CISO Security Mind Map

The CISO Security Mind Map 2024 adds the following 2024 highlights:

  • Use of the ‘Govern’ function in addition to Identify, Protect, Detect, Respond, and Recover. This is to reflect changes in the NIST CSF 2.0 (currently still a draft version).
  • Inclusion of AI Threats and AI Enhanced Security, to acknowledge the latest developments in (Gen) AI. Most companies realize the significance of AI developments and are acting accordingly to prepare.
  • New regulations that have either been introduced recently or are coming into force soon. The highlights include EU DORA, EU NIS2, EU Artificial Intelligence Act, USA SEC reporting requirements.
  • Ransomware remains a key area of concern, just like last year.


Cyber Security Governance: Security strategy, budgeting, alignment with business & business goals, roles & responsibilities, hiring and team strategy.

Data Governance: Data ownership, data rules, data usage approvals, separation of production and non-production, data masking, Personally Identifiable Information (PII).

Security and Privacy Standards: Alignment with security standards, NIST (CSF), ISO27001, SOC 2 / ISAE3402 type 1 & 2, CIS, NIS2, PCI DSS, SOX, GDPR, CCPA, HIPAA, DORA.


Asset Management: Asset inventory, (automated) asset discovery, CMDB, asset types (systems, network, applications, etc.).

Risk Assessments, Threat Modeling, Pentesting & Red Teaming: Performing (periodic) risk assessments, pentesting or ethical hacking, red teaming, security compliance testing, application & business threat modeling, security by design.

Cyber Security Threat Intelligence: Monitoring of intelligence sources, threats from attackers, dark web monitoring, CSIRT.

Third-Party Risk Management (TPRM): TPRM governance, TPRM assessments for due diligence, periodic monitoring, profiling and risk tiering, secure onboarding, off-boarding, Software Bill of Materials (SBOM).


Endpoint Protection & Mobile Device Management: Endpoint protection on laptops/desktops/servers, BYOD/CYOD, Mobile Device Management (MDM), secure internet access (via proxy/firewall).

Network Security: Network and Web Application Firewalls, firewall rule reviews, Virtual Private Networks (VPN), (micro) segmentation, (virtual) LANs, software defined networking, segmented management access, jump servers, zero-trust networking, DMZs, (network) IDS/IPS, Proxy filtering, DDoS protection, Network Access Control (NAC), CASB Gateway, TLS/SSL offloading.

Vulnerability Management: Vulnerability scanning, vulnerability remediation, credentialed & non-credentialed scanning, managing and accepting vulnerabilities.

Hardening & Secure Configuration: Hardening baselines, hardening procedures, hardening scanning, deviations and deviation management.

Encryption and Cryptography: Encryption of data at rest & in transit, (virtual) disk encryption, database encryption, SSL/TLS, Key Management System, Public Key Infrastructure.

Secure Development & Deployment: Secure Software Development Life Cycle (SSDLC), CI/CD pipelines, CI/CD security triggers, security requirements, OWASP top 10.

Physical Security: Access badges, physical locks, anti-tailgating or piggybacking turnstiles, security guards, Data Center physical security.

Identity & Access Management (IAM): HR onboarding and off-boarding, HR integration, joiner + mover + leaver process, minimum password requirements, Single Sign On (SSO), Multi-Factor Authentication (MFA), Role Based Access Control (RBAC), Active Directory, Privileged Access Management, OAuth, smart cards, password managers, (key) vaults, federations, trusts.

Data Loss Protection: Data classification (i.e., public, internal, confidential, etc.), classifying (office) documents, limiting external storage access, limiting online sharing, Email scanning.

Security Awareness & Training: Compliance training, phishing training, training of special groups (i.e., privileged users, senior leadership, etc.), monitoring of compliance.

Brand and Domain Protection: Social media monitoring, domain monitoring, takedown requests, asset monitoring.


Security Logging & Monitoring: Endpoints + clients + servers + network components + applications with security logging enabled, centralized & untampered collection of logs, use case development, use of SIEM, monitoring events and follow-up.

Response and Recover

Secure Operations Center: Event monitoring, SOC investigation and response procedures, analysis of SIEM alerts, Indicators of Compromise, triage, threat intelligence, containment, recovery, isolation.

Incident Management: Incident Management plans and procedures, Incident Management task force, classification, incident response, forensics, data breach, incident playbooks.

Business Continuity Management (BCM) and Disaster Recovery (DR): Business Continuity Plan, Disaster Recovery plans and procedures, Disaster Recovery testing, recovery sites, hot + warm + cold sites.

Written by : (Expert in cloud visibility and oversight)

Nick Kirtley