From 1f8c34077b720eda7a91f2666fe1b4816b4c1671 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Mon, 15 Dec 2025 16:02:10 +0100 Subject: [PATCH] chore: sync content to repo (#9466) Co-authored-by: kamranahmedse <4921183+kamranahmedse@users.noreply.github.com> --- .../audit--compliance-mapping@04_UcLELHkqjBCwliCw7H.md | 7 +------ .../certificate-lifecycle@quUzTCnBnmJoSmIPBGjxk.md | 8 +------- .../content/endpoint-detection@E2jGo4HeKaeuXYa9-f-vy.md | 9 +-------- .../enterprise-operations@68qVLExPlVrKJweTjd_S5.md | 7 +------ .../devsecops/content/iso-27001@JBNiSzYD8DSnKfHoKRjMg.md | 7 +------ .../devsecops/content/nist@yMb0-A55r1KEsLntOmp5F.md | 7 +------ .../pki-design-and-failover@nEYMyTKfRDqA2Uc1tCwxv.md | 8 +------- .../content/response-strategy@6Q2VIdeSuBZzo7c1qnYLG.md | 8 +------- .../content/risk-quantification@V97S_0PrVw3jjHnmcxDgJ.md | 8 +------- .../content/soar-automation@rXS1CIZHu7TA_o7L-vMtV.md | 8 +------- .../devsecops/content/soc-2@VmDslOmZANHpHmAInFa_j.md | 7 +------ 11 files changed, 11 insertions(+), 73 deletions(-) diff --git a/src/data/roadmaps/devsecops/content/audit--compliance-mapping@04_UcLELHkqjBCwliCw7H.md b/src/data/roadmaps/devsecops/content/audit--compliance-mapping@04_UcLELHkqjBCwliCw7H.md index a70cd26b7..7e714fb55 100644 --- a/src/data/roadmaps/devsecops/content/audit--compliance-mapping@04_UcLELHkqjBCwliCw7H.md +++ b/src/data/roadmaps/devsecops/content/audit--compliance-mapping@04_UcLELHkqjBCwliCw7H.md @@ -1,8 +1,3 @@ # Audit & Compliance Mapping -Audit & Compliance Mapping involves aligning an organization's security controls and practices with relevant regulatory requirements, industry standards, and internal policies. This process identifies which controls satisfy specific compliance obligations, creating a clear relationship between security efforts and the necessary frameworks for legal and operational adherence. The goal is to demonstrate that the organization is meeting its obligations and to streamline the audit process by providing a structured view of compliance. - -Visit the following resources to learn more: - -- [@article@How to Use Control Mapping Tools to Create a Cybersecurity Compliance Program](https://swimlane.com/blog/cybersecurity-compliance-with-control-mapping/) -- [@article@Compliance Audit: A Complete Checklist for Cybersecurity Audit Readiness](https://cynomi.com/learn/compliance-audit-checklist/) \ No newline at end of file +Audit & Compliance Mapping involves aligning an organization's security controls and practices with relevant regulatory requirements, industry standards, and internal policies. This process identifies which controls satisfy specific compliance obligations, creating a clear relationship between security efforts and the necessary frameworks for legal and operational adherence. The goal is to demonstrate that the organization is meeting its obligations and to streamline the audit process by providing a structured view of compliance. \ No newline at end of file diff --git a/src/data/roadmaps/devsecops/content/certificate-lifecycle@quUzTCnBnmJoSmIPBGjxk.md b/src/data/roadmaps/devsecops/content/certificate-lifecycle@quUzTCnBnmJoSmIPBGjxk.md index 1de611e77..606234f6b 100644 --- a/src/data/roadmaps/devsecops/content/certificate-lifecycle@quUzTCnBnmJoSmIPBGjxk.md +++ b/src/data/roadmaps/devsecops/content/certificate-lifecycle@quUzTCnBnmJoSmIPBGjxk.md @@ -1,9 +1,3 @@ # Certificate Lifecycle -Certificate lifecycle management encompasses all the processes involved in creating, deploying, managing, and eventually revoking digital certificates. This includes requesting certificates from a Certificate Authority (CA), securely storing private keys, distributing certificates to servers and applications, monitoring certificate expiration dates, and renewing or replacing certificates before they expire to maintain secure communication and authentication. - -Visit the following resources to learn more: - -- [@article@What Are the Five Stages of the Certificate Lifecycle?](https://www.digicert.com/faq/certificate-management/what-are-the-five-stages-in-the-certificate-lifecycle) -- [@article@What Are the 5 Stages in the Certificate Lifecycle?](https://www.keyfactor.com/blog/what-are-the-5-stages-in-the-certificate-lifecycle/) -- [@video@What is Certificate Management?](https://www.youtube.com/watch?v=wOeP0KbPUw0) \ No newline at end of file +Certificate lifecycle management encompasses all the processes involved in creating, deploying, managing, and eventually revoking digital certificates. This includes requesting certificates from a Certificate Authority (CA), securely storing private keys, distributing certificates to servers and applications, monitoring certificate expiration dates, and renewing or replacing certificates before they expire to maintain secure communication and authentication. \ No newline at end of file diff --git a/src/data/roadmaps/devsecops/content/endpoint-detection@E2jGo4HeKaeuXYa9-f-vy.md b/src/data/roadmaps/devsecops/content/endpoint-detection@E2jGo4HeKaeuXYa9-f-vy.md index 550d20199..2052055f2 100644 --- a/src/data/roadmaps/devsecops/content/endpoint-detection@E2jGo4HeKaeuXYa9-f-vy.md +++ b/src/data/roadmaps/devsecops/content/endpoint-detection@E2jGo4HeKaeuXYa9-f-vy.md @@ -1,10 +1,3 @@ # Endpoint Detection -Endpoint detection involves monitoring and analyzing activities on devices like laptops, desktops, and servers to identify suspicious behavior that could indicate a security threat. This process typically uses software agents installed on these endpoints to collect data, which is then analyzed for patterns and anomalies that might signal malware, unauthorized access, or other malicious activities. When a threat is detected, the system alerts security teams and may automatically take actions to contain or remediate the issue. - -Visit the following resources to learn more: - -- [@article@What is endpoint detection and response (EDR)?](https://www.microsoft.com/en-us/security/business/security-101/what-is-edr-endpoint-detection-response) -- [@article@Endpoint Detection and Response](https://www.trendmicro.com/en_us/what-is/xdr/edr.html) -- [@video@What is Endpoint Detection and Response (EDR)?](https://www.youtube.com/watch?v=55GaIolVVqI) -- [@video@Cybersecurity Architecture: Endpoints Are the IT Front Door - Guard Them](https://www.youtube.com/watch?v=Njqid_JpqTs) \ No newline at end of file +Endpoint detection involves monitoring and analyzing activities on devices like laptops, desktops, and servers to identify suspicious behavior that could indicate a security threat. This process typically uses software agents installed on these endpoints to collect data, which is then analyzed for patterns and anomalies that might signal malware, unauthorized access, or other malicious activities. When a threat is detected, the system alerts security teams and may automatically take actions to contain or remediate the issue. \ No newline at end of file diff --git a/src/data/roadmaps/devsecops/content/enterprise-operations@68qVLExPlVrKJweTjd_S5.md b/src/data/roadmaps/devsecops/content/enterprise-operations@68qVLExPlVrKJweTjd_S5.md index ee9d9b709..9f7f78b04 100644 --- a/src/data/roadmaps/devsecops/content/enterprise-operations@68qVLExPlVrKJweTjd_S5.md +++ b/src/data/roadmaps/devsecops/content/enterprise-operations@68qVLExPlVrKJweTjd_S5.md @@ -1,8 +1,3 @@ # Enterprise Operations -Enterprise Operations encompasses all the activities and processes required to manage and maintain an organization's IT infrastructure, applications, and services. This includes tasks like system administration, network management, database administration, incident response, and ensuring the overall stability and performance of the IT environment that supports the business. It focuses on keeping the lights on and ensuring that the business can function effectively. - -Visit the following resources to learn more: - -- [@article@What Is IT Governance and How Does Enterprise Architecture Support It?](https://www.ardoq.com/knowledge-hub/it-governance) -- [@article@What is IT Governance (ITG) and why does it matter?](https://blog.ifs.com/it-governance-itg/) \ No newline at end of file +Enterprise Operations encompasses all the activities and processes required to manage and maintain an organization's IT infrastructure, applications, and services. This includes tasks like system administration, network management, database administration, incident response, and ensuring the overall stability and performance of the IT environment that supports the business. It focuses on keeping the lights on and ensuring that the business can function effectively. \ No newline at end of file diff --git a/src/data/roadmaps/devsecops/content/iso-27001@JBNiSzYD8DSnKfHoKRjMg.md b/src/data/roadmaps/devsecops/content/iso-27001@JBNiSzYD8DSnKfHoKRjMg.md index ed7913857..60bd5e55a 100644 --- a/src/data/roadmaps/devsecops/content/iso-27001@JBNiSzYD8DSnKfHoKRjMg.md +++ b/src/data/roadmaps/devsecops/content/iso-27001@JBNiSzYD8DSnKfHoKRjMg.md @@ -1,8 +1,3 @@ # ISO 27001 -ISO 27001 is an international standard that specifies the requirements for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS). It provides a framework of policies and procedures that includes all legal, physical, and technical controls involved in an organization's information risk management processes. The standard helps organizations protect their information assets through a systematic approach to security. - -Visit the following resources to learn more: - -- [@article@What is ISO/IEC 27001?](https://www.iso.org/standard/27001) -- [@article@What is ISO 27001? A quick and easy explanation](https://advisera.com/27001academy/what-is-iso-27001/) \ No newline at end of file +ISO 27001 is an international standard that specifies the requirements for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS). It provides a framework of policies and procedures that includes all legal, physical, and technical controls involved in an organization's information risk management processes. The standard helps organizations protect their information assets through a systematic approach to security. \ No newline at end of file diff --git a/src/data/roadmaps/devsecops/content/nist@yMb0-A55r1KEsLntOmp5F.md b/src/data/roadmaps/devsecops/content/nist@yMb0-A55r1KEsLntOmp5F.md index 5bb4cc47f..44dc844b4 100644 --- a/src/data/roadmaps/devsecops/content/nist@yMb0-A55r1KEsLntOmp5F.md +++ b/src/data/roadmaps/devsecops/content/nist@yMb0-A55r1KEsLntOmp5F.md @@ -1,8 +1,3 @@ # NIST Cybersecurity Framework -The NIST Cybersecurity Framework (CSF) is a voluntary framework primarily intended for organizations to manage and reduce cybersecurity risks. It provides a set of standards, guidelines, and best practices to help organizations assess their current cybersecurity posture, identify areas for improvement, and develop a roadmap for enhancing their security capabilities. The framework is structured around five core functions: Identify, Protect, Detect, Respond, and Recover, which are further broken down into categories and subcategories to provide a detailed and actionable approach to cybersecurity risk management. - -Visit the following resources to learn more: - -- [@article@NIST](https://www.nist.gov/) -- [@article@What is NIST?](https://www.encryptionconsulting.com/education-center/nist/) \ No newline at end of file +The NIST Cybersecurity Framework (CSF) is a voluntary framework primarily intended for organizations to manage and reduce cybersecurity risks. It provides a set of standards, guidelines, and best practices to help organizations assess their current cybersecurity posture, identify areas for improvement, and develop a roadmap for enhancing their security capabilities. The framework is structured around five core functions: Identify, Protect, Detect, Respond, and Recover, which are further broken down into categories and subcategories to provide a detailed and actionable approach to cybersecurity risk management. \ No newline at end of file diff --git a/src/data/roadmaps/devsecops/content/pki-design-and-failover@nEYMyTKfRDqA2Uc1tCwxv.md b/src/data/roadmaps/devsecops/content/pki-design-and-failover@nEYMyTKfRDqA2Uc1tCwxv.md index c068da4d6..ba25b0bd2 100644 --- a/src/data/roadmaps/devsecops/content/pki-design-and-failover@nEYMyTKfRDqA2Uc1tCwxv.md +++ b/src/data/roadmaps/devsecops/content/pki-design-and-failover@nEYMyTKfRDqA2Uc1tCwxv.md @@ -1,9 +1,3 @@ # PKI Design and Failover -Public Key Infrastructure (PKI) is a system for creating, managing, distributing, using, storing, and revoking digital certificates. These certificates are used to verify the identity of users, devices, and services, enabling secure communication and data exchange. PKI design involves selecting appropriate certificate authorities, defining certificate policies, and establishing procedures for key management. Failover mechanisms ensure the continued availability of PKI services in the event of a system failure, preventing disruptions to security and operations. - -Visit the following resources to learn more: - -- [@article@What is PKI?](https://cpl.thalesgroup.com/faq/public-key-infrastructure-pki/what-public-key-infrastructure-pki) -- [@article@What Is Public Key Infrastructure (PKI) & How Does It Work?](https://www.okta.com/identity-101/public-key-infrastructure/) -- [@article@Fail Over Pattern - High Availability](https://www.filecloud.com/blog/2015/12/architectural-patterns-for-high-availability/) \ No newline at end of file +Public Key Infrastructure (PKI) is a system for creating, managing, distributing, using, storing, and revoking digital certificates. These certificates are used to verify the identity of users, devices, and services, enabling secure communication and data exchange. PKI design involves selecting appropriate certificate authorities, defining certificate policies, and establishing procedures for key management. Failover mechanisms ensure the continued availability of PKI services in the event of a system failure, preventing disruptions to security and operations. \ No newline at end of file diff --git a/src/data/roadmaps/devsecops/content/response-strategy@6Q2VIdeSuBZzo7c1qnYLG.md b/src/data/roadmaps/devsecops/content/response-strategy@6Q2VIdeSuBZzo7c1qnYLG.md index 26829958e..3fcc20111 100644 --- a/src/data/roadmaps/devsecops/content/response-strategy@6Q2VIdeSuBZzo7c1qnYLG.md +++ b/src/data/roadmaps/devsecops/content/response-strategy@6Q2VIdeSuBZzo7c1qnYLG.md @@ -1,9 +1,3 @@ # Response Strategy -A response strategy outlines the planned actions an organization will take when a security incident occurs. It defines roles, responsibilities, communication channels, and procedures for identifying, containing, eradicating, and recovering from security breaches. A well-defined strategy ensures a coordinated and effective response, minimizing damage and restoring normal operations as quickly as possible. - -Visit the following resources to learn more: - -- [@article@How to Create a Cybersecurity Incident Response Plan](https://hyperproof.io/resource/cybersecurity-incident-response-plan/) -- [@article@10 Tips to Improve Incident Response Strategy](https://www.logsign.com/blog/10-tips-for-improving-your-incident-response-strategy/) -- [@article@Incident management for high-velocity teams](https://www.atlassian.com/incident-management/incident-response) \ No newline at end of file +A response strategy outlines the planned actions an organization will take when a security incident occurs. It defines roles, responsibilities, communication channels, and procedures for identifying, containing, eradicating, and recovering from security breaches. A well-defined strategy ensures a coordinated and effective response, minimizing damage and restoring normal operations as quickly as possible. \ No newline at end of file diff --git a/src/data/roadmaps/devsecops/content/risk-quantification@V97S_0PrVw3jjHnmcxDgJ.md b/src/data/roadmaps/devsecops/content/risk-quantification@V97S_0PrVw3jjHnmcxDgJ.md index 54d5ad564..99cad9216 100644 --- a/src/data/roadmaps/devsecops/content/risk-quantification@V97S_0PrVw3jjHnmcxDgJ.md +++ b/src/data/roadmaps/devsecops/content/risk-quantification@V97S_0PrVw3jjHnmcxDgJ.md @@ -1,9 +1,3 @@ # Risk Quantification -Risk quantification is the process of assigning measurable values (often monetary) to the potential impact of identified risks. It involves analyzing the probability of a risk occurring and the potential damage it could cause to an organization's assets, operations, or reputation. This allows for a more objective comparison of different risks and helps prioritize mitigation efforts based on their potential financial or operational impact. - -Visit the following resources to learn more: - -- [@article@What is a cybersecurity risk assessment?](https://www.ibm.com/think/topics/cybersecurity-risk-assessment) -- [@article@What Is a Cybersecurity Risk Assessment?](https://www.paloaltonetworks.com/cyberpedia/cybersecurity-risk-assessment) -- [@article@What is Risk Quantification – Fundamentals and Techniques](https://www.v-comply.com/blog/how-to-quantify-risks-in-financial-services/) \ No newline at end of file +Risk quantification is the process of assigning measurable values (often monetary) to the potential impact of identified risks. It involves analyzing the probability of a risk occurring and the potential damage it could cause to an organization's assets, operations, or reputation. This allows for a more objective comparison of different risks and helps prioritize mitigation efforts based on their potential financial or operational impact. \ No newline at end of file diff --git a/src/data/roadmaps/devsecops/content/soar-automation@rXS1CIZHu7TA_o7L-vMtV.md b/src/data/roadmaps/devsecops/content/soar-automation@rXS1CIZHu7TA_o7L-vMtV.md index 475fa51da..27aff74c8 100644 --- a/src/data/roadmaps/devsecops/content/soar-automation@rXS1CIZHu7TA_o7L-vMtV.md +++ b/src/data/roadmaps/devsecops/content/soar-automation@rXS1CIZHu7TA_o7L-vMtV.md @@ -1,9 +1,3 @@ # SOAR Automation -SOAR (Security Orchestration, Automation, and Response) automation involves using technologies to collect security data from various sources, analyze it, and then automate responses to security incidents. This includes tasks like threat intelligence gathering, vulnerability scanning, incident investigation, and remediation actions. The goal is to improve the efficiency and effectiveness of security operations by reducing manual effort and enabling faster response times to threats. - -Visit the following resources to learn more: - -- [@article@What is SOAR?](https://www.paloaltonetworks.co.uk/cyberpedia/what-is-soar) -- [@article@What is SOAR (security orchestration, automation and response)?](https://www.ibm.com/think/topics/security-orchestration-automation-response) -- [@video@What is SOAR (Security, Orchestration, Automation & Response)](https://www.youtube.com/watch?v=k7ju95jDxFA) \ No newline at end of file +SOAR (Security Orchestration, Automation, and Response) automation involves using technologies to collect security data from various sources, analyze it, and then automate responses to security incidents. This includes tasks like threat intelligence gathering, vulnerability scanning, incident investigation, and remediation actions. The goal is to improve the efficiency and effectiveness of security operations by reducing manual effort and enabling faster response times to threats. \ No newline at end of file diff --git a/src/data/roadmaps/devsecops/content/soc-2@VmDslOmZANHpHmAInFa_j.md b/src/data/roadmaps/devsecops/content/soc-2@VmDslOmZANHpHmAInFa_j.md index 25df28288..a16ff543e 100644 --- a/src/data/roadmaps/devsecops/content/soc-2@VmDslOmZANHpHmAInFa_j.md +++ b/src/data/roadmaps/devsecops/content/soc-2@VmDslOmZANHpHmAInFa_j.md @@ -1,8 +1,3 @@ # SOC 2 -SOC 2 (System and Organization Controls 2) is an auditing procedure that ensures service providers securely manage data to protect the interests of their organization and the privacy of its clients. It defines criteria for managing customer data based on five "trust service principles": security, availability, processing integrity, confidentiality, and privacy. A SOC 2 report assures customers that a service provider has implemented controls to protect their data. - -Visit the following resources to learn more: - -- [@article@What is SOC2 Compliance and How Does it Work | CyberSecurityTV](https://www.youtube.com/watch?v=2-czseg0DHg) -- [@article@SOC 2 Compliance](https://www.imperva.com/learn/data-security/soc-2-compliance/) \ No newline at end of file +SOC 2 (System and Organization Controls 2) is an auditing procedure that ensures service providers securely manage data to protect the interests of their organization and the privacy of its clients. It defines criteria for managing customer data based on five "trust service principles": security, availability, processing integrity, confidentiality, and privacy. A SOC 2 report assures customers that a service provider has implemented controls to protect their data. \ No newline at end of file