Cybersecurity Domains Map Rev3.1
LS0tCm1hcmttYXA6CiAgY29sb3JGcmVlemVMZXZlbDogMgogIG1heFdpZHRoOiA1MDAKICBjb2xvcjogWyIjZTQwMDJiIiwiIzhmMzk4NSIsIiM3YThhYmQiLCIjMWQ4ZTcwIiwiIzIyMzczYyIsIiM0ZDMxNTkiLCIjNmM2M2ZmIiwiIzIxN2VhYSIsIiM3ZDljYjciLCIjOGNhNGFjIiwiIzNhMjU1OCIsIiMzZTNlM2UiXQojICBjb2xvcjogWyIjYzFjY2ZmIiwiI2ZkN2QzZSIsIiNmZmMwYjQiLCIjZmZjMWUwIiwiI2FjZmY5NyIsIiNlM2I5ZmYiLCIjYjlmMWZmIiwiI2ZmZmZjMCIsIiNmZjdiYTgiLCIjNjdjOGZmIiwiI2ZmZDU5NSIsIiNmMWZmNWUiXQogIGluaXRpYWxFeHBhbmRMZXZlbDogMgogIHBhbjogdHJ1ZQogIHpvb206IGZhbHNlCi0tLQoKIyBDeWJlcnNlY3VyaXR5IERvbWFpbnMgTWFwIFJldjMuMQoKIyMgQXBwbGljYXRpb24gU2VjdXJpdHkKCi0gU1NETEMKICAtIFNoaWZ0IExlZnQKICAgIC0gQ0kvQ0QKLSBTZWN1cml0eSBVWAotIFNlY3VyaXR5IFFBCi0gQVBJIFNlY3VyaXR5Ci0gRGF0YS1GbG93IERpYWdyYW0KLSBTb3VyY2UgQ29kZSBTY2FuCiAgLSBTQVNUCiAgLSBPcGVuIFNvdXJjZSBTY2FuCgojIyBSaXNrIEFzc2Vzc21lbnQKCi0gVnVsbmVyYWJpbGl0eSBzY2FuCi0gQXNzZXRzIEludmVudG9yeQotIDNyZCBQYXJ0eSBSaXNrCiAgLSA0dGggUGFydHkgUmlzawotIFBlbmV0cmF0aW9uIHRlc3QKICAtIEluZnJhc3RydWN0dXJlIChOZXR3b3JrIGFuZCBTeXN0ZW1zKQogIC0gU29jaWFsIEVuZ2luZWVyaW5nCiAgLSBEQVNUCiAgLSBBcHBsaWNhdGlvbiBQZW4gVGVzdHMKLSBSaXNrIE1vbml0b3JpbmcgU2VydmljZXMgKFJpc2sgc2NvcmUpCgojIyBFbnRlcnByaXNlIFJpc2sgTWFuYWdlbWVudAoKLSBSaXNrIFRyZWF0bWVudCBBY3Rpb25zCi0gUmlzayBBY2NlcHRhbmNlIFN0YXRlbWVudAotIEN5YmVyIEluc3VyYW5jZQotIExpbmVzIG9mIERlZmVuc2UKICAtIDEuUHJvY2VzcyBPd25lcnMKICAtIDIuUmlzayBNZ210IEdyb3VwCiAgLSAzLkF1ZGl0CiAgICAtIFNPQzEvU09DMgotIFJpc2sgUmVnaXN0ZXIKLSBSaXNrIEFwcGV0aXRlCi0gQ3Jpc2lzIE1hbmFnZW1lbnQKLSBCQ1AvRFIKCiMjIEdvdmVybmFuY2UKCi0gTGF3cyBhbmQgUmVndWxhdGlvbnMKICAtIEluZHVzdHJ5IFNwZWNpZmljCiAgICAtIFBDSQogICAgLSBISVBBQQogIC0gQ2VudHJhbCBHb3Zlcm5tZW50CiAgICAtIEdEUFIKICAgIC0gR0xCQQogIC0gUmVnaW9uYWwKICAgIC0gQ0NQQQogICAgLSBOWVMtREZTIDIzIE5ZQ1JSIDUwMAotIEV4ZWN1dGl2ZSBNYW5hZ2VtZW50IEludm9sdmVtZW50CiAgLSBSaXNrIEluZm9ybWVkCiAgLSBSZXBvcnRzIGFuZCBTY29yZWNhcmRzCiAgICAtIEtQSXMvS1JJcwotIENvbXBhbnkncyBXcml0dGVuIFBvbGljaWVzCiAgLSBQb2xpY3kKICAtIFByb2NlZHVyZQogIC0gU3RhbmRhcmQKICAtIENvbXBsaWFuY2UgJiBFbmZvcmNlbWVudAogIC0gR3VpZGVsaW5lCgojIyBUaHJlYXQgSW50ZWxsaWdlbmNlCgotIEV4dGVybmFsCiAgLSBDb250ZXh0dWFsCi0gSW50ZXJuYWwKICAtIElPQ3MKICAtIEludGVsLiBTaGFyaW5nCgojIyBVc2VyIEVkdWNhdGlvbgoKLSBUcmFpbmluZyAobmV3IHNraWxscykKLSBBd2FyZW5lc3MgKHJlaW5mb3JjZW1lbnQpCi0gQ3liZXIgc2VjdXJpdHkgdGFibGUtdG9wIGV4ZXJjaXNlCgojIyBTZWN1cml0eSBPcGVyYXRpb24KCi0gVnVsbmVyYWJpbGl0eSBNYW5hZ2VtZW50Ci0gVGhyZWF0IEh1bnRpbmcKLSBTSUVNCiAgLSBTT0FSCi0gQWN0aXZlIERlZmVuc2UKLSBTZWN1cml0eSBPcGVyYXRpb24gQ2VudGVycwotIEluY2lkZW50IFJlc3BvbnNlCiAgLSBCcmVhY2ggTm90aWZpY2F0aW9uCiAgLSBDb250YWlubWVudAogIC0gRXJhZGljYXRpb24KICAtIEJsdWUgVGVhbQogIC0gUmVkIFRlYW0KICAtIEludmVzdGlnYXRpb24KICAgIC0gRm9yZW5zaWNzCiAgLSBEZXRlY3Rpb24KCiMjIFBoeXNpY2FsIFNlY3VyaXR5CgotIElvVCBTZWN1cml0eQoKIyMgQ2FycmVyIERlcGxveW1lbnQKCi0gQ2VydGlmaWNhdGlvbnMKLSBUcmFpbmluZwotIENvYWNoZXMgYW5kIFJvbGUgTW9kZWxzCi0gUGVlciBHcm91cHMKLSBTZWxmIFN0dWR5Ci0gQ29uZmVyZW5jZXMKCiMjIFNlY3VyaXR5IEFyY2hpdGVjdHVyZQoKLSBOZXR3b3JrIERlc2lnbgogIC0gRERvUyBQcmV2ZW50aW9uCi0gRGF0YSBQcm90ZWN0aW9uCiAgLSBEYXRhIExlYWthZ2UgUHJldmVudGlvbgotIEVuZHBvaW50IEh5Z2llbmUKLSBDb250YWluZXIgU2VjdXJpdHkKLSBDbG91ZCBTZWN1cml0eQotIEFjY2VzcyBDb250cm9sCiAgLSBNRkEgJiBTU08KICAtIElkZW50aXR5IE1hbmFnZW1lbnQKICAgIC0gUHJpdmlsZWdlZCBBY2Nlc3MgTWFuYWdlbWVudAogICAgLSBJZGVudGl0eSAmIEFjY2VzcyBNYW5hZ2VtZW50Ci0gU2VjdXJpdHkgRW5naW5lZXJpbmcKLSBDcnlwdG9ncmFwaHkKICAtIENlcnRpZmljYXRlIE1hbmFnZW1lbnQKICAtIEVuY3J5cHRpb24gU3RhbmRhcmRzCiAgLSBLZXkgYW5kIFNlY3JldCBNYW5hZ2VtZW50CiAgICAtIFZhdWx0aW5nCiAgICAtIEhTTQotIFNlY3VyZSBTeXN0ZW0gQnVpbGQKICAtIFBhdGNoIE1hbmFnZW1lbnQKICAtIEJhc2VsaW5lIENvbmZpZ3VyYXRpb24KCiMjIEZyYW1ld29ya3MgYW5kIFN0YW5kYXJkcwoKLSBOSVNUIEN5YmVyc2VjdXJpdHkgRnJhbWV3b3JrCi0gQ0lTIFRvcCAyMCBDb250cm9scyBDSVMgQmVuY2htYXJrcwotIElTTyAyNzAwMSAyNzAxNyAyNzAxOAotIE9XQVNQIFRvcCAxMCAoV2ViQXBwICYgQVBJKQogIC0gQVNWUyAmIE1BU1ZTCi0gTUlUUkUgQVRUJkNLIEZyYW1ld29yawo=
Fuente: The Map of Cybersecurity Domains Henry Jiang | March 2021 | REV 3.1
Application Security
- SSDLC
- Security UX
- Security QA
- API Security
- Data-Flow Diagram
- Source Code Scan
Risk Assessment
- Vulnerability scan
- Assets Inventory
- 3rd Party Risk
- Penetration test
- Infrastructure (Network and Systems)
- Social Engineering
- DAST
- Application Pen Tests
- Risk Monitoring Services (Risk score)
Enterprise Risk Management
- Risk Treatment Actions
- Risk Acceptance Statement
- Cyber Insurance
- Lines of Defense
- 1.Process Owners
- 2.Risk Mgmt Group
- 3.Audit
- Risk Register
- Risk Appetite
- Crisis Management
- BCP/DR
Governance
- Laws and Regulations
- Industry Specific
- Central Government
- Regional
- CCPA
- NYS-DFS 23 NYCRR 500
- Executive Management Involvement
- Risk Informed
- Reports and Scorecards
- KPIs/KRIs
- Company's Written Policies
- Policy
- Procedure
- Standard
- Compliance & Enforcement
- Guideline
Threat Intelligence
User Education
- Training (new skills)
- Awareness (reinforcement)
- Cyber security table-top exercise
Security Operation
- Vulnerability Management
- Threat Hunting
- SIEM
- Active Defense
- Security Operation Centers
- Incident Response
- Breach Notification
- Containment
- Eradication
- Blue Team
- Red Team
- Investigation
- Detection
Physical Security
Carrer Deployment
- Certifications
- Training
- Coaches and Role Models
- Peer Groups
- Self Study
- Conferences
Security Architecture
- Network Design
- Data Protection
- Endpoint Hygiene
- Container Security
- Cloud Security
- Access Control
- MFA & SSO
- Identity Management
- Privileged Access Management
- Identity & Access Management
- Security Engineering
- Cryptography
- Certificate Management
- Encryption Standards
- Key and Secret Management
- Secure System Build
- Patch Management
- Baseline Configuration
Frameworks and Standards
- NIST Cybersecurity Framework
- CIS Top 20 Controls CIS Benchmarks
- ISO 27001 27017 27018
- OWASP Top 10 (WebApp & API)
- MITRE ATT&CK Framework