    • Scoping & Asset discovery • DR exercises • Personal Data Breach plan
    • Supplier liability & operational risk • Business Continuity Plan
    Risk & Controls Security Platform • Forensics & 24x7 support
    of scanning
    Risk management Risk assessment, Operations
    • Remediation:
    framework treatment & acceptance
    • Approach to fixing vulnerabilities • Platform lock-down, operations &
    • Control frameworks: • Risk assessment plan • Verification monitoring
    • COSO/SOX • Risk ownership & governance Stakeholder engagement Commercial & strategic focus • Metrics & baselines • Technology upgrades
    • COBIT • Risk articulation & management Stakeholder communications Building Leading Collaboration & influencing
    • ISO27000 review Security Operations
    Conflict management Driving innovation
    • NIST, FAIR, CIS • Risk acceptance processes Relationships Change
    • Control assurance Simplify the complex Driving change
    Continuous Network security Cloud security Data security
    • Management risk & control Improvement:
    reviews & reporting
    • Internal & External Audit • Security health checks: Inspiring leadership • DDOS protection • SaaS Strategy: • Data & process mapping
    • Testing Org design • Firewalls, IDS, IPS • Governance & compliance • Data analytics security
    enforcement
    • Tech risk landscape Leading Managing • Secure remote access • Encryption & masking:
    CISO
    Cyber Risk Insurance Team management Budgeting
    • Remediation roadmaps • Proxy / Content Filtering • Cloud specific DR & BCP • PKI
    Talent development
    • Broker & underwriter engagement • Incident readiness assessments People Finance Business case • Secure Wireless Networks • Supplier risks • Encryption at rest
    • Covered scenarios • IT Controls assessments Driving behavioural change • Network function virtualisation & • SLAs & performance mgt • Encryption in transit
    • Limits & Self-insured retentions • Penetration tests Engaging comms SD WAN • Data ownership, liability, • Business partner access:
    • Pre-Breach risk & control maturity • Threat detection capability incidents, privacy compliance • Access approval
    assessments assessments • Security assurance • Access reviews
    Resilience
    BYOD Security
    • Post Breach engagement • Prioritised remediation planning • Mgt of Shadow IT • Access removal
    Flexibility & pragmatism • Cloud security controls:
    Core Managing The Commercial negotiations
    • Policy considerations:
    • Cloud security architecture
    • Identity federation & access
    Legal & Compliance Focus on results • Commercial opportunities automation
    Compliance Assurance E- Discovery & Legal Hold Initiative Behaviours Supply Chain Supplier management • Personal data privacy • Cloud identity / CASB • Data Loss Prevention:
    • HR, financial & tax • Virtual Machine security • DLP & Data classification
    Difficult decision making
    • External assurance: ISAE3402 / • Preparation of data repositories • Data security • Virtualised security appliances policy
    Cultural awareness / Cloud-to-Cloud integration • Data loss channels
    SSAE18 / SOC1 / SOC2 for e-discovery • Policy enforcement
    • Internal assurance: • Enforcement of Legal Hold • Monitoring/log integration • DLP enforcement
    • Internal Management Review • Access to corp data from non- technologies
    Internal Compliance Securing The Technology Innovation - Exploiting corp devices
    • Internal Audit
    Requirements Emerging Tech
    Externally-imposed Infrastructure & Server Email security IOT / Operational
    • Security policies & standards Identity & access • AI, ML & Robotics
    Compliance Requirements OS security Technology security
    • Project NFRs Securing The Supply Chain • Crypto currencies
    • NIST / FISMA / HIPAA / HITECH • Publication & awareness • Service Continuity & Disaster • Anti-Spam control • IOT Risks:
    Pre-Contract Due • Credential & password • Blockchain
    • China CSL • Supply chain compliance Recovery management: • Phishing & impersonation • Connected office devices
    Diligence • 5G protections
    • PCI • Hardening • Password strength / • Connected medical devices
    Data Retention & • Self-assessment • Drones • Email encryption
    • Sarbanes Oxley • Patching complexity • At home
    Destruction • Audits • VR & AR
    • Data Protection Regulations • Anti-Malware & APT protection • Password self-service resets • Planes, trains & automobiles
    • Independent assurance • Wearables Endpoint Security
    • Government Certifications: • Data retention policies • Backups, replication, multiple • Multi-Factor Authentication • Industrial control systems,
    sites • Autonomous vehicles
    • Privacy Shield • Retention schedules • Starters, movers, leavers: • Hardening SCADA, PLCs, HMIs
    • Cyber Essentials + • Enforcement within business • HIPS • Account creation & approvals • IOT Security:
    • Patching / software updates
    functions • Security monitoring • Account reviews Physical security • IOT Frameworks
    Contracts • Anti-Malware
    • Account removal • HIPS / EDR • Vulnerability mgt
    Securing New Initiatives • New contracts • HR process integration • Landlord services • Security monitoring / UBA • Comms protocols
    Application security
    Integrating Security & Risk Security Testing & • Contract renewals • Single sign-On • Physical access control & • Encryption • Device authentication &
    in SDLC / PMO Assurance • IAM SaaS solutions monitoring integrity
    • Data access governance: • PIN / password enforcement
    • IAM Data Analytics • Intrusion detection & response • Network segregation
    • Waterfall, Agile & DevOps • Code reviews Reviews & Assurance • Information ownership & • Apps inventory & deployment
    • Identity repository & federation • Theft prevention control • Device protection
    • App vulnerability testing custodianship
    Design • Mobile app access control • Environmental controls/ Power & • Containerisation / data • Over The Air updates
    • Penetration tests • Self-assessment • Application access controls
    • IOT device identities HVAC segregation
    • Continuous assurance • Audits: • Role-Based Access Controls
    • Secure coding training & review • Fire detection & suppression
    • Certification & accreditation • Security monitoring • Lost/stolen devices
    • App development standards • Right to Audit & remediation • Redundancy Based on
    requirements • File integrity monitoring • Cloud storage of data
    • Security requirements & NFRs • Independent assurance • BCP / Work Area Recovery sites http://rafeeqrehman.com
    • Device tracking

    Potrebbero piacerti anche