Online Mind Mapping and Brainstorming

Create your own awesome maps

Online Mind Mapping and Brainstorming

Even on the go

with our free apps for iPhone, iPad and Android

Get Started

Already have an account? Log In

Security Lifecycle by Mind Map: Security Lifecycle
0.0 stars - 0 reviews range from 0 to 5

Security Lifecycle

Response

Awareness/education

Training

Process

Requirements

Security requirements

Privacy requirements

Bug tracking

Documentation

Design

Design techniques, Layering (defense in depth), Least privilege, Attack surface minimization

Specific criteria, Cryptography

Threat modeling, DREAD, STRIDE

Implementation

Build tools

SAST, Fortify

APIs, Mandated, ESAPI, Banned

Web applications specific requirements, XSS, Injection, SQL, LDAP, JS

Verification

Security response planning, Response plans for vulns reports

Attack surface re-evaluation

Fuzz testing

Security push actions, Code reviews, DAST, AppScan Standard, Design/architecture reviews (new threats)

OL specific requirements

Release

Response Plan, SSIRP, CVE

Final Security review

Archive, Customer documentation, Source code, Threat models, Complete final signoffs

Deployment

Infrastructure

Availability, Load balancing, Clustering

OS, Bastion hosts

Network, Firewall, Proxy, AV, Mail, WAF, MMOG, DLP, Bandwith management

Identity & Access management, SSO, ID provider, LDAP, AuthZ management, Access control, RBAC, Policy management

Cryptography services, KMS, PKI, Cryptographic providers

Database, Oracle

Monitoring

SIEM, QRadar, Managed services

Infrastructure, Nagios

Intrusion detection, IPS, IDS

BCP/DRP

Back-up