Security Lifecycle

Just an initial demo map, so that you don't start with an empty map list ...

Get Started. It's Free
or sign up with your email address
Rocket clouds
Security Lifecycle by Mind Map: Security Lifecycle

1. Response

2. Awareness/education

2.1. Training

3. Process

3.1. Requirements

3.1.1. Security requirements

3.1.2. Privacy requirements

3.1.3. Bug tracking

3.1.4. Documentation

3.2. Design

3.2.1. Design techniques

3.2.1.1. Layering (defense in depth)

3.2.1.2. Least privilege

3.2.1.3. Attack surface minimization

3.2.2. Specific criteria

3.2.2.1. Cryptography

3.2.3. Threat modeling

3.2.3.1. DREAD

3.2.3.2. STRIDE

3.3. Implementation

3.3.1. Build tools

3.3.2. SAST

3.3.2.1. Fortify

3.3.3. APIs

3.3.3.1. Mandated

3.3.3.1.1. ESAPI

3.3.3.2. Banned

3.3.4. Web applications specific requirements

3.3.4.1. XSS

3.3.4.2. Injection

3.3.4.2.1. SQL

3.3.4.2.2. LDAP

3.3.4.2.3. JS

3.4. Verification

3.4.1. Security response planning

3.4.1.1. Response plans for vulns reports

3.4.2. Attack surface re-evaluation

3.4.3. Fuzz testing

3.4.4. Security push actions

3.4.4.1. Code reviews

3.4.4.2. DAST

3.4.4.2.1. AppScan Standard

3.4.4.3. Design/architecture reviews (new threats)

3.4.5. OL specific requirements

3.5. Release

3.5.1. Response Plan

3.5.1.1. SSIRP

3.5.1.2. CVE

3.5.2. Final Security review

3.5.3. Archive

3.5.3.1. Customer documentation

3.5.3.2. Source code

3.5.3.3. Threat models

3.5.3.4. Complete final signoffs

4. Deployment

4.1. Infrastructure

4.1.1. Availability

4.1.1.1. Load balancing

4.1.1.2. Clustering

4.1.2. OS

4.1.2.1. Bastion hosts

4.1.3. Network

4.1.3.1. Firewall

4.1.3.2. Proxy

4.1.3.3. AV

4.1.3.4. Mail

4.1.3.5. WAF

4.1.3.5.1. MMOG

4.1.3.6. DLP

4.1.3.7. Bandwith management

4.1.4. Identity & Access management

4.1.4.1. SSO

4.1.4.2. ID provider

4.1.4.2.1. LDAP

4.1.4.3. AuthZ management

4.1.4.4. Access control

4.1.4.4.1. RBAC

4.1.4.5. Policy management

4.1.5. Cryptography services

4.1.5.1. KMS

4.1.5.2. PKI

4.1.5.3. Cryptographic providers

4.1.6. Database

4.1.6.1. Oracle

4.2. Monitoring

4.2.1. SIEM

4.2.1.1. QRadar

4.2.1.2. Managed services

4.2.2. Infrastructure

4.2.2.1. Nagios

4.2.3. Intrusion detection

4.2.3.1. IPS

4.2.3.2. IDS

4.3. BCP/DRP

4.3.1. Back-up