Power point assignment
eko
CyberDomainsUpdatedforFinal1.pptxCyber Domains – Where Policy is Applied – Part 1 – Add frameworks and law
1
Cybersecurity Domains
Cryptography
Secure System Build
Cloud Security
Secure Application Development
Secure System Build
Access Control
Data Protection
Network Design
CASB
Federated Identity
Security Engineering
Baseline configuration
Privileged Access Management
Identify & Access management
Identify Management
Training
Self Study
Peer Groups
Conferences
Certification
COBIT
NIST
ISO/IEC
SANS/CSC
Assets Inventory
Vulnerability
3rd Party Risk
Data-Centric Risk Assessment
Penetration Test
Source Code Scan
4th Party Risk
Blueteam
Redteam
Social Engineering
Application
Infrastructure
Black Box
White Box
Data Flow Map
Audit
Law & Regulations
Company’s Written Supervisory Procedures (WSPs)
Executive Management Involvement
Guideline
Policy
Procedure
Standard
Compliance & Enforcement
Risks Informed
Report & Scoreboard
KPIs/KRIs
Industry Specific
Federal
State
External
Internal
Intel. Sharing
IOCs
Contextual
Prevention
Recovery
Protection
Detection
SIEM
SOC
Vulnerability Management
Data Leakage
Active Defense
Incident
Investigation
Breach Notification
Containment
Eradication
Forensics
DR
BCP
Training (New Skills)
Awareness (Reinforcement)
User Education
Physical Security
Threat Intelligence
Governance
Risk Assessment
Framework & Standard
Career Development
Security Operation
Security Architecture
1
Part 2 – Policy Hierarchy Part 2 is to describe the policy Hierarchy on a slide, and underneath each portion list a policy sample description for each part of the hierarchy.
2
Part 3 – Build a policy using the key policy areas - Finally, Part 3 of the assignment is to pick one of these domains and frameworks, and write a short, one-page policy (this can be on a .ppt slide) using the SANS format (but not copying the SANS sample policy); include all of the key policy items listed in Chapter 2.
3
