Cybersecurity Domains

Security Architecture

Network Design

Secure Application
Development

Security Engineering

Data Protection

Access Control

Identity Management

Privileged Access
Management

Identity & Access
Management

Cloud Security

Federated Identity

CASB

Secure System Build

Baseline Configuration

Cryptography

Governance

Laws and Regulations

State

Federal

Industry Specific

Company's Written Supervisory Procedures (WSPs)

Policy

Procedure

Standard

Guideline

Compliance & Enforcement

Audit

Executive Management Involvement

Reports and Scorecards

KPIs/KRIs

Risk Informed

User Education

Training (new skills)

Awareness (reinforcement)

Career Development

Training

Certification

Conferences

Peer Groups

Self Study

Physical Security

Security Operation

SOC

Incident Response

Breach Notification

Containment

Eradication

Investigation

Forensics

SIEM

Detection

Prevention

Protection

Recovery

BCP

DR

Data Leakage

Vulnerability
Management

Active Defense

Risk Assessment

3rd Party Risk

4th Party Risk

Penetration test

Redteam

Application

Blueteam

Infrastructure

Social Engineering

Data-Centric Risk
Assessment

Data-Flow Map

Vulnerability
scan

Source Code Scan

Blackbox

Whitebox

Assets Inventory

Threat Intelligence

Internal

IOCs

Intel. Sharing

External

Contextual

Framework
and Standard

NIST

ISO/IEC

SANS/CSC

COBIT

click to edit

click to edit

click to edit