Enterprise Security Architecture
-
-
-
-
-
-
- Reduce the vulnerabilites present within the architecture
- Use breach data for lessons learnt and control improvement
- Determine the impact and scale of a security breach
- Share and Consume Intelligence Data
- Prevent unauthorised changes to configuration
- Reduce the attack surface on supported end points
- Reduce the number of Vulnerabilities present within organisation assets.
- Prevent vulnerabilities from being exploited
- Reduce vulnerabilities in code and deployed applications
- Detect and respond to unusual activity.
- To control the number of security vulnerabilities in the development lifecycle
- Control the number of vulnerabilities through error and poor coding
- Control the number of vulnerabilities introduced through the use of 3rd party components.
- Ensure use of components are properly licenced
- Prevent unknown and unauthorised software from entering the development lifecycle
- Code of a known quality and source is used within production deployments
- All Code entering production is signed with Organisation Certificate
- All code can be traced back to the developer
- All Developers are issued with a certificate to be used for signing
- All code downloaded from approved sources has a valid trusted certificate.
- All code from Untrusted sources are prevented from being used within the development process
- Untrusted code is reviewed and tested before being signed
- All Container images are signed before submission to the Container Registry
- Signatures are validated at every step in the development lifecycle
- Any change to trusted (signed) code invalidates the signature and marks the code as untrusted until the code has been retested and signed with a new signature.
- All signatures must utilise timestamps to prevent code becoming untrusted due to certificate expiration
- To be proactive in identifying, containing and treating security issues and incidents
- Work with external Cyber security communities, regulators and others groups
- Reduction of Cyber Security and Privacy risks to tolerable levels
- Our client businesses require a high level of TRUST ensured through Availability, Integrity and Confidentiality (Security)
- The business is a high value target for cyber criminals
- Regulation
- Security function must be coordinated centrally
- All tools must be Cloud capable
- Defense-in-depth architecture
- Centralised Threat intelligence
- Secure delivery of code into the production environment
- Respond rapidly and effectively to Cyber alerts
- Provide effective and relevant threat intelligence
- GDPR penalties are high.
- The business depends on maintaining a good reputation. A disclosed incident could significantly damage our reputation
- Monitoring and analysing security on an ongoing basis. Detecting, analysing and responding to security incidents
- Proactive investigation of suspicious activities, ensuring that potential security incidents are correctly defended, identified, analysed, investigated and escalated.
- Business Driver
- Business Goal
- Principles
- Maximise Reuse of existing capability
- Use best of breed where possible
- Use COTS products where possible
- Increasing Threat Environment increasing the likelihood of a breach occurring.
- To prevent exploitation of vulnerabilities leading to compromise
- Assessment or Description
- CONSTRAINT -The traditional Pentest process was designed to work in a Waterfall project methodology and doesn't support the fix fast, fix often approach taken by modern Agile software development practices.
- RISK - Developers utilise code fom public repositories. Something like 85 to 98% of code is someone elses work. The reliance on public repositories is a concern for security as the code could be badly written, have licencing implications or contain malicious code.
- RISK - If developers use code or packages which is open source licenced then under the AGP/GPL licence the product they are writting also becomes open source and cannot be sold and must be freely distributed.
- Volume of Data
- Location of source Data
- Access to relevant data in supply chain control.
- Understanding of the Business Threats
- Understanding of the Organisations Risks and Issues
- Monitor and respond to available intelligence
- Keep abreast of current threats
- Use breach data for lessons learnt and control improvement.
- Prevent Malware and Ransomeware from affecting the organisation
- Prevent Compromise of Organisation Assets
- Minimise the impact of a Cyber Security Event
- Detect Compromise of Organisation Assets
- Repeatable consistant deployment of secure builds
- Reduce vulnerabilities through application of secure builds
- Increase speed of delivery of infrastructure
- Reduce the need for expensive time consuming infrastructure security testing.
- Enable rapid application of seurity patching.
- Respond rapidly to security threats.
- Security Operation Centre - Mission Statement
- Accessible - data
- Cost Effective - operation
- Cost Effective - delivery
- Measurable Value - ROI
- Authorised - Internal - Access to Resources
- Authorised - 3rd Party access to information
- Authorised - 3rd Party access to people
- Informed - New systems or services
- Informed - Threats
- Accuracy - Intelligence Data
- Accuracy - Log Data - Timestamp
- Accuracy - Log Data -Integrity
- Tamperproof - Log Data
- Measurement - Testing
- Measurement - Independant Design Review
- Measurement - Performance Review
- Measurement - Design Review
- RISK - Log Sizes
- Mitigation - Misuse and Abuse Cases
- RISK - Log Sources
- RISK - Data Gravity
- Mitigation - Deduplication
- ISSUE - Increasing cost for Log Storage
- RISK - Duplicating services across multiple cloud platforms
-
-
-
-
Site to Site VPN Tunnel
(VPN - VPN)
-
(External Customer - Bank -OPERATE - VPN)
-
(External User - Bank - MAINTAIN - VPN)
-
(VPN - Jump Server)
-
(VPN Temenos - Jump Server Temenos)
-
Site to Site VPN Tunnel
(VPN - Temenos - VPN Temenos)
-
(Support - MAINTAIN - VPN - Temenos)
-
(Support - OPERATE - VPN - Temenos)
-
(External Customer - Bank -OPERATE - Browser - HTTPS)
-
(External User - Bank - MAINTAIN - Browser - HTTPS)
-
(Endpoint Protection - Endpoint UEBA Application)
-
(Endpoint Protection - Anti Malware)
-
(Dev Ops Vulnerability Detection and Remediation Capability - Patching)
-
(Dev Ops Vulnerability Detection and Remediation Capability - Code review)
-
(Dev Ops Vulnerability Detection and Remediation Capability - Pentest Engagement)
-
(First Response - Call Centre - first response)
-
(First Response - Real Time Monitoring and triage)
-
(First Response - Industry news analysis)
-
(2nd Level - Incident Analysis)
-
(2nd Level - Incident Investigation)
-
(2nd Level - Forensic Artifact Handling)
-
(2nd Level - Malware Analysis)
-
(SoC Engineering - Sensor and SIEM Tuning)
-
(SoC Engineering - Scripting and Automation)
-
(2nd Level - Trend Analytics)
-
(Trending and Analysis - Threat Hunting)
-
(Security Testing - Penetration Testing - External)
-
(Security Testing - Penetration Testing - Internal)
-
(Security Testing - Vulnerability Scanning)
-
(Trending and Analysis - Direction)
-
(Trending and Analysis - Collection)
-
(Trending and Analysis - Intelligence Direction)
-
(Trending and Analysis - Intelligence Collection)
-
(Trending and Analysis - Intelligence Processing)
-
(Trending and Analysis - Intelligence Disemination)
-
(First Response - Incident Triage)
-
(2nd Level - Vulnerability Analytics)
-
(SIEM Engineer - 2nd Level)
-
(Security SME - 2nd Level)
-
(Cyber Analyst - First Response)
-
(Threat Analyst - Trending and Analysis)
-
(Endpoint Protection - Security Log Collection - Syslog )
-
(SoC Engineering - Tooling Deployment and Maintenance)
-
(Trending and Analysis - Misuse and Abuse Case Development)
-
(Windows Event Log - SIEM)
-
(Syslog - SIEM)
-
(Security Monitoring Capability - SIEM Engineer)
-
(SIEM Engineer - SIEM)
-
(Security Monitoring Capability - Logs)
-
(Security Monitoring Capability - Rules)
-
(Rules - SIEM)
-
(Security Monitoring Processes - Security Monitoring - Analyse)
-
(Business Misuse and Abuse Cases - Security Monitoring - Gather)
-
(Build and Build Compliance Processes - Build Design)
-
(Vulnerability Scanning MI Generation and Distribution - Vulnerability Scanning MI)
-
(Build and Build Compliance Processes - Build Compliance Schedule)
-
(System Misuse and Abuse Cases - Security Monitoring - Gather)
-
(Vulnerability Scanning Processes - Vulnerability Management Policy)
-
(Build Compliance MI Generation and Distribution - Build Compliance MI)
-
(Vulnerability Scanning Processes - Vulnerability Reporting)
-
(Security Monitoring Processes - Log Data)
-
(Build Standards - Secure Baseline Build Design)
-
(Build and Build Compliance Processes - Baseline Build Remediation)
-
(Vulnerability Scanning Processes - Vulnerability Scanning Schedule)
-
(Build and Build Compliance Processes - Baseline Build Compliance Checking)
-
(Build and Build Compliance Processes - Build Compliance MI)
-
(Vulnerability Management Policy - Vulnerability Scan)
-
(CVE Sources - Vulnerability Signature Updates)
-
(Build and Build Compliance Processes - Secure Baseline Build Design)
-
(Vulnerability Scanning Processes - Vulnerability Scanning MI Generation and Distribution)
-
(Security Monitoring Processes - Security Monitoring - Determine)
-
(Build and Build Compliance Processes - Penetration Testing)
-
(Vulnerability Scanning Schedule - Configuration Maintenance)
-
(Vulnerability Scanning Schedule - Vulnerability Scan)
-
(Identify Targets and Maintain Target Asset Database - Configuration Maintenance)
-
(Log Data - Security Monitoring - Gather)
-
(Vulnerability Scanning Processes - Vulnerability Signature Updates)
-
(Vulnerability Scanning Processes - Identify Targets and Maintain Target Asset Database)
-
(Build Compliance Schedule - Build Compliance Reporting)
-
(Security Monitoring Processes - Protective Monitoring MI)
-
(Security Monitoring Processes - Security Monitoring - Maintain)
-
(Build Design - Secure Baseline Build Design)
-
(Penetration Testing - Pentest Report)
-
(Build Standards - Baseline Build Compliance Checking)
-
(Security Monitoring Processes - Security Monitoring - Recover)
-
(Vulnerability Management Policy - Vulnerability Reporting)
-
(Vulnerability Scanning Processes - Vulnerability Scan)
-
(Vulnerability Scanning Processes - Vulnerability Remediation)
-
(Security Monitoring Processes - Security Monitoring - MI Generation and Distribution)
-
(Security Monitoring Processes - Security Monitoring - Gather)
-
(Build Standards - Baseline Build Maintenance)
-
(Security Monitoring Processes - Security Monitoring - Respond)
-
(Build and Build Compliance Processes - Pentest Report)
-
(Baseline Build Maintenance - Build Design)
-
(Security Monitoring Processes - System Misuse and Abuse Cases)
-
(Build and Build Compliance Processes - Build Compliance MI Generation and Distribution)
-
(Build Compliance Reporting - Build Compliance Report)
-
(Build and Build Compliance Processes - Build Standards)
-
(Build and Build Compliance Processes - Build Compliance Report)
-
(Build and Build Compliance Processes - Build Compliance Reporting)
-
(Build Standards - Baseline Build Remediation)
-
(Vulnerability Scanning Processes - Configuration Maintenance)
-
(Vulnerability Scanning Processes - CVE Sources)
-
(Build and Build Compliance Processes - Baseline Build Maintenance)
-
(Security Monitoring Processes - Business Misuse and Abuse Cases)
-
(Vulnerability Scanning Processes - Vulnerability Scanning MI)
-
(Security Monitoring - Gather - Log Configuration)
-
(Vulnerability Management Policy - Vulnerability Remediation)
-
(Security Monitoring Processes - Log Configuration)
-
(Security Monitoring - MI Generation and Distribution - Protective Monitoring MI)
-
(CVE Sources - Configuration Maintenance)
-
(Incident Management Processes - Incident Identification and Reporting)
-
(Incident Reporting - Incident Report)
-
(Incident Management Processes - Incident Report)
-
(Incident Management Processes - Incident Management MI)
-
(Incident Resolution and Recovery - Incident Record)
-
(Incident Management Processes - Crisis Management )
-
(Incident Management Processes - Incident Resolution and Recovery)
-
(Incident Logging - Incident Record)
-
(Incident Management Processes - Incident Management MI Generation and Distribution)
-
(Incident Closure - Incident Record)
-
(Incident Management Processes - Incident Record)
-
(Incident Investigation - Incident Record)
-
(Incident Management Processes - Incident Closure)
-
(Incident Management Processes - Incident Reporting)
-
(Incident Management MI Generation and Distribution - Incident Management MI)
-
(Incident Escalation - Crisis Management )
-
(Incident Management Processes - Incident Logging)
-
(Incident Management Processes - Incident Investigation)
-
(Incident Management Processes - Incident Escalation)
-
(Intelligence Management Processes - Produce Intelligence Summary Report)
-
(Intelligence Management Processes - Produce Intelligence Threat Report)
-
(Intelligence Management Processes - Produce Intelligence Thematic Report)
-
(Intelligence Management Processes - Produce Intelligence Report)
-
(Intelligence Management Processes - Strategy Development)
-
(Intelligence Management Processes - External Malware Intelligence)
-
(Intelligence Management Processes - External Threat Summary)
-
(Intelligence Management Processes - Industry News)
-
(Intelligence Management Processes - Intelligence from Partners)
-
(Intelligence Management Processes - Internal Intelligence Sources)
-
(Intelligence Management Processes - Gather Intelligence)
-
(Intelligence Management Processes - Triage Intelligence)
-
(Intelligence Management Processes - Respond)
-
(Gather Intelligence - Triage Intelligence)
-
(Triage Intelligence - Respond)
-
(Vulnerability Scan - Vulnerability Reporting)
-
(Vulnerability Reporting - Vulnerability Remediation)
-
(Vulnerability Remediation - Vulnerability Scanning MI Generation and Distribution)
-
(Incident Management Processes - Security Incident - Advice and Guidance Guidlines)
-
(Security Incident - Advice and Guidance Guidlines - Incident Identification and Reporting)
-
(Intelligence Management Processes - Manage Intelligence Feeds)
-
(External Threat Summary - Produce Intelligence Summary Report)
-
(External Malware Intelligence - Produce Intelligence Summary Report)
-
(Industry News - Produce Intelligence Summary Report)
-
(Intelligence from Partners - Produce Intelligence Summary Report)
-
(Vulnerability Management Capability - Reduce the number of Vulnerabilities present within organisation assets.)
-
(Vulnerability Management Capability - Infrastructure Vulnerability Scan)
-
(Vulnerability Management Capability - Vulnerability Detection and Remediation)
-
(Static Application Security Testing (SAST) - Vulnerability Detection and Remediation)
-
(Dynamic Application Security Testing (DAST) - Vulnerability Detection and Remediation)
-
(Composition Anaysis - Vulnerability Detection and Remediation)
-
(Vulnerability Scanner - Infrastructure Vulnerability Scan)
-
(Infrastructure Vulnerability Scan - Reduce the number of Vulnerabilities present within organisation assets.)
-
(Vulnerability Detection and Remediation - Reduce the number of Vulnerabilities present within organisation assets.)
-
(Security Monitoring - Maintain - SIEM Configuration Management)
-
(Security Monitoring - Maintain - Define and Maintain Correlation Rules)
-
(Security Monitoring - Maintain - Define and Maintain Analysis Rules)
-
(Security Monitoring - Maintain - Define and Maintain Misuse and Abuse Cases)
-
(Security Monitoring - Maintain - Define and Maintain Capture and Alerting Requirements )
-
(Security Monitoring - Maintain - Define and Maintain Audit Conditions)
-
(Security Monitoring - Maintain - Define and Maintain Compliance Checks)
-
(Security Monitoring - Maintain - Define and Maintain Intelligence Queries)
-
(Security Monitoring Design - Security Monitoring - Maintain)
-
(Security Monitoring Design - SIEM Configuration Management)
-
(Logging Design - Security Monitoring - Maintain)
-
(Logging Design - SIEM Configuration Management)
-
(Security Log Collection - Syslog - Security Monitoring - Maintain)
-
(SIEM Configuration Management - Security Log Collection - Syslog )
-
(Security Log Collection - Windows Event Log - Security Monitoring - Maintain)
-
(Security Log Collection - Other - Security Monitoring - Maintain)
-
(SIEM Configuration Management - Security Log Collection - Windows Event Log)
-
(SIEM Configuration Management - Security Log Collection - Other)
-
(SIEM - Security Monitoring - Maintain)
-
(Web Application Firewall - Prevent Web Attacks)
-
(Intrusion Detection and Prevention (IDS/IDP) - Prevent Web Attacks)
-
(Prevent Web Attacks - Prevent vulnerabilities from being exploited)
-
(SoC Delivery Management - Operational Oversight)
-
(SoC Delivery Management - Reporting)
-
(SoC Delivery Management - Incident Management Oversight)
-
(SoC Delivery Manager - SoC Delivery Management)
-
(SIEM Engineer - SoC Engineering)
-
(SoC Delivery Management - Security Operation Service Improvement)
-
(Developers - Secure Coding)
-
(Developers - Secure Code Testing)
-
(Developers - Developers)
-
(Security Operations Team Roles - Cyber Analyst)
-
(Security Operations Team Roles - SIEM Engineer)
-
(Security Operations Team Roles - Security SME)
-
(Security Operations Team Roles - Threat Analyst)
-
(Security Operations Team Roles - SoC Delivery Manager)
-
(Build Compliance - Define and Maintain Builds)
-
(Build Compliance - Build Compliance Checking)
-
(Network Team - Maintain WAFs)
-
(Network Team - Maintain IDS/IPS)
-
(Server Team - Build Compliance)
-
(Server Team - Operate and Maintain Infrastructure as Code (IAC))
-
(Server Team - System Hardening)
-
(Server Team - Security Patching)
-
(Breach and Attack Simulation - Prevent vulnerabilities from being exploited)
-
(Endpoint Protection - Prevent Malware from executing)
-
(Prevent Malware from executing - Prevent vulnerabilities from being exploited)
-
(Dev Ops Vulnerability Detection and Remediation Capability - Reduce vulnerabilities in code and deployed applications)
-
(Static Analysis Testing Tool - Detect poor coding practices)
-
(Composition Analysis Tool - Detect vulnerable software components and monitor )
-
(Dynamic Application Security Testing Tool - Check running applications for security vulnerabilities)
-
(Security Monitoring Capability - Detect and respond to unusual activity.)
-
(Security Team - Security Testing)
-
(Internal Intelligence Sources - Enrich Intelligence)
-
(Internal Intelligence Sources - SIEM Feed)
-
(Test Inteligence against SIEM - Diseminate Intelligence)
-
(Malware Detection and Response - Obtain Intelligence)
-
(External Intelligence Sources - Obtain Intelligence)
-
(Intelligence Correlation - Evaluate Intelligence)
-
(Internal Intelligence Sources - EDR Alerts)
-
(External Intelligence Sources - Vulnerability Feeds)
-
(Internal Intelligence Sources - Malware Alert)
-
(Malware Event - Malware Detection and Response)
-
(Test Inteligence against SIEM - Replay Attack Scenario)
-
(Obtain Intelligence - Internal Threat Hunting)
-
(Internal Intelligence Sources - Operational Alert)
-
(Internal Intelligence Sources - Business Strategy)
-
(External Intelligence Sources - Malware Intelligence Feed)
-
(External Intelligence Sources - Peer Sharing (Industry Intelligence))
-
(Obtain Intelligence - Social Media Threat Hunting )
-
(Replay Attack Scenario Development - Replay Attack Scenario)
-
(Evaluate Intelligence - Enrich Intelligence)
-
(External Intelligence Sources - Enrich Intelligence)
-
(Internal Intelligence Sources - Obtain Intelligence)
-
(Obtain Intelligence - Intelligence Correlation)
-
(External Intelligence Sources - Threat Intelligence Feeds)
-
(Intelligence Interrogation - Obtain Intelligence)
-
(Enrich Intelligence - Test Inteligence against SIEM)
-
(Internal Intelligence Sources - Technology Strategy)
-
(Source Code Control - Build Tool)
-
(Production Nodes - Deployment Target)
-
(White Box Testing - Security Unit Tests)
-
(Composition Analysis - Build Tool)
-
(Container/VM Orchestration - Deployment Target (POD))
-
(Pre Production Nodes - Deployment Target (POD))
-
(White Box Testing - Security Unit Tests)
-
(Dynamic Application Security Testing (DAST) Tooling - Control the number of vulnerabilities introduced through the use of 3rd party components.)
-
(Software Composition Analysis (SCA) Tooling - Container/VM Registry)
-
(Container/VM Instance - Functional Tests)
-
(Penetration Testing Process - Deployment Target (POD))
-
(Software Composition Analysis (SCA) Tooling - Build Tool)
-
(Software Composition Analysis (SCA) Tooling - Control the number of vulnerabilities introduced through the use of 3rd party components.)
-
(Security Unit Tests - Security Unit Tests)
-
(Developer Desktop - Integrated Development Environment (IDE))
-
(Virtual Machine - Contrainer Platform)
-
(Dynamic Application Security Testing (DAST) Tooling - Container/Hypervisor Platform)
-
(Container/VM Registry - Container/VM Orchestration)
-
(Composition Analysis - Composition Analysis)
-
(Container/VM Orchestration - Deployment Target)
-
(Composition Analysis - Pre Packaged Container (inc signature))
-
(Penetration Testing Process - Deployment Target)
-
(Container/VM Instance - Functional Security Tests)
-
(Container Validation - Container Validation)
-
(Container/Hypervisor Platform - Container/VM Registry)
-
(Composition Analysis - Pre Packaged App (inc signature))
-
(Software Composition Analysis (SCA) Tooling - Control the number of vulnerabilities through error and poor coding )
-
(Container Deployment - Container/VM Orchestration)
-
(White Box Testing - Composition Analysis)
-
(Software Composition Analysis (SCA) Tooling - Software Composition Analysis Plugin)
-
(Dynamic Application Security Testing (DAST) Tooling - Deployment Target)
-
(Penetration Testing Process - Control the number of vulnerabilities through error and poor coding )
-
(Software Composition Analysis (SCA) Tooling - Source Code Control)
-
(3rd Party Package and Dependancy Checking - Package Security Testing)
-
(Static Application Security Testing (SAST) Tooling - Control the number of vulnerabilities through error and poor coding )
-
(Software Composition Analysis (SCA) Tooling - Ensure use of components are properly licenced)
-
(Source Code Review Process - Control the number of vulnerabilities through error and poor coding )
-
(Software Composition Analysis (SCA) Tooling - Container/Hypervisor Platform)
-
(Software Composition Analysis Plugin - Integrated Development Environment (IDE))
-
(Dynamic Application Security Testing (DAST) Tooling - Deployment Target (POD))
-
(Source Code Control - Integrated Development Environment (IDE))
-
(Container/VM Instance - Container/Hypervisor Platform)
-
(Penetration Testing Process - Control the number of vulnerabilities introduced through the use of 3rd party components.)
-
(Build Tool - Build Product)
-
(Virtual Machine - Integrated Development Environment (IDE))
-
(Static Application Security Testing (SAST) Tooling - Build Tool)
-
(White Box Testing - Composition Analysis)
-
(Dynamic Application Security Testing (DAST) Tooling - Control the number of vulnerabilities through error and poor coding )
-
(Integrated Development Environment (IDE) - Source Code Control)
-
(Static Application Security Testing (SAST) Tooling - Control the number of vulnerabilities introduced through the use of 3rd party components.)
-
(To control the number of security vulnerabilities in the development lifecycle - Control the number of vulnerabilities introduced through the use of 3rd party components.)
-
(Release Management - Container Deployment)
-
(Software Composition Analysis (SCA) Tooling - Integrated Development Environment (IDE))
-
(Integrated Development Environment (IDE) - Package Security Testing)
-
(Static Application Security Testing (SAST) Tooling - Container/Hypervisor Platform)
-
(Security Unit Tests - Build Tool)
-
(Source Code Review Process - Integrated Development Environment (IDE))
-
(Software Composition Analysis (SCA) Tooling - Container/VM Orchestration)
-
(Black Box Testing - Functional Tests)
-
(Black Box Testing - Functional Security Tests)
-
(To control the number of security vulnerabilities in the development lifecycle - Control the number of vulnerabilities through error and poor coding )
-
(Block Deployment - Container/VM Orchestration)
-
(Source Code - Source Code Control)
-
(Build Tool - Signature Validation - Build)
-
(Source Code Control - Signature Validation - Build)
-
(Build Tool - Local Sign - IDE)
-
(Integrated Development Environment (IDE) - Signature Validation - IDE)
-
(Build Scripts - Signature with Timestamp)
-
(Container/VM Registry - Signature Validation - Container Management)
-
(Container/Hypervisor Platform - Signature Validation - Container Management)
-
(Container/VM Orchestration - Signature Validation - Deployment)
-
(Software Objects - Source Code)
-
(Software Objects - 3rd Party Packages)
-
(Software Objects - Build Scripts)
-
(Software Objects - Test Code)
-
(Software Objects - Signature with Timestamp)
-
(Public Key Infrastructure - Hardware Security Model)
-
(Public Key Infrastructure - Certificate Authority)
-
(Public Key Infrastructure - Directory)
-
(Public Key Infrastructure - Certificate Revocation List (CRL))
-
(Public Key Infrastructure - Create Certificate)
-
(Public Key Infrastructure - Revoke Certifcate)
-
(Public Key Infrastructure - Issue Certificate)
-
(Public Key Infrastructure - Validate Certificate)
-
(Security - Revoke Developer Certificate)
-
(Developers - Developer Certificate Request)
-
(Security - Revoke Component Certificate)
-
(Infrastructure Support - Component Signing Certificate Request)
-
(Infrastructure Team - Build - Component Signing Certificate Request)
-
(Infrastucture Team - Container Management - Component Signing Certificate Request)
-
(Infrastructure Team - Deployment - Component Signing Certificate Request)
-
(To be proactive in identifying, containing and treating security issues and incidents - Reduce the vulnerabilites present within the architecture)
-
(To be proactive in identifying, containing and treating security issues and incidents - Determine the impact and scale of a security breach)
-
(To be proactive in identifying, containing and treating security issues and incidents - Prevent unauthorised changes to configuration)
-
(To be proactive in identifying, containing and treating security issues and incidents - Reduce the attack surface on supported end points)
-
(Work with external Cyber security communities, regulators and others groups - Share and Consume Intelligence Data)
-
(Work with external Cyber security communities, regulators and others groups - Use breach data for lessons learnt and control improvement )
-
(Reduction of Cyber Security and Privacy risks to tolerable levels - To be proactive in identifying, containing and treating security issues and incidents)
-
(Reduction of Cyber Security and Privacy risks to tolerable levels - Work with external Cyber security communities, regulators and others groups )
-
(SoC Delivery Management - Crisis Escalation and Management)
-
(SoC Delivery Management - Media Management)
-
(Crisis Management Processes - Crisis Team Formation)
-
(Crisis Management Processes - Media Management)
-
(Crisis Management Processes - Internal Comms)
-
(Crisis Management Processes - Customer Reporting)
-
(Crisis Management Processes - Scenario Planning)
-
(Crisis Management Processes - Crisis Simulations)
-
(Crisis Management Processes - Crisis Reporting)
-
(3rd Party Packages - Signature with Timestamp)
-
(Test Code - Signature with Timestamp)
-
(Source Code - Signature with Timestamp)
-
(Sign certificate - Public Key Infrastructure)
-
(Certificate Management API's - Certificate Validation)
-
(Certificate Management API's - Signing Request)
-
(Certificate Management API's - Signature Validation)
-
(Public Key Infrastructure - Time Server)
-
(Public Key Infrastructure - Time Stamp Authority)
-
(Public Key Infrastructure - Identity Verification)
-
(Integrated Development Environment (IDE) - Certificate Validation - IDE)
-
(Integrated Development Environment (IDE) - Local Sign - IDE)
-
(Build Tool - Local Sign - Build)
-
(Integrated Development Environment (IDE) - Reject Code)
-
(Integrated Development Environment (IDE) - Software Objects)
-
(Software Objects - Source Code Control)
-
(Container/VM Registry - Local Sign - Container Management)
-
(Source Code Control - Certificate Validation - Build)
-
(Build Tool - Certificate Validation - Build)
-
(Developers - Certificate - Developer)
-
(Integrated Development Environment (IDE) - Certificate - Developer)
-
(Source Code Control - Certificate - Source Code Control)
-
(Build Tool - Certificate - Build Tool)
-
(Build Product - Built Package)
-
(Build Product - Signature with Timestamp)
-
(Built Package - Signature with Timestamp)
-
(Build Product - Container/Hypervisor Platform)
-
(HSM - Keys - Source Code Control)
-
(Crypto Key Storage - Keys - Developer)
-
(Crypto Key Storage - Integrated Development Environment (IDE))
-
(HSM - Source Code Control)
-
(HSM - Keys - Container Hypervisor)
-
(HSM - Container/Hypervisor Platform)
-
(HSM - Keys - Container/VM Orchestration)
-
(HSM - Keys - Build Tool)
-
(HSM - Keys - Container/VM Registry)
-
(HSM - Container/VM Orchestration)
-
(Container/Hypervisor Platform - Certificate - Container Hypervisor)
-
(HSM - Container/VM Registry)
-
(Container Images - Container/VM Image (inc Signature))
-
(Container/VM Registry - Container/Hypervisor Platform)
-
(External Sources - Pre Packaged App (inc signature))
-
(External Sources - Pre Packaged Container (inc signature))
-
(Internal Sources - Built Package (inc signature))
-
(Container Images - Container/VM Registry)
-
(Internal Sources - Container/Hypervisor Platform)
-
(External Sources - Container/Hypervisor Platform)
-
(Certificate Management API's - Certificate Request)
-
(Container/VM Registry - Certificate Validation - Container Management)
-
(Container/Hypervisor Platform - Certificate Validation - Container Management)
-
(Infrastructure Team - Deployment - Deploy Signing Certificate)
-
(Infrastucture Team - Container Management - Deploy Signing Certificate)
-
(Infrastructure Team - Build - Deploy Signing Certificate)
-
(Infrastructure Support - Deploy Signing Certificate)
-
(Developers - Deploy Signing Certificate)
-
(Directory - Authentication Service)
-
(Directory - Authorisation Service)
-
(Directory - RBAC)
-
(Identity and Access Management Domain - Multi Factor Authentication)
-
(Identity and Access Management Domain - Password Authentication)
-
(Identity and Access Management Domain - Authentication Service)
-
(Identity and Access Management Domain - Directory)
-
(Identity and Access Management Domain - Authorisation Service)
-
(Identity and Access Management Domain - RBAC)
-
(Authentication Service - Password Authentication)
-
(Authentication Service - Multi Factor Authentication)
-
(Identity and Access Management Domain - Conditional Access)
-
(Authorisation Service - Conditional Access)
-
(Identity and Access Management Domain - Single Sign On)
-
(Directory - Single Sign On)
-
(Single Sign On - Authentication Service)
-
(Identity and Access Management Domain - Federated Identity)
-
(Federated Identity - Single Sign On)
-
(Federated Identity - Authentication Service)
-
(Identity and Access Management Domain - Just in Time Access Control)
-
(Authorisation Service - Just in Time Access Control)
-
(Authentication Service - Authorisation Service)
-
(Identity and Access Management Domain - Privileged Identity Management (PIM))
-
(Authorisation Service - Privileged Identity Management (PIM))
-
(Network Security - VPN)
-
(Network Security - Cloud DNS)
-
(Application Security - Web Application Firewall)
-
(Application Security - API Gateway)
-
(Data Security - Backup and Recovery)
-
(Data Security - Data Loss Prevention (DLP))
-
(Data Security - Data Encryption)
-
(Data Encryption - Disk Encryption)
-
(Data Encryption - Database Encryption)
-
(Data Encryption - Application Encryption)
-
(Data Encryption - Email Encryption)
-
(Email Protection - IP Reputation)
-
(Email Protection - Message Tracing)
-
(Email Protection - Email Policy Based Filtering)
-
(Email Protection - Email Active Content Filtering)
-
(Email Protection - Email Connection Filtering)
-
(Email Protection - Email Advanced Threat Protection)
-
(Email Protection - Email User Awareness Training)
-
(Email Protection - Email Encryption)
-
(Email Protection - Anti Spam)
-
(Network Security - Distributed Denial of Services Protection)
-
(Network Security - HTTP(S) Load Balancing)
-
(Identity and Access Management Domain - Cloud Access Security Broker (CASB))
-
(Network Security - Content Delivery Network (CDN))
-
(Network Security - Stateful Firewalls)
-
(Network Security - Access Control Lists (ACL))
-
(Network Security - Reverse Proxy)
-
(Network Security - Channel Encryption (TLS/SSL))
-
(Network Security - WAN)
-
(Network Security - Software Defined WAN (SDWAN))
-
(Network Security - VLANs)
-
(Vulnerability Management Capability - Penetration Testing)
-
(Penetration Testing - Reduce the number of Vulnerabilities present within organisation assets.)
-
(Vulnerability Management Capability - Patching)
-
(Patching - Reduce the number of Vulnerabilities present within organisation assets.)
-
(Dev Ops Vulnerability Detection and Remediation Capability - Baseline Build Compliance Checking)
-
(Code review - Reduce vulnerabilities in code and deployed applications)
-
(Build Compliance - Reduce vulnerabilities in code and deployed applications)
-
(Dev Ops Vulnerability Detection and Remediation Capability - Vulnerability Detection and Remediation)
-
(Vulnerability Detection and Remediation - Reduce vulnerabilities in code and deployed applications)
-
(Dev Ops Vulnerability Detection and Remediation Capability - Penetration Testing)
-
(Penetration Testing - Reduce vulnerabilities in code and deployed applications)
-
(Cloud Access Security Broker (CASB) - Prevent Web Attacks)
-
(Define and Maintain Correlation Rules - SIEM)
-
(Define and Maintain Audit Conditions - SIEM)
-
(Define and Maintain Compliance Checks - SIEM)
-
(Define and Maintain Capture and Alerting Requirements - SIEM)
-
(Define and Maintain Misuse and Abuse Cases - SIEM)
-
(Define and Maintain Intelligence Queries - SIEM)
-
(SIEM Configuration Management - SIEM)
-
(Incident Management Processes - Incident Management Tooling)
-
(Container/VM Orchestration - Seccomp Policy)
-
(Container/VM Orchestration - App Armour Policy)
-
(Secure delivery of code into the production environment - To control the number of security vulnerabilities in the development lifecycle)
-
(Internal Repo - Source Code Control)
-
(Software Composition Analysis (SCA) Tooling - Internal Repo)
-
(Monitoring and analysing security on an ongoing basis. Detecting, analysing and responding to security incidents - Cyber Analyst)
-
(Proactive investigation of suspicious activities, ensuring that potential security incidents are correctly defended, identified, analysed, investigated and escalated. - Cyber Analyst)
-
(Breach and Attack Simulation - Vulnerability Management Capability)
-
(Security Monitoring Service - Overarching Process Flow - Create Logging Configuration)
-
(Security Monitoring Service - Overarching Process Flow - Service Provider)
-
(Security Monitoring Service - Overarching Process Flow - Subject Matter Expert (SME))
-
(Security Monitoring Service - Overarching Process Flow - Project Team)
-
(Service Provider - Create Logging Configuration)
-
(Subject Matter Expert (SME) - Create Logging Configuration)
-
(Project Team - Create Logging Configuration)
-
(Security Monitoring Service - Overarching Process Flow - Define Capture and Alerting Requirements)
-
(Security Monitoring Service - Overarching Process Flow - Log Sources)
-
(Log Sources - System A)
-
(Log Sources - System B)
-
(Create Logging Configuration - Log Sources)
-
(Security Monitoring Service - Overarching Process Flow - SIEM - Define Correlation Rules)
-
(Security Monitoring Service - Overarching Process Flow - SIEM - Define Analysis Rules)
-
(Security Monitoring Service - Overarching Process Flow - SIEM Define Classification and Priority)
-
(Security Monitoring Service - Overarching Process Flow - Audit Query)
-
(Security Monitoring Service - Overarching Process Flow - Intelligence Query)
-
(Security Monitoring Service - Overarching Process Flow - Define Rules in SIEM)
-
(SIEM - Define Correlation Rules - Define Rules in SIEM)
-
(SIEM - Define Analysis Rules - Define Rules in SIEM)
-
(SIEM Define Classification and Priority - Define Rules in SIEM)
-
(Define Capture and Alerting Requirements - Create Logging Configuration)
-
(Log Sources - SIEM - Capture Event Data)
-
(Events - SIEM - Capture Event Data)
-
(Log Sources - Device A)
-
(SIEM - Capture Event Data - SIEM - Gather Event Data)
-
(SIEM - Gather Event Data - SIEM Log Database)
-
(SIEM - Gather Event Data - SIEM - Normalise data)
-
(SIEM - Normalise data - SIEM - Aggregate Data)
-
(SIEM - Aggregate Data - SIEM - Enrich Data)
-
(SIEM - Enrich Data - SIEM - Correlate)
-
(SIEM - Correlate - SIEM - Analyse)
-
(Security Monitoring Service - Overarching Process Flow - Security Monitoring - Gather)
-
(Security Monitoring - Gather - SIEM Log Database)
-
(Security Monitoring - Gather - SIEM - Aggregate Data)
-
(Security Monitoring - Gather - SIEM - Normalise data)
-
(Security Monitoring - Gather - SIEM - Gather Event Data)
-
(Security Monitoring - Gather - Events)
-
(Security Monitoring - Gather - SIEM - Enrich Data)
-
(Security Monitoring - Gather - SIEM - Capture Event Data)
-
(Security Monitoring Service - Overarching Process Flow - Security Monitoring - Analyse)
-
(Security Monitoring - Analyse - SIEM - Analyse)
-
(Security Monitoring - Analyse - SIEM - Correlate)
-
(Security Monitoring Service - Overarching Process Flow - Security Monitoring - Determine)
-
(Security Monitoring - Determine - SIEM - Triage)
-
(SIEM - Analyse - SIEM - Triage)
-
(Security Monitoring - Determine - SIEM - Classify)
-
(Security Monitoring - Determine - SIEM - Prioritise)
-
(SIEM - Triage - SIEM - Classify)
-
(SIEM - Classify - SIEM - Prioritise)
-
(Security Monitoring - Determine - Sec Mon - Investigate)
-
(SIEM - Prioritise - Sec Mon - Investigate)
-
(Security Monitoring Service - Overarching Process Flow - Define Compliance Checks)
-
(Security Monitoring Service - Overarching Process Flow - Governance, Risk and Compliance Consultant)
-
(Governance, Risk and Compliance Consultant - Define Compliance Checks)
-
(Log Sources - Events)
-
(System A - Events)
-
(Events - System B)
-
(Events - Device A)
-
(Security Monitoring - Gather - SIEM - Maintain Event Data)
-
(SIEM - Maintain Event Data - SIEM - Normalise data)
-
(SIEM - Maintain Event Data - SIEM - Aggregate Data)
-
(SIEM - Maintain Event Data - SIEM - Enrich Data)
-
(Security Monitoring Service - Overarching Process Flow - Security Monitoring - Respond)
-
Reclassify
(Reclassify - SIEM - Classify)
-
(Security Monitoring - Respond - Sec Mon - Respond)
-
(Reclassify - Sec Mon - Respond)
-
(Sec Mon - Investigate - Reclassify)
-
(Security Monitoring - Respond - Raise Incident)
-
(Security Monitoring - Respond - Produce Recomendations)
-
(Security Monitoring - Respond - Monitor and Report)
-
(Sec Mon - Respond - Raise Incident)
-
(Sec Mon - Respond - Produce Recomendations)
-
(Sec Mon - Respond - Monitor and Report)
-
(Security Monitoring - Respond - Incident Management)
-
(Raise Incident - Incident Management)
-
(Security Monitoring Service - Overarching Process Flow - SIEM)
-
(Define Rules in SIEM - SIEM)
-
(Define Rules in SIEM - Security Monitoring - Gather)
-
(Define Rules in SIEM - Security Monitoring - Analyse)
-
(Define Rules in SIEM - Security Monitoring - Determine)
-
If Recovery Required
(Sec Mon - Respond - Recover and Repair)
-
(Security Monitoring Service - Overarching Process Flow - Security Monitoring - Recovery)
-
(Security Monitoring - Recovery - Recover and Repair)
-
(Security Monitoring - Recovery - Restore from Backup)
-
(Security Monitoring - Recovery - Rebuild System)
-
(Security Monitoring - Recovery - Customer Communications)
-
(Security Monitoring - Respond - Initiate Crisis Management)
-
(Sec Mon - Respond - Initiate Crisis Management)
-
(Security Monitoring - Recovery - Legal Response)
-
(Security Monitoring - Recovery - Media Management)
-
(Security Monitoring - Recovery - GDPR Reporting)
-
(Recover and Repair - Restore from Backup)
-
(Recover and Repair - Rebuild System)
-
(Recover and Repair - Legal Response)
-
(Recover and Repair - GDPR Reporting)
-
(Security Monitoring - Respond - Crisis Management)
-
(Security Monitoring - Recovery - Manage Reputation)
-
(Recover and Repair - Manage Reputation)
-
(Manage Reputation - Media Management)
-
(Manage Reputation - Customer Communications)
-
(Manage Reputation - Legal Response)
-
(Initiate Crisis Management - Crisis Management)
-
(Security Monitoring - Respond - Initiate Forensics)
-
(Security Monitoring - Respond - Digital Forensics)
-
(MI and Reporting - Intelligence Report)
-
(Audit Query - Sec Mon - Investigate)
-
(Sec Mon - Respond - Initiate Forensics)
-
(Initiate Forensics - Digital Forensics)
-
(Security Monitoring - Respond - Reports)
-
(Reports - Risk Assessment)
-
(Reports - Audit Report)
-
(Reports - Learning Points)
-
(Reports - Trend Reports)
-
(Reports - Threat Reports)
-
(Produce Recomendations - Reports)
-
(Monitor and Report - Reports)
-
(Maintain - Continuous Improvement - Sec Mon - Maintain data Integrity)
-
(Maintain - Continuous Improvement - Sec Mon - Replay Queries)
-
(Maintain - Continuous Improvement - Sec Mon - Update Log Inventory)
-
(Maintain - Continuous Improvement - Sec Mon - Tune Rules)
-
(Maintain - Continuous Improvement - Sec Mon - Maintain Misuse and Abuse Cases)
-
(Security Monitoring - Respond - Sec Mon - Continuous Improvement)
-
(Sec Mon - Investigate - Sec Mon - Respond)
-
Reclassify
(Sec Mon - Respond - SIEM - Classify)
-
(Sec Mon - Respond - Sec Mon - Continuous Improvement)
-
(Sec Mon - Continuous Improvement - Maintain - Continuous Improvement)
-
(Reports - Maintain - Continuous Improvement)
-
(Security Monitoring Service - Overarching Process Flow - Threat Hunting)
-
(Security Monitoring Service - Overarching Process Flow - Define Threat Hunting Query)
-
(Threat Hunting - Define Threat Hunting Query)
-
(Internal Intelligence Sources - Threat Hunting)
-
(Respond rapidly and effectively to Cyber alerts - To be proactive in identifying, containing and treating security issues and incidents)
-
(Provide effective and relevant threat intelligence - Work with external Cyber security communities, regulators and others groups )
-
(Security Monitoring Service - Overarching Process Flow - SIEM Engineer)
-
(SIEM Engineer - Define Capture and Alerting Requirements)
-
(SIEM Engineer - SIEM - Define Correlation Rules)
-
(SIEM Engineer - SIEM - Define Analysis Rules)
-
(SIEM Engineer - SIEM Define Classification and Priority)
-
(Security Monitoring Service - Overarching Process Flow - Cyber Analyst)
-
(Cyber Analyst - Sec Mon - Investigate)
-
(Security Operations Team Roles - Senior Security Analyst)
-
(Security Monitoring Service - Overarching Process Flow - Senior Security Analyst)
-
(Senior Security Analyst - Sec Mon - Investigate)
-
(Security Monitoring Service - Overarching Process Flow - Audit and Investigations Consultant)
-
(Audit and Investigations Consultant - Audit Query)
-
(Audit and Investigations Consultant - Intelligence Query)
-
(Intelligence Interrogation - MI and Reporting)
-
(External Intelligence Sources - Threat Hunting)
-
(Security Testing - Design Assessment)
-
(Security Operations Team Roles - SoC Manager)
-
(SoC Manager - Stakeholder Communication)
-
(SoC Manager - Policy Development)
-
(SoC Manager - Escalation)
-
(SoC Manager - Incident Review)
-
(SoC Manager - Service Improvement)
-
(SoC Manager - Crisis Communication Planning)
-
(Security Operations Team Roles - Red Team Analyst)
-
(SoC Manager - SoC Manager)
-
(Red Team Analyst - Breach Simulation)
-
(Red Team Analyst - Security Testing)
-
(Cyber Analyst - SIEM)
-
(Security Monitoring Capability - Security Monitoring - Gather)
-
(Security Monitoring Capability - Security Monitoring - Analyse)
-
(Security Monitoring Capability - Security Monitoring - Determine)
-
(Security Monitoring Capability - Security Monitoring - Respond)
-
(Security Monitoring Capability - Security Monitoring - Recover)
-
(Security Monitoring - Gather - Detect and respond to unusual activity.)
-
(Security Monitoring - Analyse - Detect and respond to unusual activity.)
-
(Security Monitoring - Determine - Detect and respond to unusual activity.)
-
(Security Monitoring - Respond - Detect and respond to unusual activity.)
-
(Security Monitoring - Recover - Detect and respond to unusual activity.)
-
(Logs - SIEM)
-
(SIEM - Security Monitoring - Analyse)
-
(SIEM - Security Monitoring - Gather)
-
(SIEM - Security Monitoring - Determine)
-
(SIEM - Security Monitoring - Respond)
-
(SIEM - Security Monitoring - Recover)
-
(Patch Deployment Tooling - Vulnerability Management Capability)
-
(Patch Deployment Tooling - Patching)
-
(Dev Ops Vulnerability Detection and Remediation Capability - Secure Build)
-
(Secure Build - Reduce vulnerabilities in code and deployed applications)
-
(Dev Ops Vulnerability Detection and Remediation Capability - Code Testing)
-
(Code Testing - Reduce vulnerabilities in code and deployed applications)
-
(Detect poor coding practices - Code Testing)
-
(Check running applications for security vulnerabilities - Baseline Build Compliance Checking)
-
(Detect vulnerable software components and monitor - Secure Build)
-
(Vulnerability Scanner - Dev Ops Vulnerability Detection and Remediation Capability)
-
(Vulnerability Scanner - Vulnerability Detection and Remediation)
-
(Patch Deployment Tooling - Dev Ops Vulnerability Detection and Remediation Capability)
-
(Dev Ops Vulnerability Detection and Remediation Capability - Rebuild Vulnerable Containers)
-
(Check running applications for security vulnerabilities - Rebuild Vulnerable Containers)
-
(Rebuild Vulnerable Containers - Reduce vulnerabilities in code and deployed applications)
-
(Security Intelligence Service - Overarching Process Flow - Replay Attack Scenario Development)
-
(Security Intelligence Service - Overarching Process Flow - Obtain Intelligence)
-
(Security Intelligence Service - Overarching Process Flow - MI and Reporting)
-
(Security Intelligence Service - Overarching Process Flow - Internal Intelligence Sources)
-
(Security Intelligence Service - Overarching Process Flow - Evaluate Intelligence)
-
(Security Intelligence Service - Overarching Process Flow - Intelligence Interrogation)
-
(Security Intelligence Service - Overarching Process Flow - Threat Hunting)
-
(Security Intelligence Service - Overarching Process Flow - External Intelligence Sources)
-
(Security Intelligence Service - Overarching Process Flow - Malware Detection and Response)
-
(Security Intelligence Service - Overarching Process Flow - Malware Event)
-
(Security Intelligence Service - Overarching Process Flow - Internal Threat Hunting)
-
(Security Intelligence Service - Overarching Process Flow - Replay Attack Scenario)
-
(Security Intelligence Service - Overarching Process Flow - Intelligence Report)
-
(Security Intelligence Service - Overarching Process Flow - Diseminate Intelligence)
-
(Security Intelligence Service - Overarching Process Flow - Enrich Intelligence)
-
(Security Intelligence Service - Overarching Process Flow - Test Inteligence against SIEM)
-
(Security Intelligence Service - Overarching Process Flow - Social Media Threat Hunting )
-
(Security Intelligence Service - Overarching Process Flow - Intelligence Correlation)
-
(Intelligence Query - Sec Mon - Investigate)
-
(Define Threat Hunting Query - Sec Mon - Investigate)
-
(Security Monitoring Service - Overarching Process Flow - Threat Analyst)
-
(Threat Analyst - Threat Hunting)
-
(Threat Analyst - Define Threat Hunting Query)
-
(Senior Security Analyst - 2nd Level)
-
(Trending and Analysis - Cyber Threat Analysis)
-
(Cyber Analyst - 2nd Level)
-
(Red Team Analyst - Red Team Analyst)
-
(Incident Record - Incident Management Tooling)
-
(Internal Intelligence Sources - Produce Intelligence Summary Report)
-
(Diseminate Intelligence - Internal Intelligence Sources)
-
(Diseminate Intelligence - External Intelligence Sources)
-
(Breach and Attack Simulation (BAS) - Define Attack Vectors)
-
(Breach and Attack Simulation (BAS) - Produce Control Failure Reports)
-
(Breach and Attack Simulation (BAS) - Produce Breach Status Reports)
-
(Breach and Attack Simulation (BAS) - Network Designs)
-
(Network Designs - Define Attack Vectors)
-
(Breach and Attack Simulation (BAS) - Organisations Threat Matrix)
-
(Organisations Threat Matrix - Define Attack Vectors)
-
(Breach and Attack Simulation (BAS) - Perimeter Defense Designs)
-
(Perimeter Defense Designs - Define Attack Vectors)
-
(Breach and Attack Simulation (BAS) - Email System Designs)
-
(Email System Designs - Define Attack Vectors)
-
(RISK - Developers utilise code fom public repositories. Something like 85 to 98% of code is someone elses work. The reliance on public repositories is a concern for security as the code could be badly written, have licencing implications or contain malicious code. - Public Repo)
-
(RISK - If developers use code or packages which is open source licenced then under the AGP/GPL licence the product they are writting also becomes open source and cannot be sold and must be freely distributed. - Public Repo)
-
(Penetration Testing Process - CONSTRAINT -The traditional Pentest process was designed to work in a Waterfall project methodology and doesn't support the fix fast, fix often approach taken by modern Agile software development practices.)
-
(Deployment Target - Service Mesh)
-
(Deployment Target (POD) - Service Mesh)
-
(Deployment Target - Micro Service)
-
(Deployment Target (POD) - Micro Service)
-
(Public Repo - Code Firewall)
-
(Private Repo - Code Firewall)
-
(3rd Party Packages - Public Repo)
-
(Source Code - Public Repo)
-
(Build Scripts - Public Repo)
-
(Test Code - Public Repo)
-
(3rd Party Packages - Private Repo)
-
(Source Code - Private Repo)
-
(Build Scripts - Private Repo)
-
(Test Code - Private Repo)
-
(Code Firewall - Integrated Development Environment (IDE))
-
(Policy based blocking of vulnerable code - Code Firewall)
-
New or changed code
(Internal Repo - Code Firewall)
-
(Policy based blocking of vulnerable code - Control the number of vulnerabilities introduced through the use of 3rd party components.)
-
(Code Firewall - Package Security Testing)
-
(Policy based blocking of vulnerable code - Control the number of vulnerabilities through error and poor coding )
-
(Security Monitoring Service - Overarching Process Flow - Maintain - Continuous Improvement)
-
(Gather - Analyse)
-
(Analyse - Determine)
-
(Determine - Respond)
-
(Respond - Recover)
-
(Respond - Maintain)
-
(Breach and Attack Simulation (BAS) - Raise a Change)
-
(Produce Control Failure Reports - Raise a Change)
-
(Breach and Attack Simulation (BAS) - Create Sigma Rules)
-
(Produce Control Failure Reports - Create Sigma Rules)
-
(Breach and Attack Simulation (BAS) - Deploy and Maintain BAS Peers)
-
(Breach and Attack Simulation (BAS) - Historical Attack Detection)
-
(Security Intelligence Service - Overarching Process Flow - Breach and Attack Simulation Service)
-
(Breach and Attack Simulation Service - Threat Hunting)
-
(Vulnerability Management Capability - Breach and Attack Simulation)
-
(Breach and Attack Simulation - Breach and Attack Simulation)
-
(Vulnerability Management Capability - Secure Build Testing)
-
(Breach and Attack Simulation - Secure Build Testing)
-
(Breach and Attack Simulation - Reduce the number of Vulnerabilities present within organisation assets.)
-
(Secure Build Testing - Reduce the number of Vulnerabilities present within organisation assets.)
-
(Vulnerability Management Capability - Improve SIEM Rules (SIGMA Rule Generation))
-
(Breach and Attack Simulation - Improve SIEM Rules (SIGMA Rule Generation))
-
(Improve SIEM Rules (SIGMA Rule Generation) - Reduce the number of Vulnerabilities present within organisation assets.)
-
(Breach and Attack Simulation (BAS) - Update Secure Builds)
-
(Produce Control Failure Reports - Update Secure Builds)
-
(Breach and Attack Simulation (BAS) - Prioritise Patch Schedule)
-
(Produce Control Failure Reports - Prioritise Patch Schedule)
-
(Define Attack Vectors - Deploy and Maintain BAS Peers)
-
(IT Support - Network Team)
-
(IT Support - Server Team)
-
(Threat Assessment - Threat Identification)
-
(Threat Assessment - Threat Modelling)
-
(Threat Assessment - Risk Reporting)
-
(Security Intelligence and Investigation - Intelligence Gathering)
-
(Security Intelligence and Investigation - Intelligence Triage)
-
(Security Intelligence and Investigation - Intelligence Disemination)
-
(Intelligence Management - Provide effective and relevant threat intelligence)
-
(Intelligence Management - Work with external Cyber security communities, regulators and others groups )
-
(Build Compliance - Operate and Maintain Infrastructure as Code (IAC))
-
(Developers - Code Signing)
-
(Governance, Risk and Compliance Consultant - Threat Assessment)
-
(Security Monitoring Service - Overarching Process Flow - Governance, Risk and Compliance Consultant)
-
(Governance, Risk and Compliance Consultant - Define Compliance Checks)
-
(Monitor and respond to available intelligence - To be proactive in identifying, containing and treating security issues and incidents)
-
(Monitor and respond to available intelligence - Share and Consume Intelligence Data)
-
(Detect and respond to unusual activity. - Respond rapidly and effectively to Cyber alerts)
-
(Keep abreast of current threats - Reduction of Cyber Security and Privacy risks to tolerable levels)
-
(MITRE ATT&CK Online Catalogue - MITRE ATT&CK Framework)
-
(Open Vulnerability and Assessment Language (OVAL) - Organisation Secure Build Standards)
-
(Extensible Configuration Checklist Description Format (XCCDF) - Organisation Secure Build Standards)
-
(Industry Security Benchmarks and Checklists (STIGS) - Organisation Secure Build Standards)
-
(CIS Benchmarks - Organisation Secure Build Standards)
-
(External Penetration Testing Service - Common Vulnerabilities and Exposures (CVE))
-
(Common Vulnerabilities and Exposures (CVE) - Development Security Testing)
-
(Common Vulnerability Scoring System (CVSS) - Development Security Testing)
-
(Development Security Testing - Static Analysis Security Testing (SAST))
-
(Development Security Testing - Software Composition Analysis (SCA))
-
(Development Security Testing - Dynamic Application Security Testing (DAST))
-
(Common Platform Enumeration(CPE) - Development Security Testing)
-
(Common Attack Pattern Enumeration and Characterisation (CAPEC) - Endpoint Detection and Response (EDR))
-
(Malware Attribute Enumeration and Characterisation (MAEC) - Anti Malware)
-
(Security Incident Investigation - Research Attack Characteristics)
-
(Cyber Intelligence Information Sharing - Share Cyber Inteligence)
-
(Malware Analysis - Research Malware)
-
(Sec Mon - Investigate - Research Attack Characteristics)
-
(Detect Control Deficiencies - Breach Attack Simulation (BAS))
-
(MITRE ATT&CK Online Catalogue - Breach Attack Simulation (BAS))
-
(Security Incident Investigation - Sec Mon - Investigate)
-
(Share Cyber Inteligence - Intelligence Information Sharing Services)
-
(MITRE ATT&CK Online Catalogue - Research Attack Characteristics)
-
(MITRE ATT&CK Online Catalogue - Sec Mon - Investigate)
-
(Endpoint Detection and Response (EDR) - Sec Mon - Investigate)
-
(Anti Malware - Research Malware)
-
(Online Threat Intelligence Services - Intelligence Information Sharing Services)
-
(Intelligence Information Sharing Services - Research Attack Characteristics)
-
(Online Threat Intelligence Services - Research Attack Characteristics)
-
(Breach and Attack Simulation Tooling - MITRE ATT&CK Framework)
-
(Breach and Attack Simulation Tooling - Detect Control Deficiencies)
-
(Structured Threat Information eXpression (STIX including CYBOX) - Intelligence Information Sharing Services)
-
(Trusted Automated Exchange of Intelligence Information (TAXII) (Protocol) - Intelligence Information Sharing Services)
-
(Threat Hunting - Detect Control Deficiencies)
-
(Breach Attack Simulation (BAS) - Sec Mon - Investigate)
-
(Threat Hunting - Sec Mon - Investigate)
-
(Common Configuration Enumeration (CCE) - Build Compliance Checking)
-
(Build Compliance Checking - Baseline Build Compliance Checking)
-
(Build Compliance - Baseline Build Compliance Checking)
-
(Build Compliance Checking - Organisation Secure Build Standards)
-
(Organisation Secure Build Standards - Build Hardening Tools)
-
(Harden Build - Build Hardening Tools)
-
(Build Hardening - Harden Build)
-
(Build Compliance - Secure Baseline Build Design)
-
(Build Compliance - Baseline Build Maintenance)
-
(Baseline Build Maintenance - Build Hardening)
-
(Secure Baseline Build Design - Build Hardening)
-
(Security Incident Investigation - Use breach data for lessons learnt and control improvement. )
-
(Breach Attack Simulation (BAS) - Detect and respond to unusual activity.)
-
(Breach Attack Simulation (BAS) - Reduce the number of Vulnerabilities present within organisation assets.)
-
(Cyber Intelligence Information Sharing - Share and Consume Intelligence Data)
-
(Build Hardening - Reduce the attack surface on supported end points)
-
(Build Compliance - Reduce the attack surface on supported end points)
-
(Security Incident Investigation - Determine the impact and scale of a security breach)
-
(Malware Analysis - Detect and respond to unusual activity.)
-
(Security Incident Investigation - Detect and respond to unusual activity.)
-
(Malware Analysis - Use breach data for lessons learnt and control improvement. )
-
(Threat Hunting - Reduce the number of Vulnerabilities present within organisation assets.)
-
(Breach Attack Simulation (BAS) - To be proactive in identifying, containing and treating security issues and incidents)
-
(Security Information and Event Management (SIEM) - Identify Unusual Activity)
-
(Breach Detection - Identify Unusual Activity)
-
(Breach Detection - Respond rapidly and effectively to Cyber alerts)
-
(Breach Attack Simulation (BAS) - To prevent exploitation of vulnerabilities leading to compromise )
-
(Threat Hunting - To prevent exploitation of vulnerabilities leading to compromise )
-
(Development Security Testing - SAST Tooling)
-
(Development Security Testing - DAST Tooling)
-
(Development Security Testing - SCA Tooling)
-
(SAST Tooling - Static Analysis Security Testing (SAST))
-
(SCA Tooling - Software Composition Analysis (SCA))
-
(DAST Tooling - Dynamic Application Security Testing (DAST))
-
(Development Security Testing - Detect Poor Coding)
-
(Software Composition Analysis (SCA) - Detect Vulnerable Package or Library)
-
(Software Composition Analysis (SCA) - Evaluate Licences)
-
(External Penetration Testing Service - Pentest Engagement)
-
(Pentest Management - Pentest Engagement)
-
(Common Vulnerabilities and Exposures (CVE) - Vulnerability Scanner)
-
(Common Vulnerability Scoring System (CVSS) - Vulnerability Scanner)
-
(Common Vulnerability Scoring System (CVSS) - Online Malware Analysis)
-
(Vulnerability Data - Common Vulnerabilities and Exposures (CVE))
-
(Vulnerability Data - Common Vulnerability Scoring System (CVSS))
-
(Online Malware Analysis - Detect Malicious Code)
-
(Malware Detection - Detect Malicious Code)
-
(Malware Detection - Prevent Malware and Ransomeware from affecting the organisation)
-
(Pentest Management - To prevent exploitation of vulnerabilities leading to compromise )
-
(Pentest Management - Reduce the number of Vulnerabilities present within organisation assets.)
-
(Pentest Management - Reduce vulnerabilities in code and deployed applications)
-
(SecDevOps - Detect Poor Coding)
-
(SecDevOps - Detect Vulnerable Package or Library)
-
(SecDevOps - Evaluate Licences)
-
(SecDevOps - Reduce vulnerabilities in code and deployed applications)
-
(SecDevOps - Secure delivery of code into the production environment)
-
(Build Hardening - Reduce vulnerabilities in code and deployed applications)
-
(Build Hardening Tools - Extensible Configuration Checklist Description Format (XCCDF))
-
(Open Vulnerability and Assessment Language (OVAL) - Build Hardening Tools)
-
(Security Goals - Use breach data for lessons learnt and control improvement. )
-
(Security Goals - Determine the impact and scale of a security breach)
-
(Security Goals - Detect and respond to unusual activity.)
-
(Security Goals - Reduce the number of Vulnerabilities present within organisation assets.)
-
(Security Goals - To be proactive in identifying, containing and treating security issues and incidents)
-
(Security Goals - To prevent exploitation of vulnerabilities leading to compromise )
-
(Security Goals - Share and Consume Intelligence Data)
-
(Security Goals - Respond rapidly and effectively to Cyber alerts)
-
(Security Goals - Prevent Malware and Ransomeware from affecting the organisation)
-
(Security Goals - Secure delivery of code into the production environment)
-
(Security Goals - Reduce vulnerabilities in code and deployed applications)
-
(Security Goals - Reduce the attack surface on supported end points)
-
(Security Goals - Reduction of Cyber Security and Privacy risks to tolerable levels)
-
(Security Goals - Prevent Compromise of Organisation Assets)
-
(Security Goals - Minimise the impact of a Cyber Security Event)
-
(Security Goals - Detect Compromise of Organisation Assets)
-
(Integrated Development Environment (IDE) - 3rd Party Packages)
-
(Integrated Development Environment (IDE) - Source Code)
-
(Integrated Development Environment (IDE) - Build Scripts)
-
(Integrated Development Environment (IDE) - Test Code)
-
(Container Validation - Container/VM Orchestration)
-
(Build Tool - Container/Hypervisor Platform)
-
(Container/VM Orchestration - Service Mesh)
-
(Software Composition Analysis (SCA) Tooling - Signature Validation)
-
(Manage Resource - Image State)
-
(Resource Manager - Create Resource)
-
(Resource Manager - Destroy Resource)
-
(Resource Manager - Manage Resource)
-
(Build Image (Playbook/Cookbook) - Image Builder)
-
(Recipe - Provisioner)
-
(Provisioner - Image Builder)
-
(Create Resource - Compute)
-
(Create Resource - Container)
-
(Create Resource - Device)
-
(Create Resource - Cloud Resource)
-
(Destroy Resource - Compute)
-
(Destroy Resource - Container)
-
(Destroy Resource - Device)
-
(Destroy Resource - Cloud Resource)
-
(Manage Resource - Compute)
-
(Manage Resource - Container)
-
(Manage Resource - Device)
-
(Manage Resource - Cloud Resource)
-
(Resource Manager - Compliance Manager)
-
(Developers - Develop Images)
-
(Infrastructure Team - Build - Develop Images)
-
(Develop Images - Recipe)
-
(Develop Images - Build Image (Playbook/Cookbook))
-
(Build Standards - Develop Images)
-
(Compliance Manager - Build Compliance Reporting)
-
(Security Operations Manager - Accessible - data)
-
(Finance Director - Cost Effective - operation)
-
(Finance Director - Cost Effective - delivery)
-
(Finance Director - Measurable Value - ROI)
-
(Security Operations Manager - Authorised - Internal - Access to Resources)
-
(Security Operations Manager - Authorised - 3rd Party access to information)
-
(Security Operations Manager - Authorised - 3rd Party access to people)
-
(Security Operations Manager - Informed - New systems or services)
-
(Security Operations Manager - Informed - Threats)
-
(Security Operations Manager - Accuracy - Intelligence Data)
-
(Security Operations Manager - Accuracy - Log Data - Timestamp)
-
(Security Operations Manager - Accuracy - Log Data -Integrity)
-
(Security Operations Manager - Tamperproof - Log Data)
-
(Security Operations Manager - Measurement - Testing)
-
(Security Operations Manager - Measurement - Independant Design Review)
-
(Finance Director - Measurement - Performance Review)
-
(Finance Director - Measurement - Design Review)
-
(Measurement - Performance Review - Cost Effective - operation)
-
(Measurement - Design Review - Cost Effective - delivery)
-
(SIEM - User Interaction Layer - SIEM - Visualisation)
-
(SIEM - User Interaction Layer - SIEM - Reporting)
-
(SIEM - User Interaction Layer - SIEM - Alerts)
-
(SIEM - Workflow and Automation - SIEM - Operational Workflow Engine)
-
(SIEM - Workflow and Automation - SIEM - Compliance Workflow Engine)
-
(SIEM - Operational Workflow Engine - SIEM - Incident Reporting and/or Response Workflows)
-
(SIEM - Operational Workflow Engine - SIEM - Threat Hunting Workflows)
-
(SIEM - Workflow and Automation - SIEM - Forensic Analysis Workflow Engine)
-
(SIEM - Workflow and Automation - SIEM - Data Enrichment)
-
(SIEM - Data Management Layer - SIEM - Data Storage Engine)
-
(SIEM - Data Management Layer - SIEM - Local Storage)
-
(SIEM - Data Management Layer - SIEM - Archive)
-
(SIEM - Data Storage Engine - SIEM - Local Storage)
-
(SIEM - Data Storage Engine - SIEM - Archive)
-
(SIEM - Data Correlation Engine - SIEM - Data Management Layer)
-
(SIEM - Data Management Layer - SIEM - Data Analysis Engine)
-
(SIEM - Data Management Layer - SIEM - Data Aggregation Engine)
-
(SIEM - Data Management Layer - SIEM - Data Collection Engine)
-
(Finance Director - RISK - Log Sizes)
-
(Measurement - Performance Review - RISK - Log Sizes)
-
(Finance Director - Mitigation - Misuse and Abuse Cases)
-
(Finance Director - RISK - Log Sources)
-
(Security Operations Manager - RISK - Data Gravity)
-
(Measurement - Performance Review - RISK - Log Sources)
-
(RISK - Log Sizes - Mitigation - Misuse and Abuse Cases)
-
(Finance Director - Mitigation - Deduplication)
-
(Security Operations Manager - ISSUE - Increasing cost for Log Storage)
-
(Security Operations Manager - RISK - Duplicating services across multiple cloud platforms)
-
(Security Orchestration and Response (SOAR) - SIEM)
-
(Security Monitoring Service - Overarching Process Flow - Security Orchestration and Response (SOAR))
-
(Security Monitoring - Maintain - Define and Maintain SOAR workflows.)
-
(Define and Maintain SOAR workflows. - SIEM)
-
(Security Orchestration and Response (SOAR) - Security Monitoring - Gather)
-
(Security Orchestration and Response (SOAR) - Security Monitoring - Analyse)
-
(Security Orchestration and Response (SOAR) - Security Monitoring - Determine)
-
(Security Engineering - Secure Build Design)
-
(Security Engineering - Secure by Design - Definnition and Service Design)
-
(Security Engineering - Security Design Assurance)
-
(Security Engineering - Security Design)
-
(Security Engineer or Designer - Security Engineering)
-
(Governance, Risk and Compliance Consultant - Security Intelligence and Investigation)
-
(Security Monitoring Service - Overarching Process Flow - Security Orchestration and Response)
-
(Security Orchestration and Response - Security Orchestration and Response (SOAR))
-
(Dynamic Application Security Testing (DAST) Tooling - Build Tool)
-
(Static Application Security Testing (SAST) Tooling - Source Code Control)
-
(Vulnerability Scanner - Deployment Target (POD))
-
(Vulnerability Scanner - Build Tool)
-
(Vulnerability Scanner - Container/Hypervisor Platform)
-
(Vulnerability Scanner - Container/VM Registry)
-
(Vulnerability Scanner - Container/VM Orchestration)
-
(Container Validation - Container/VM Registry)
-
(Container Validation - Container/Hypervisor Platform)
-
(RISK - Log Sizes - Mitigation - Deduplication)
-
(Vulnerability Scanner - Production Nodes)
-
(Measurement - Testing - Accessible - data)
-
(Measurement - Independant Design Review - Accessible - data)
-
(RISK - Data Gravity - Accessible - data)
-
(ISSUE - Increasing cost for Log Storage - Accessible - data)
-
(RISK - Duplicating services across multiple cloud platforms - Accessible - data)
-