[v0.1] Voici ma version de la carte mentale de la Cybersécurité (source : Henry Jiang).
Pour visualiser l'image dans les meilleures conditions :
**En haut à droite de l’image** > ... > Plus d'actions > Voir l'originale
CyberMap_0.1
Fait avec : <https://tree.nathanfriend.io/>
.
├── Frameworks and Standards
│ ├── NIST Cybersecurity Frameworks
│ ├── CIS Benchmarks
│ ├── ISO 27001
│ ├── OWASP Top 10
│ └── MITRE ATT&CK
├── Application Security
│ ├── S-SDLC
│ │ └── "Shift Left"
│ │ └── CI/CD Integration
│ ├── Security UX
│ ├── Security QA
│ ├── API Security
│ ├── Source Code Scan
│ │ ├── SAST
│ │ └── Open Source Scan
│ └── Data-Flow Diagram
├── Risk Assessment
│ ├── Vulnerability Scan
│ ├── Assets Inventory
│ ├── 3rd Party Risk
│ │ └── 4th Party Risk
│ ├── Penetration Test
│ │ ├── Infrastructure (Network & System)
│ │ ├── Social Engineering
│ │ ├── DAST
│ │ └── Application Pentests
│ └── Risk Monitoring Services (Risk Score)
├── Enterprise Risk Management
│ ├── Risk Treatment Actions
│ ├── Risk Acceptance Statement
│ ├── Cyber Insurance
│ ├── Lines of Defense
│ │ ├── Process Owners
│ │ ├── Risk Management Group
│ │ └── Audit
│ │ └── SOC1/SOC2
│ ├── Risk Register
│ ├── Risk Appetite
│ ├── Crisis Management
│ └── Business Continuity Plan & Disaster Recovery
├── Governance
│ ├── Laws and Regulations
│ │ ├── Industry Specific
│ │ │ ├── PCI
│ │ │ └── HIPAA
│ │ ├── Central Government
│ │ │ ├── GDPR
│ │ │ └── GLBA
│ │ └── Regional
│ │ ├── CPPA
│ │ └── NYS-DFS 23 NYCRR 500
│ ├── Executive Management Involvement
│ │ ├── Risk Informed
│ │ └── Reports and Scorecard
│ │ └── KPIs/KRIs
│ └── Company's Written Policies
│ ├── Guideline
│ ├── Compliance & Enforcement
│ ├── Standard
│ ├── Procedure
│ └── Policy
├── Security Architecture
│ ├── Cryptography
│ │ ├── Certificate Management
│ │ ├── Encryption Standards
│ │ └── Key and Secret Management
│ │ ├── Vaulting
│ │ └── HSM
│ ├── Secure System Build
│ │ ├── Patch Management
│ │ └── Baseline Configuration
│ ├── Network Design
│ │ └── DDoS Prevention
│ ├── Data Protection
│ │ └── Data Leakage Prevention
│ ├── Endpoint Hygiene
│ ├── Container Security
│ ├── Cloud Security
│ ├── Access Control
│ │ ├── Federated Identity
│ │ ├── MFA & SSO
│ │ └── Identity Management
│ │ ├── Privileged Access Management
│ │ └── Identity & Access Management
│ └── Security Engineering
├── Career Development
│ ├── Certifications
│ ├── Conferences
│ ├── Self Study
│ ├── Peer Groups
│ ├── Coaches and Role Models
│ └── Training
├── Physical Security
│ └── IoT Security
├── Security Operation
│ ├── Vulnerability Management
│ ├── Threat Hunting
│ ├── SIEM
│ │ └── SOAR
│ ├── Security Operation Centers
│ ├── Incident Response
│ │ ├── Breach Notification
│ │ ├── Containment
│ │ ├── Eradication
│ │ ├── Blue Team
│ │ ├── Red Team
│ │ ├── Investigation
│ │ │ └── Forensics
│ │ └── Detection
│ └── Active Defense
└── User Education
├── Training (new skills)
├── Awareness (reinforcement)
└── Cybersecurity table-top exercise
Frameworks and Standards
NIST Cybersecurity Frameworks
CIS Benchmarks
ISO 27001
OWASP Top 10
MITRE ATT&CK
Application Security
S-SDLC
"Shift Left"
CI/CD Integration
Security UX
Security QA
API Security
Source Code Scan
SAST
Open Source Scan
Data-Flow Diagram
Risk Assessment
Vulnerability Scan
Assets Inventory
3rd Party Risk
4th Party Risk
Penetration Test
Infrastructure (Network & System)
Social Engineering
DAST
Application Pentests
Risk Monitoring Services (Risk Score)
Enterprise Risk Management
Risk Treatment Actions
Risk Acceptance Statement
Cyber Insurance
Lines of Defense
Process Owners
Risk Management Group
Audit
SOC1/SOC2
Risk Register
Risk Appetite
Crisis Management
Business Continuity Plan & Disaster Recovery
Governance
Laws and Regulations
Industry Specific
PCI
HIPAA
Central Government
GDPR
GLBA
Regional
CPPA
NYS-DFS 23 NYCRR 500
Executive Management Involvement
Risk Informed
Reports and Scorecard
KPIs/KRIs
Company's Written Policies
Guideline
Compliance & Enforcement
Standard
Procedure
Policy
Security Architecture
Cryptography
Certificate Management
Encryption Standards
Key and Secret Management
Vaulting
HSM
Secure System Build
Patch Management
Baseline Configuration
Network Design
DDoS Prevention
Data Protection
Data Leakage Prevention
Endpoint Hygiene
Container Security
Cloud Security
Access Control
Federated Identity
MFA & SSO
Identity Management
Privileged Access Management
Identity & Access Management
Security Engineering
Career Development
Certifications
Conferences
Self Study
Peer Groups
Coaches and Role Models
Training
Physical Security
IoT Security
Security Operation
Vulnerability Management
Threat Hunting
SIEM
SOAR
Security Operation Centers
Incident Response
Breach Notification
Containment
Eradication
Blue Team
Red Team
Investigation
Forensics
Detection
Active Defense
User Education
Training (new skills)
Awareness (reinforcement)
Cybersecurity table-top exercise