1. Identity Management
1.1. Credentialing
1.2. Account Creation/Deletions
1.3. Single Sign On (SSO/Simplified Sign On)
1.4. Repository (LDAP/Active Directory)
1.5. Federation
1.6. Multi-Factors Authentications
1.7. Multi-Channels Authentications
1.8. Role-Base Access Control
1.9. Password resets/Self-services
1.10. HR Process Integration
1.11. Integrating cloud-based identities
2. Risk Management
2.1. Physical Security
2.2. Vulnerability Management
2.3. Ongoing Risk Assessments / Pam Testing
2.4. Integration to Project Delivery (PMD)
2.5. Code Reviews
2.6. Risk Assessment Methodology
2.7. Data Centric Approach
2.8. IoT Technologies
2.9. Operational Technologies
3. Legal & Human Resources
3.1. Data Discovery
3.2. Vendor Contracts
3.3. Investigations/Forensics
3.4. Integrating into Identity Management processes
4. Security Architecture
4.1. Network Segmentation
4.1.1. VLAN segmentation
4.1.2. Micro Segmenration
4.2. Application Protection
4.3. Defend-in-depth
4.4. Remote Access
4.5. Encryption Technologies
4.6. Backup/Replication/Multiple Sites
4.7. Cloud/Hybrid/Multiple Cloud Vedors
5. Protect Delivery Lifecycle
5.1. Requirements
5.2. Design
5.3. Security Testing
5.4. Certification and Accrediration
6. Business Enablement
6.1. Merger/Acquisition
6.1.1. Acquisition Risk Management
6.1.2. Integration Cost
6.1.3. Identity Management
6.2. Cloud Computing
6.2.1. Cloud Architecture
6.2.2. Strategy and Guidelines
6.2.3. Cloud Risk Evaluation
6.2.4. Compliance
6.2.5. Ownership/Liability/Incidents
6.2.6. SaaS Strategy
6.2.7. Log Integration
6.2.8. Visualized Security Appliances
6.3. Mobile Technology
6.3.1. Policy
6.3.2. Technology
6.3.3. Lost/Stolen Devices
6.3.4. BYOD
6.3.5. Mobile Apps Inventory
6.4. Processes
6.4.1. HR on Boarding/Termination
6.4.2. Business Partnerships
7. Governance
7.1. Stragegy & Business Alignment
7.2. Risk Management Framework
7.3. Resource Management
7.4. Roles and Responsibilities
7.5. Metric and Reporting
8. Security Operations
8.1. Threat Prevention
8.1.1. Network/Application Firewall
8.1.2. Vulnerability Management
8.1.3. Application Security
8.1.4. IPS
8.1.5. Identity Management
8.1.6. Information Security Policy
8.1.7. DLP
8.1.8. Anti Malware, Anti-Spam
8.1.9. Proxy/Content Filtering
8.1.10. Patching
8.1.11. DDoS Protection
8.1.12. Hardening guidelines
8.1.13. Desktop Security
8.1.14. Encryption SSL
8.1.15. PKI
8.2. Threat Detection
8.2.1. Log Analysis/Correlation/SIEM
8.2.2. Alerting (ISD/IPD, FIM, WAF, Antivirus, etc)
8.2.3. NetFlow analysis
8.2.4. DLP
8.2.5. Threat Hunting
8.2.6. MSSP intergration
8.2.7. SOC Operations
8.3. Incident Management
8.3.1. Incident Response
8.3.2. Media Relations
8.3.3. Incident Readliness
8.3.4. Forensic Investigation
8.3.5. Data Breach Preperation