Skip to content

Instantly share code, notes, and snippets.

@DinisCruz

DinisCruz/ciso-mindmap-2025.json

Last active March 31, 2025 09:13
Show Gist options
  • Save DinisCruz/6a95c638775b2164e4f28158c24b7722 to your computer and use it in GitHub Desktop.
Save DinisCruz/6a95c638775b2164e4f28158c24b7722 to your computer and use it in GitHub Desktop.
Download ZIP
First pass at creating a JSON version of the CISO MindMap created by Rafeeq Rehman https://www.linkedin.com/feed/update/urn:li:activity:7312240126099636224/ (created by Claude 3.7)
Raw
ciso-mindmap-2025.json
{
"title": "InfoSec Professionals Responsibilities",
"categories": [
{
"name": "Security Operations",
"subcategories": [
{
"name": "Threat Prevention (NIST CSF Identify & Protect)",
"items": [
"Asset Management",
"Network/Application Firewalls",
{
"name": "Vulnerability Management",
"items": [
{
"name": "Scope",
"items": [
"Operating Systems",
"Network Devices",
"Applications",
"Databases",
"Code Review",
"Physical Security",
"Cloud misconfiguration testing",
"Mobile Devices & Apps",
"Containers",
"Attack surface management",
"IoT",
"OT/SCADA"
]
},
"Identify (periodic or continuous)",
"Classify",
"Risk Based Approach",
"Prioritize (e.g. use of EPSS)",
"Mitigation (Fix, verify, false positive)",
"Measure",
"Baseline",
"Metrics"
]
},
{
"name": "Application Security",
"items": [
"Application Development Standards",
"Secure Code Training and Review",
"Application Vulnerability Testing",
"Change Control",
"File Integrity Monitoring",
"Web Application Firewall",
"Integration to SDLC and Project Delivery",
"Inventory open source components",
"Source code supply chain security",
"API Security"
]
},
"Network IPS and IDS",
"Identity Management",
"DLP",
"Anti Malware, Anti-spam",
"Proxy/Content Filtering",
"DNS security/filtering",
"Patching",
"DDoS Protection",
"Hardening guidelines",
"Desktop security",
"Encryption, SSL, PKI",
"Security Health Checks",
"Public software repositories",
"Awareness training"
]
},
{
"name": "Threat Detection (NIST CSF Detect)",
"items": [
"Log Analysis/correlation/SIEM",
"Alerting (IDS/IPS, FIM, WAF, Anti Malware, etc)",
"NetFlow analysis",
"DLP",
"Threat hunting and Insider threat",
"MSSP integration",
"Threat Detection capability assessment",
"Gap assessment",
"Prioritization to fill gaps",
{
"name": "SOC Operations",
"items": [
"SOC Resource Mgmt",
"SOC Staff continuous training",
"Shift management",
"SOC procedures",
"SOC Metrics and Reports",
"SOC and NOC Integration",
"SOC Tech stack management",
"SOC DR exercise"
]
},
"Partnerships with ISACs",
"Long term trend analysis",
"Unstructured data from IoT",
"Integrate new data sources",
"Red team/blue team exercises",
"Integrate threat intelligence platform (TIP)",
"Deception technologies for breach detection",
"Full packet inspection",
"Detect misconfigurations",
"Integrate Cloud based tools"
]
},
{
"name": "Skills Development",
"items": [
"Machine Learning",
"Algorithm Biases",
"IoT",
"Autonomous Vehicles",
"Drones",
"Medical Devices",
"Industrial Control Systems (ICS)",
"MITRE ATT&CK",
"Soft skills",
"DevOps Integration",
"Prepare for unplanned work",
"Manage data process cost",
"Use of AI, GenAI and Data Analytics",
"Use of computer vision in physical security",
"Log Anomaly Detection",
"ML model training, retraining"
]
},
{
"name": "Incident Management (NIST CSF Respond & Recover)",
"items": [
"Create adequate Incident Response capability",
"Incident Response Playbooks",
"Incident Readiness Assessment",
"Forensic Investigation",
"Data Breach Preparation",
"Update and Test Incident Response Plan",
"Set Leadership Expectations",
"Forensic and IR Partner, retainer",
"Adequate Logging",
"Breach exercises (e.g. simulations)",
"First responders Training",
"IR Playbook testing",
"Media Relations",
"Business Continuity Planning",
{
"name": "Ransomware",
"items": [
"Identify critical systems",
"Perform ransomware BIA",
"Tie with BC/DR Plans",
"Devise containment strategy",
"Ensure adequate backups",
"Periodic backup test",
"Offline backups in case backup is ransomed",
"Mock exercises",
"Implement machine integrity checking"
]
},
"Automation and SOAR Playbooks",
{
"name": "Supply chain incident mgmt",
"items": [
"Keep inventory of software components",
"Integrate into vulnerability mgmt",
"Integrate into SDLC and risk mgmt process"
]
},
"Managing relationships with law enforcement",
"Post-incident analysis",
"Cyber Risk Insurance"
]
}
]
},
{
"name": "Identity Management",
"items": [
"Identity Credentialing",
"User Provisioning and Identity Life Cycle Management",
"Single Sign On (SSO, Simplified sign on)",
"Repository (LDAP/Active Directory, Cloud Identity, Local ID stores)",
"Federation, SAML, Shibboleth",
{
"name": "2-Factor (multi-factor) Authentication - MFA",
"items": [
"Authenticator Apps",
"Tokens and cards",
"One time passcodes"
]
},
"Role-Based Access Control (RBAC)",
"Customer Identity - Ecommerce and Mobile Apps",
"Password resets/self-service",
"HR Process Integration",
"Integrating cloud-based identities",
"IoT device identities",
"IAM SaaS solutions",
"Unified identity profiles",
{
"name": "Password-less authentication",
"items": [
"Voice signatures",
"Face recognition",
"Passkey"
]
},
"IAM with Zero Trust technologies",
"Privileged Access Management (PAM)",
{
"name": "Use of public identity (Google, FB etc.)",
"items": [
"OAuth",
"OpenID"
]
},
"Digital Certificates",
"API authentication and secrets management"
]
},
{
"name": "Governance",
"items": [
"Strategy and business alignment",
"Security policies, standards",
"Legal, regulatory and contract",
{
"name": "Risk Mgmt/Control Frameworks",
"items": [
"NIST - relevant NIST standards",
"ISO",
"COSO",
"COBIT",
"ITIL",
"FAIR",
"FISMA",
"CMMC",
"Visibility across multiple frameworks"
]
},
"Roles and Responsibilities (RACI charts)",
"Data Ownership, sharing, and data privacy",
"Conflict Management",
{
"name": "Metrics and Reporting",
"items": [
"Operational Metrics",
"Executive Metrics",
"Validating effectiveness of metrics"
]
},
"IT, OT, IoT/IIoT Convergence",
"Explore options for cooperative SOC, collaborative infosec",
"Tools and vendors consolidation",
"Evaluating control effectiveness",
"Maintaining a roadmap/plan for 1-3 years",
"Board oversight and board presentations",
"Security Team Branding",
"Aligning with Corporate Objectives",
"Continuous Mgmt Updates, metrics",
"Negotiation, give and take",
"Corporate politics, picking battles carefully",
"Innovation and Value Creation",
"Expectations Management",
"Show progress/risk reduction",
"ROSI"
]
},
{
"name": "Business Enablement",
"subcategories": [
{
"name": "Remote Work",
"items": [
"Enable Secure Application access",
"Secure expanded attack surface",
"Security of sensitive data accessed from home",
"Zero trust access to applications"
]
},
{
"name": "Automation and Analytics",
"items": [
"Automate patching",
"Secure DevOps, DevSecOps",
"Embedding security tools in CI/CD pipelines",
"Automate threat hunting",
"Automate risk scoring",
"Automate asset inventory",
"Secure infrastructure as code",
"Automate API inventory",
"Automate risk register",
"Automate security metrics",
"Automate incident response where applicable",
"Automate compliance checks"
]
},
{
"name": "Risk Management",
"items": [
"Physical Security",
"Vulnerability Management",
"Ongoing risk assessments/pen testing",
"Code Reviews, SAST",
"Use of Risk Assessment Methodology and framework",
"Policies and Procedures",
"Phishing and Associate Awareness",
{
"name": "Data Centric Approach",
"items": [
"Data Discovery",
"Data Classification",
"Access Control",
"Data Loss Prevention - DLP",
"Customer and Partner Access",
"Encryption/Masking",
"Monitoring and Alerting"
]
},
{
"name": "Operational Technologies",
"items": [
"Industrial Controls Systems",
"PLCs",
"SCADA",
"HMIs"
]
},
"Third party risk management (TPRM) automation",
"Cyber Risk Quantification (CRQ)",
"Maintain Centralized Risk Register",
"Loss, Fraud prevention"
]
},
{
"name": "Legal",
"items": [
"Data Discovery and Data Ownership",
"Vendor Contracts",
"Investigations/Forensics",
"Attorney-Client Privileges",
"Data Retention and Destruction"
]
},
{
"name": "Compliance and Audits",
"items": [
"CCPA, GDPR & other data privacy laws",
"PCI",
"SOX",
"HIPAA and HITECH",
"Regular Audits",
"SSAE 18",
"NIST/FISMA",
"CMMC",
"HITRUST",
"DORA",
"SEC notification requirements",
"Other compliance needs"
]
},
{
"name": "Security Architecture",
"items": [
"Traditional Network Segmentation",
"Micro segmentation strategy",
"Application protection",
"Defense-in-depth",
"Remote Access",
"Encryption Technologies",
"Backup/Replication/Multiple Sites",
"Cloud/Hybrid/Multiple Cloud Vendors",
"Software Defined Networking",
"Network Function Virtualization",
"Zero trust models and roadmap",
"SASE/SSE strategy, vendors",
"Overlay networks, secure enclaves"
]
},
{
"name": "Project Delivery Lifecycle",
"items": [
"Embedding security in Project Requirements",
"Threat modeling and Design reviews",
"Security Testing",
"Certification and Accreditation"
]
},
{
"name": "Artificial Intelligence and Generative AI (GenAI)",
"items": [
"AI Governance, Policies, Transparency",
"LLMs, Chatbots, Agents, RAG",
"Safe and ethical uses of GenAI",
"Secure AI/GenAI models",
"Protecting Intellectual Property",
"Identify GenAI plausible use cases",
"Securing training and test data",
"Adversarial attacks",
"AI enabled security tools, threat detection",
"Train InfoSec teams on AI technologies",
"NIST AI Risk Mgmt Framework",
"Use of GenAI in task automation",
"AI/GenAI testing tools",
"OWASP Top 10 LLM and GenAI risk"
]
},
{
"name": "Mergers and Acquisitions",
"items": [
"Acquisition Risk Assessment",
"Network/Application/Cloud Integration Cost",
"IAM integration",
"Security tools rationalization"
]
},
{
"name": "Cloud Computing",
"items": [
"Multi-Cloud architecture",
"Strategy and Guidelines",
"Cloud Security Posture Management (CSPM)",
"Ownership/Liability/Incidents",
"SaaS Strategy",
"Vendor's Financial Strength",
"SLAs",
"Infrastructure Audit",
"Proof of Application Security",
"Disaster Recovery Posture",
"Data ownership, compliance",
"Integration of Identity Management/Federation/SSO",
"SaaS Policy and Guidelines",
"Cloud log integration/APIs",
"Virtualized security appliances",
"Cloud-native apps security",
"Containers-to-container communication security",
"Service mesh, micro services",
"Serverless computing security"
]
},
{
"name": "Mobile Technologies",
"items": [
"Technology advancements",
"Lost/Stolen devices",
"BYOD and MDM (Mobile Device Management)",
"Mobile Apps Inventory"
]
},
{
"name": "Processes",
"items": [
"HR/On Boarding/Termination",
"Business Partnerships",
"Agility, Business Continuity and Disaster Recovery",
"Understand industry trends (e.g. retail, financials, etc)",
"Evaluating Emerging Technologies (Quantum, Crypto, GenAI etc.)"
]
},
{
"name": "IoT",
"items": [
"IoT Frameworks",
"Hardware/Devices security features",
"IoT Communication Protocols",
"Device Identity, Auth and Integrity",
"Over the Air updates",
{
"name": "IoT Use cases",
"items": [
"Track and Trace",
"Condition Based Monitoring",
"Customer Experience",
"Smart Grid",
"Smart Cities / Communities",
"Others"
]
},
"IoT SaaS Platforms",
"Augmented and Virtual Reality",
"Drones",
"Edge Computing"
]
}
]
},
{
"name": "Team Management",
"items": [
"Manage Infosec Budget",
"Managing Security Projects",
"Business Case Development",
"Alignment with IT Projects",
"Balancing budget for People, Training, and Tools/Technology/Hardware, travel, conferences",
"Consulting and outsourcing",
"CapEx and OpEx considerations",
"Technology amortization",
"Retire redundant & under utilized tools",
{
"name": "Staffing and Talent Management",
"items": [
"Recruiting, performance and retention",
"Staff burnout prevention",
"Balance FTE and contractors",
"Staff training and skills update"
]
}
]
}
]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment