Cybersecurity Domains Map Rev3.1
---
markmap:
colorFreezeLevel: 2
maxWidth: 500
color: ["#e4002b","#8f3985","#7a8abd","#1d8e70","#22373c","#4d3159","#6c63ff","#217eaa","#7d9cb7","#8ca4ac","#3a2558","#3e3e3e"]
# color: ["#c1ccff","#fd7d3e","#ffc0b4","#ffc1e0","#acff97","#e3b9ff","#b9f1ff","#ffffc0","#ff7ba8","#67c8ff","#ffd595","#f1ff5e"]
initialExpandLevel: 1
pan: true
zoom: false
---
# Cybersecurity Domains Map Rev3.1
## Application Security
- SSDLC
- Shift Left
- CI/CD
- Security UX
- Security QA
- API Security
- Data-Flow Diagram
- Source Code Scan
- SAST
- Open Source Scan
## Risk Assessment
- Vulnerability scan
- Assets Inventory
- 3rd Party Risk
- 4th Party Risk
- Penetration test
- Infrastructure (Network and Systems)
- Social Engineering
- DAST
- Application Pen Tests
- Risk Monitoring Services (Risk score)
## Enterprise Risk Management
- Risk Treatment Actions
- Risk Acceptance Statement
- Cyber Insurance
- Lines of Defense
- 1.Process Owners
- 2.Risk Mgmt Group
- 3.Audit
- SOC1/SOC2
- Risk Register
- Risk Appetite
- Crisis Management
- BCP/DR
## Governance
- Laws and Regulations
- Industry Specific
- PCI
- HIPAA
- Central Government
- GDPR
- GLBA
- Regional
- CCPA
- NYS-DFS 23 NYCRR 500
- Executive Management Involvement
- Risk Informed
- Reports and Scorecards
- KPIs/KRIs
- Company's Written Policies
- Policy
- Procedure
- Standard
- Compliance & Enforcement
- Guideline
## Threat Intelligence
- External
- Contextual
- Internal
- IOCs
- Intel. Sharing
## User Education
- Training (new skills)
- Awareness (reinforcement)
- Cyber security table-top exercise
## Security Operation
- Vulnerability Management
- Threat Hunting
- SIEM
- SOAR
- Active Defense
- Security Operation Centers
- Incident Response
- Breach Notification
- Containment
- Eradication
- Blue Team
- Red Team
- Investigation
- Forensics
- Detection
## Physical Security
- IoT Security
## Carrer Deployment
- Certifications
- Training
- Coaches and Role Models
- Peer Groups
- Self Study
- Conferences
## Security Architecture
- Network Design
- DDoS Prevention
- Data Protection
- Data Leakage Prevention
- Endpoint Hygiene
- Container Security
- Cloud Security
- Access Control
- MFA & SSO
- Identity Management
- Privileged Access Management
- Identity & Access Management
- Security Engineering
- Cryptography
- Certificate Management
- Encryption Standards
- Key and Secret Management
- Vaulting
- HSM
- Secure System Build
- Patch Management
- Baseline Configuration
## Frameworks and Standards
- NIST Cybersecurity Framework
- CIS Top 20 Controls CIS Benchmarks
- ISO 27001 27017 27018
- OWASP Top 10 (WebApp & API)
- ASVS & MASVS
- MITRE ATT&CK Framework
Fuente: The Map of Cybersecurity Domains Henry Jiang | March 2021 | REV 3.1
Application Security
- SSDLC
- Shift Left
- Security UX
- Security QA
- API Security
- Data-Flow Diagram
- Source Code Scan
- SAST
- Open Source Scan
Risk Assessment
- Vulnerability scan
- Assets Inventory
- 3rd Party Risk
- 4th Party Risk
- Penetration test
- Infrastructure (Network and Systems)
- Social Engineering
- DAST
- Application Pen Tests
- Risk Monitoring Services (Risk score)
Enterprise Risk Management
- Risk Treatment Actions
- Risk Acceptance Statement
- Cyber Insurance
- Lines of Defense
- 1.Process Owners
- 2.Risk Mgmt Group
- 3.Audit
- Risk Register
- Risk Appetite
- Crisis Management
- BCP/DR
Governance
- Laws and Regulations
- Industry Specific
- Central Government
- Regional
- CCPA
- NYS-DFS 23 NYCRR 500
- Executive Management Involvement
- Risk Informed
- Reports and Scorecards
- Company's Written Policies
- Policy
- Procedure
- Standard
- Compliance & Enforcement
- Guideline
Threat Intelligence
- External
- Contextual
- Internal
- IOCs
- Intel. Sharing
User Education
- Training (new skills)
- Awareness (reinforcement)
- Cyber security table-top exercise
Security Operation
- Vulnerability Management
- Threat Hunting
- SIEM
- SOAR
- Active Defense
- Security Operation Centers
- Incident Response
- Breach Notification
- Containment
- Eradication
- Blue Team
- Red Team
- Investigation
- Detection
3## Physical Security
Carrer Deployment
- Certifications
- Training
- Coaches and Role Models
- Peer Groups
- Self Study
- Conferences
Security Architecture
- Network Design
- DDoS Prevention
- Data Protection
- Data Leakage Prevention
- Endpoint Hygiene
- Container Security
- Cloud Security
- Access Control
- MFA & SSO
- Identity Management
- Privileged Access Management
- Identity & Access Management
- Security Engineering
- Cryptography
- Certificate Management
- Encryption Standards
- Key and Secret Management
- Secure System Build
- Patch Management
- Baseline Configuration
Frameworks and Standards
- NIST Cybersecurity Framework
- CIS Top 20 Controls CIS Benchmarks
- ISO 27001 27017 27018
- OWASP Top 10 (WebApp & API)
- ASVS & MASVS
- MITRE ATT&CK Framework