CISO Leadership Overview

Cyber Security Mind Map Examples:

• 网络安全绪论
• 扫描与防御技术
• 口令破解及防御技术
• 拒绝服务供给与防御技术
• Web及防御技术
• 计算机病毒
• 网络安全发展与未来



SANS Cisco Mind Map

• 企业安全工作要点思维导图

Free Cloud Mind Map Website: Mind Mup2 - https://drive.mindmup.com/

A CISO (Chief Information Security Officer) has a complex role within a company. They have a wide array of tasks to perform, that involves many differing parts, which the average individual is not always aware of.

CISO Mind Map is an overview of responsibilities and ever expanding role of the CISO.  This Security Leadership poster made by SANS shows exactly the matters a CISO needs to mind when creating a world class IT Security team. It also highlights the essential features necessary of a Security Operations Centre (SOC).

To make this chart more practical, I put them into the tables and will update it with some technologies and thoughts applied in my daily work. This update will last a long term. It will be put into navigation bar for easy access.

Security Operations

Prevention	Detection	Response
Data Protection IBM Guardium Network Security Network IPS Firewall Cisco CheckPoint Fortigate Juniper Palo Alto etc Application Security OWASP WASC Qualys WAS IBM Appscan HP Fortify VeraCode Endpoint Security Host IPS AntiVirus AntiSpam Endpoint Encryption Secure Configurations Active Defense Patching WSUS Web Filtering Cisco IronPort Email Filtering ProofProint	Log Management / SIEM IBM Qradar ArcSight Continuous Monitoring Network Security Monitoring Solarwinds PRTG MRTG NetFlow Analysis Threat Hunting Penetration Testing Kali Red Team Vulnerability Scanning Nessus Qualys Human Sensor Data Loss Prevention (DLP) Symantec DLP Security Operation Center (SOC) Threat Intelligence Symantec ATP FireEye Threat Modeling Microsoft STRIDE Tool	Incident Handling Plan Document Breach Preparation Tabletop Exercise Forensic Analysis SANS SIFT Paladin Crisis Management Breach Communication

Legal and Regulatory

Compliance	Privacy	Audit	Investigation
PCI SOX HIPAA FFIEC, CAT FERPA NERC CIP NISP SP 800-37 and 800-53 Public Service of Ontario Act, 2006 (PSOA). Employment Standards Act (Ontario) (ESA)	Privacy Shield EU GDPR	SSAE 16 SOC 2 ISO27001 FISMA and FedRAMP NIST SP 800-53A COSO	eDiscovery Forensics SANS SIFT Paladin
Intellectual Property	Contract Review	Customer Requirments	Lawsuit Risk & Acts
Documents	Documents	Documents	Archives and Recording Act, 2006 Freedom of Information and Protection of Privacy Act 1990 Auditor General Act 1990 Accessibility for Ontarians with Disabilities Act, 2005 Ministry of Government and Counsumer Services: Corporate Policy on RecordKeeping Bill 168 – Ontario’s Law on Workplace Violence and Harassment

Risk Management

Risk Framework	Risk Assessment Methodology	Business Impact Analysis
FAIR NIST RMF OCTAVE TARA	SANS GIAC	ISACA Doc
Risk Assessment Process	Risk Analysis and Quantification	Security Awareness
		Training Lunch Learn Communication
Vulnerability Management	Vendor Risk Management	Physical Security
Qualys		Badge  Gate / Turnstile Camera
Disaster Recovery (DR)	Business Continuity Planning	Risk Treatment
		Mitigation Planning Verification Remediation Cyber Insurance
Policies and Procedures
Code of Conduct Accessibility Policy – Providing Services to People with Disabilities Appropriate Use of Information and Computing Resources Policy Financial Policies and Procedures, including Procurement & Contract Management Policy Adjudication Guideline Guidance for Staff on Invitations to Third Party Functions and Other Gifts Guidelines to Personal Trading Rules Information and Records Management Policy Media Relations Policy Political Activity Policy Respectful Workplace Policy Security/Safety and Emergency Procedures Travel, Meal and Hospitality Expenses Policy Your Guide to Working at the Company Policy on Protecting Information When Outside the Office Security Classification Guidance Proper recordkeeping and appropriate records management: relevant principles and best practices Classification Scheme and Retention Schedule - Transitory Records Schedule

Business Enablement

Product Security	Cloud Computing	Mobile
Secure DevOps Secure Development Lifecycle Bug Bounties Web, Mobile, Cloud AppSec	Cloud Security Architecture Cloud Guidelines	BYOD (Bring Your Own Device) Mobile Policy
Emerging Technologies	Mergers and Acquisitions
Internet of Things (IoT) Augmented Reality (AR) Virtual Reality (VR) Block Chain	Security Due Diligence

Governance

Strategy	Business Alignment	Risk Management
Team Charter Roadmap Security Posture
Program Frameworks	Control Frameworks	Program Structure
NIST CSF ISO27000	NIST 800-53 CIS Controls
Program Management	Communications Plan	Roles and Responsibilities
Workforce Planning	Resource Managemnet	Data Classification
		Documentation
Security Policy	Create a Security Culture	Security Training
Security Handbook Policy		Awareness Training Wombat Role-Based Training
Metrics and Reporting	IT Portfolio Management	Change Management
TIBCO Spotfire		ITIL
Board Communications
Information Security Steering Board

Identify and Access Management

Provisioning/ Deprovisioning	Single Sign On (SSO)	Federated Single Sing on (FSSO)
Multi-Factor Authentication	Role-Based Access Control (RBAC)	Identity Store (LDAP, ActiveDirectory)

Leadership Skills

Business Strategy	Industry Knowledge	Business Acumen
Communication Skills	Presentation Skills	Strategic Planning
Technical Leadership	Security Consulting	Stakeholder Management
ISO Charter	Advisory  Group / Team Mail Box  Coloring Categorie
Negotiations	Mission and Vision	Values and Culture
Roadmap Development	Business Case Development	Project Management
Company / Organization Wide Information Security RoadMap		Project Charter
Employee Development	Financial Planning	Budgeting
Innovation	Marketing	Leading Change
Customer Relationships	Team Building	Mentoring
	ISO Team Dashboard Project Portfolio Operational Activities

Note: ISO = Information Security Office



Another CISO Mind Map example:

Note: The original image concept was created by Rafeeq Rehman and later redesigned by Momentum Partners.

===================================================================
What is the job of Chief Information Security Officer (CISO) in ISO 27001?

Compliance:

• Develop the list of interested parties related to information security (see also How to identify interested parties according to ISO 27001 and ISO 22301)
• Develop the list of requirements from interested parties
• Remain in continuous contact with authorities and special interest groups
• Coordinate all efforts related to personal data protection

Documentation:

• Propose the draft of main information security documents – e.g., Information security policy, Classification policy, Access control policy, Acceptable use of assets, Risk assessment and risk treatment methodology, Statement of Applicability, Risk treatment plan, etc.
• Be responsible for reviewing and updating main documents
• Risk management:
• Teach employees how to perform risk assessment
• Coordinate the whole process of risk assessment (see also: ISO 27001 risk assessment & treatment – 6 basic steps)
• Propose the selection of safeguards
• Propose the deadlines for safeguards implementation

Human resources management:

• Perform background verification checks of job candidates
• Prepare the training and awareness plan for information security (see also How to perform training & awareness for ISO 27001 and ISO 22301)
• Perform continuous activities related to awareness raising
• Performing induction training on security topics for new employees
• Propose disciplinary actions against employees who performed the security breach

Relationship with top management:

• Communicate the benefits of information security (see also Four key benefits of ISO 27001 implementation)
• Propose information security objectives (see also ISO 27001 control objectives – Why are they important?)
• Report on the results of measuring
• Propose security improvements and corrective actions
• Propose budget and other required resources for protecting the information
• Report important requirements of interested parties
• Notify top management about the main risks
• Report about the implementation of safeguards
• Advise top executives on all security matters

Improvements:

• Ensure that all corrective actions are performed
• Verify if the corrective actions have eliminated the cause of nonconformities

Asset management:

• Maintain an inventory of all important information assets
• Delete the records that are not needed any more
• Dispose of media and equipment no longer in use, in a secure way

Third parties:

• Perform risk assessment for activities to be outsourced
• Perform background check for candidates for outsourcing partners
• Define security clauses that must be part of an agreement

Communication:

• Define which type of communication channels are acceptable and which are not
• Prepare communication equipment to be used in case of an emergency / disaster

Incident management:

• Receive information about security incidents
• Coordinate response to security incidents
• Prepare evidence for legal action following an incident
• Analyze incidents in order to prevent their recurrence

Business continuity:

• Coordinate the business impact analysis process and the creation of response plans
• Coordinate exercising and testing
• Perform post-incident review of the recovery plans

Technical:

• Approve appropriate methods for the protection of mobile devices, computer networks and other communication channels
• Propose authentication methods, password policy, encryption methods, etc.
• Propose rules for secure teleworking
• Define required security features of Internet services
• Define principles for secure development of information systems
• Review logs of user activities in order to recognize suspicious behavior