mirror of
https://github.com/kamranahmedse/developer-roadmap.git
synced 2026-03-12 17:51:53 +08:00
chore: sync content to repo (#9466)
Co-authored-by: kamranahmedse <4921183+kamranahmedse@users.noreply.github.com>
This commit is contained in:
github-actions[bot]
committed by
GitHub
GitHub
parent
0b6db9fd71
commit
1f8c34077b
@@ -1,8 +1,3 @@
|
||||
# Audit & Compliance Mapping
|
||||
|
||||
Audit & Compliance Mapping involves aligning an organization's security controls and practices with relevant regulatory requirements, industry standards, and internal policies. This process identifies which controls satisfy specific compliance obligations, creating a clear relationship between security efforts and the necessary frameworks for legal and operational adherence. The goal is to demonstrate that the organization is meeting its obligations and to streamline the audit process by providing a structured view of compliance.
|
||||
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@article@How to Use Control Mapping Tools to Create a Cybersecurity Compliance Program](https://swimlane.com/blog/cybersecurity-compliance-with-control-mapping/)
|
||||
- [@article@Compliance Audit: A Complete Checklist for Cybersecurity Audit Readiness](https://cynomi.com/learn/compliance-audit-checklist/)
|
||||
Audit & Compliance Mapping involves aligning an organization's security controls and practices with relevant regulatory requirements, industry standards, and internal policies. This process identifies which controls satisfy specific compliance obligations, creating a clear relationship between security efforts and the necessary frameworks for legal and operational adherence. The goal is to demonstrate that the organization is meeting its obligations and to streamline the audit process by providing a structured view of compliance.
|
||||
@@ -1,9 +1,3 @@
|
||||
# Certificate Lifecycle
|
||||
|
||||
Certificate lifecycle management encompasses all the processes involved in creating, deploying, managing, and eventually revoking digital certificates. This includes requesting certificates from a Certificate Authority (CA), securely storing private keys, distributing certificates to servers and applications, monitoring certificate expiration dates, and renewing or replacing certificates before they expire to maintain secure communication and authentication.
|
||||
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@article@What Are the Five Stages of the Certificate Lifecycle?](https://www.digicert.com/faq/certificate-management/what-are-the-five-stages-in-the-certificate-lifecycle)
|
||||
- [@article@What Are the 5 Stages in the Certificate Lifecycle?](https://www.keyfactor.com/blog/what-are-the-5-stages-in-the-certificate-lifecycle/)
|
||||
- [@video@What is Certificate Management?](https://www.youtube.com/watch?v=wOeP0KbPUw0)
|
||||
Certificate lifecycle management encompasses all the processes involved in creating, deploying, managing, and eventually revoking digital certificates. This includes requesting certificates from a Certificate Authority (CA), securely storing private keys, distributing certificates to servers and applications, monitoring certificate expiration dates, and renewing or replacing certificates before they expire to maintain secure communication and authentication.
|
||||
@@ -1,10 +1,3 @@
|
||||
# Endpoint Detection
|
||||
|
||||
Endpoint detection involves monitoring and analyzing activities on devices like laptops, desktops, and servers to identify suspicious behavior that could indicate a security threat. This process typically uses software agents installed on these endpoints to collect data, which is then analyzed for patterns and anomalies that might signal malware, unauthorized access, or other malicious activities. When a threat is detected, the system alerts security teams and may automatically take actions to contain or remediate the issue.
|
||||
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@article@What is endpoint detection and response (EDR)?](https://www.microsoft.com/en-us/security/business/security-101/what-is-edr-endpoint-detection-response)
|
||||
- [@article@Endpoint Detection and Response](https://www.trendmicro.com/en_us/what-is/xdr/edr.html)
|
||||
- [@video@What is Endpoint Detection and Response (EDR)?](https://www.youtube.com/watch?v=55GaIolVVqI)
|
||||
- [@video@Cybersecurity Architecture: Endpoints Are the IT Front Door - Guard Them](https://www.youtube.com/watch?v=Njqid_JpqTs)
|
||||
Endpoint detection involves monitoring and analyzing activities on devices like laptops, desktops, and servers to identify suspicious behavior that could indicate a security threat. This process typically uses software agents installed on these endpoints to collect data, which is then analyzed for patterns and anomalies that might signal malware, unauthorized access, or other malicious activities. When a threat is detected, the system alerts security teams and may automatically take actions to contain or remediate the issue.
|
||||
@@ -1,8 +1,3 @@
|
||||
# Enterprise Operations
|
||||
|
||||
Enterprise Operations encompasses all the activities and processes required to manage and maintain an organization's IT infrastructure, applications, and services. This includes tasks like system administration, network management, database administration, incident response, and ensuring the overall stability and performance of the IT environment that supports the business. It focuses on keeping the lights on and ensuring that the business can function effectively.
|
||||
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@article@What Is IT Governance and How Does Enterprise Architecture Support It?](https://www.ardoq.com/knowledge-hub/it-governance)
|
||||
- [@article@What is IT Governance (ITG) and why does it matter?](https://blog.ifs.com/it-governance-itg/)
|
||||
Enterprise Operations encompasses all the activities and processes required to manage and maintain an organization's IT infrastructure, applications, and services. This includes tasks like system administration, network management, database administration, incident response, and ensuring the overall stability and performance of the IT environment that supports the business. It focuses on keeping the lights on and ensuring that the business can function effectively.
|
||||
@@ -1,8 +1,3 @@
|
||||
# ISO 27001
|
||||
|
||||
ISO 27001 is an international standard that specifies the requirements for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS). It provides a framework of policies and procedures that includes all legal, physical, and technical controls involved in an organization's information risk management processes. The standard helps organizations protect their information assets through a systematic approach to security.
|
||||
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@article@What is ISO/IEC 27001?](https://www.iso.org/standard/27001)
|
||||
- [@article@What is ISO 27001? A quick and easy explanation](https://advisera.com/27001academy/what-is-iso-27001/)
|
||||
ISO 27001 is an international standard that specifies the requirements for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS). It provides a framework of policies and procedures that includes all legal, physical, and technical controls involved in an organization's information risk management processes. The standard helps organizations protect their information assets through a systematic approach to security.
|
||||
@@ -1,8 +1,3 @@
|
||||
# NIST Cybersecurity Framework
|
||||
|
||||
The NIST Cybersecurity Framework (CSF) is a voluntary framework primarily intended for organizations to manage and reduce cybersecurity risks. It provides a set of standards, guidelines, and best practices to help organizations assess their current cybersecurity posture, identify areas for improvement, and develop a roadmap for enhancing their security capabilities. The framework is structured around five core functions: Identify, Protect, Detect, Respond, and Recover, which are further broken down into categories and subcategories to provide a detailed and actionable approach to cybersecurity risk management.
|
||||
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@article@NIST](https://www.nist.gov/)
|
||||
- [@article@What is NIST?](https://www.encryptionconsulting.com/education-center/nist/)
|
||||
The NIST Cybersecurity Framework (CSF) is a voluntary framework primarily intended for organizations to manage and reduce cybersecurity risks. It provides a set of standards, guidelines, and best practices to help organizations assess their current cybersecurity posture, identify areas for improvement, and develop a roadmap for enhancing their security capabilities. The framework is structured around five core functions: Identify, Protect, Detect, Respond, and Recover, which are further broken down into categories and subcategories to provide a detailed and actionable approach to cybersecurity risk management.
|
||||
@@ -1,9 +1,3 @@
|
||||
# PKI Design and Failover
|
||||
|
||||
Public Key Infrastructure (PKI) is a system for creating, managing, distributing, using, storing, and revoking digital certificates. These certificates are used to verify the identity of users, devices, and services, enabling secure communication and data exchange. PKI design involves selecting appropriate certificate authorities, defining certificate policies, and establishing procedures for key management. Failover mechanisms ensure the continued availability of PKI services in the event of a system failure, preventing disruptions to security and operations.
|
||||
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@article@What is PKI?](https://cpl.thalesgroup.com/faq/public-key-infrastructure-pki/what-public-key-infrastructure-pki)
|
||||
- [@article@What Is Public Key Infrastructure (PKI) & How Does It Work?](https://www.okta.com/identity-101/public-key-infrastructure/)
|
||||
- [@article@Fail Over Pattern - High Availability](https://www.filecloud.com/blog/2015/12/architectural-patterns-for-high-availability/)
|
||||
Public Key Infrastructure (PKI) is a system for creating, managing, distributing, using, storing, and revoking digital certificates. These certificates are used to verify the identity of users, devices, and services, enabling secure communication and data exchange. PKI design involves selecting appropriate certificate authorities, defining certificate policies, and establishing procedures for key management. Failover mechanisms ensure the continued availability of PKI services in the event of a system failure, preventing disruptions to security and operations.
|
||||
@@ -1,9 +1,3 @@
|
||||
# Response Strategy
|
||||
|
||||
A response strategy outlines the planned actions an organization will take when a security incident occurs. It defines roles, responsibilities, communication channels, and procedures for identifying, containing, eradicating, and recovering from security breaches. A well-defined strategy ensures a coordinated and effective response, minimizing damage and restoring normal operations as quickly as possible.
|
||||
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@article@How to Create a Cybersecurity Incident Response Plan](https://hyperproof.io/resource/cybersecurity-incident-response-plan/)
|
||||
- [@article@10 Tips to Improve Incident Response Strategy](https://www.logsign.com/blog/10-tips-for-improving-your-incident-response-strategy/)
|
||||
- [@article@Incident management for high-velocity teams](https://www.atlassian.com/incident-management/incident-response)
|
||||
A response strategy outlines the planned actions an organization will take when a security incident occurs. It defines roles, responsibilities, communication channels, and procedures for identifying, containing, eradicating, and recovering from security breaches. A well-defined strategy ensures a coordinated and effective response, minimizing damage and restoring normal operations as quickly as possible.
|
||||
@@ -1,9 +1,3 @@
|
||||
# Risk Quantification
|
||||
|
||||
Risk quantification is the process of assigning measurable values (often monetary) to the potential impact of identified risks. It involves analyzing the probability of a risk occurring and the potential damage it could cause to an organization's assets, operations, or reputation. This allows for a more objective comparison of different risks and helps prioritize mitigation efforts based on their potential financial or operational impact.
|
||||
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@article@What is a cybersecurity risk assessment?](https://www.ibm.com/think/topics/cybersecurity-risk-assessment)
|
||||
- [@article@What Is a Cybersecurity Risk Assessment?](https://www.paloaltonetworks.com/cyberpedia/cybersecurity-risk-assessment)
|
||||
- [@article@What is Risk Quantification – Fundamentals and Techniques](https://www.v-comply.com/blog/how-to-quantify-risks-in-financial-services/)
|
||||
Risk quantification is the process of assigning measurable values (often monetary) to the potential impact of identified risks. It involves analyzing the probability of a risk occurring and the potential damage it could cause to an organization's assets, operations, or reputation. This allows for a more objective comparison of different risks and helps prioritize mitigation efforts based on their potential financial or operational impact.
|
||||
@@ -1,9 +1,3 @@
|
||||
# SOAR Automation
|
||||
|
||||
SOAR (Security Orchestration, Automation, and Response) automation involves using technologies to collect security data from various sources, analyze it, and then automate responses to security incidents. This includes tasks like threat intelligence gathering, vulnerability scanning, incident investigation, and remediation actions. The goal is to improve the efficiency and effectiveness of security operations by reducing manual effort and enabling faster response times to threats.
|
||||
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@article@What is SOAR?](https://www.paloaltonetworks.co.uk/cyberpedia/what-is-soar)
|
||||
- [@article@What is SOAR (security orchestration, automation and response)?](https://www.ibm.com/think/topics/security-orchestration-automation-response)
|
||||
- [@video@What is SOAR (Security, Orchestration, Automation & Response)](https://www.youtube.com/watch?v=k7ju95jDxFA)
|
||||
SOAR (Security Orchestration, Automation, and Response) automation involves using technologies to collect security data from various sources, analyze it, and then automate responses to security incidents. This includes tasks like threat intelligence gathering, vulnerability scanning, incident investigation, and remediation actions. The goal is to improve the efficiency and effectiveness of security operations by reducing manual effort and enabling faster response times to threats.
|
||||
@@ -1,8 +1,3 @@
|
||||
# SOC 2
|
||||
|
||||
SOC 2 (System and Organization Controls 2) is an auditing procedure that ensures service providers securely manage data to protect the interests of their organization and the privacy of its clients. It defines criteria for managing customer data based on five "trust service principles": security, availability, processing integrity, confidentiality, and privacy. A SOC 2 report assures customers that a service provider has implemented controls to protect their data.
|
||||
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@article@What is SOC2 Compliance and How Does it Work | CyberSecurityTV](https://www.youtube.com/watch?v=2-czseg0DHg)
|
||||
- [@article@SOC 2 Compliance](https://www.imperva.com/learn/data-security/soc-2-compliance/)
|
||||
SOC 2 (System and Organization Controls 2) is an auditing procedure that ensures service providers securely manage data to protect the interests of their organization and the privacy of its clients. It defines criteria for managing customer data based on five "trust service principles": security, availability, processing integrity, confidentiality, and privacy. A SOC 2 report assures customers that a service provider has implemented controls to protect their data.
|
||||
Reference in New Issue
Block a user