Security Lifecycle

Just an initial demo map, so that you don't start with an empty map list ...

Get Started. It's Free
or sign up with your email address
Security Lifecycle by Mind Map: Security Lifecycle

1. Response

2. Deployment

2.1. Infrastructure

2.1.1. Availability Load balancing Clustering

2.1.2. OS Bastion hosts

2.1.3. Network Firewall Proxy AV Mail WAF MMOG DLP Bandwith management

2.1.4. Identity & Access management SSO ID provider LDAP AuthZ management Access control RBAC Policy management

2.1.5. Cryptography services KMS PKI Cryptographic providers

2.1.6. Database Oracle

2.2. Monitoring

2.2.1. SIEM QRadar Managed services

2.2.2. Infrastructure Nagios

2.2.3. Intrusion detection IPS IDS

2.3. BCP/DRP

2.3.1. Back-up

3. Awareness/education

3.1. Training

4. Process

4.1. Requirements

4.1.1. Security requirements

4.1.2. Privacy requirements

4.1.3. Bug tracking

4.1.4. Documentation

4.2. Design

4.2.1. Design techniques Layering (defense in depth) Least privilege Attack surface minimization

4.2.2. Specific criteria Cryptography

4.2.3. Threat modeling DREAD STRIDE

4.3. Implementation

4.3.1. Build tools

4.3.2. SAST Fortify

4.3.3. APIs Mandated ESAPI Banned

4.3.4. Web applications specific requirements XSS Injection SQL LDAP JS

4.4. Verification

4.4.1. Security response planning Response plans for vulns reports

4.4.2. Attack surface re-evaluation

4.4.3. Fuzz testing

4.4.4. Security push actions Code reviews DAST AppScan Standard Design/architecture reviews (new threats)

4.4.5. OL specific requirements

4.5. Release

4.5.1. Response Plan SSIRP CVE

4.5.2. Final Security review

4.5.3. Archive Customer documentation Source code Threat models Complete final signoffs