CISO Responsibilities Overview

Get Started. It's Free
or sign up with your email address
Rocket clouds
CISO Responsibilities Overview by Mind Map: CISO Responsibilities Overview

1. Governance

1.1. Stragegy & Business Alignment

1.2. Risk Management Framework

1.3. Resource Management

1.4. Roles and Responsibilities

1.5. Metric and Reporting

2. Security Operations

2.1. Threat Prevention

2.1.1. Network/Application Firewall

2.1.2. Vulnerability Management

2.1.3. Application Security

2.1.4. IPS

2.1.5. Identity Management

2.1.6. Information Security Policy

2.1.7. DLP

2.1.8. Anti Malware, Anti-Spam

2.1.9. Proxy/Content Filtering

2.1.10. Patching

2.1.11. DDoS Protection

2.1.12. Hardening guidelines

2.1.13. Desktop Security

2.1.14. Encryption SSL

2.1.15. PKI

2.2. Threat Detection

2.2.1. Log Analysis/Correlation/SIEM

2.2.2. Alerting (ISD/IPD, FIM, WAF, Antivirus, etc)

2.2.3. NetFlow analysis

2.2.4. DLP

2.2.5. Threat Hunting

2.2.6. MSSP intergration

2.2.7. SOC Operations

2.3. Incident Management

2.3.1. Incident Response

2.3.2. Media Relations

2.3.3. Incident Readliness

2.3.4. Forensic Investigation

2.3.5. Data Breach Preperation

3. Identity Management

3.1. Credentialing

3.2. Account Creation/Deletions

3.3. Single Sign On (SSO/Simplified Sign On)

3.4. Repository (LDAP/Active Directory)

3.5. Federation

3.6. Multi-Factors Authentications

3.7. Multi-Channels Authentications

3.8. Role-Base Access Control

3.9. Password resets/Self-services

3.10. HR Process Integration

3.11. Integrating cloud-based identities

4. Risk Management

4.1. Physical Security

4.2. Vulnerability Management

4.3. Ongoing Risk Assessments / Pam Testing

4.4. Integration to Project Delivery (PMD)

4.5. Code Reviews

4.6. Risk Assessment Methodology

4.7. Data Centric Approach

4.8. IoT Technologies

4.9. Operational Technologies

5. Legal & Human Resources

5.1. Data Discovery

5.2. Vendor Contracts

5.3. Investigations/Forensics

5.4. Integrating into Identity Management processes

6. Compliance and Audits

6.1. PCI-DSS

6.2. SOX

6.3. HPAA

6.4. ISO 27k

6.5. Regular Audit

6.6. Government requirement

6.7. Other Compliance Needs

7. Security Architecture

7.1. Network Segmentation

7.2. Application Protection

7.3. Defend-in-depth

7.4. Remote Access

7.5. Encryption Technologies

7.6. Backup/Replication/Multiple Sites

7.7. Cloud/Hybrid/Multiple Cloud Vedors

8. Budget

8.1. Security Projects

8.2. Business Case Developement

8.3. ROSI

8.4. Alignment with IT Projects

8.5. FTE and Contractors

8.6. Balance Budget for People, training and tools/technologies

9. Protect Delivery Lifecycle

9.1. Requirements

9.2. Design

9.3. Security Testing

9.4. Certification and Accrediration

10. Selling InfoSec (Internal)

10.1. Aligning with Corporate Objectives

10.2. Continuous Management Updates

10.3. Innovation and Value Creation

11. Business Enablement

11.1. Merger/Acquisition

11.1.1. Acquisition Risk Management

11.1.2. Integration Cost

11.1.3. Identity Management

11.2. Cloud Computing

11.2.1. Cloud Architecture

11.2.2. Strategy and Guidelines

11.2.3. Cloud Risk Evaluation

11.2.4. Compliance

11.2.5. Ownership/Liability/Incidents

11.2.6. SaaS Strategy

11.2.7. Log Integration

11.2.8. Visualized Security Appliances

11.3. Mobile Technology

11.3.1. Policy

11.3.2. Technology

11.3.3. Lost/Stolen Devices

11.3.4. BYOD

11.3.5. Mobile Apps Inventory

11.4. Processes

11.4.1. HR on Boarding/Termination

11.4.2. Business Partnerships