Docs

# Security Functions

# 1 Governance, Risk & Compliance (GRC)

  • Security policies, standards, procedures
  • Risk assessments & risk treatment
  • Regulatory compliance (ISO 27001, NIST, PCI, SOX, GDPR, etc.
  • Third-party / vendor risk
  • Metrics, reporting to management

# 2. Security Architecture & Engineering

  • Security architecture & design
  • Secure system / cloud / network design
  • Security tooling selection
  • Zero Trust, IAM architecture
  • Security patterns & blueprints

# 3. Identity & Access Management (IAM)

  • User lifecycle (joiner/mover/leaver)
  • Authentication & authorization
  • Privileged Access Management (PAM)
  • MFA, SSO, role models
  • Access reviews & certifications

# 4. Application Security (AppSec / DevSecOps)

  • Secure SDLC
  • Code reviews (SAST/DAST/SCA)
  • Threat modeling
  • CI/CD security
  • API & web security

# 5. Infrastructure & Platform Security

  • Server, OS, database security
  • Network security (firewalls, segmentation)
  • Cloud security (AWS/GCP/Azure)
  • Container & Kubernetes security
  • Hardening & baseline configuration

# 6. Security Operations (SecOps / SOC)

  • Security monitoring (SIEM)
  • Incident detection & response
  • Threat hunting
  • Log management
  • Use-case development

# 7. Incident Response & Digital Forensics

  • Incident handling & coordination
  • Containment, eradication, recovery
  • Forensics & evidence handling
  • Root cause analysis
  • Post-incident lessons learned

# 8. Vulnerability & Exposure Management

  • Vulnerability scanning
  • Penetration testing
  • Patch management oversight
  • Risk-based remediation
  • Attack surface management

# 9. Data Security & Privacy

  • Responsibilities
  • Data classification
  • Encryption & key management
  • DLP
  • Privacy controls & DPIAs
  • Data retention & disposal

# 10. Business Continuity & Resilience

  • BCP & DR
  • Backup security
  • Ransomware preparedness
  • Crisis management
  • Availability & resilience testing

# 11. Security Awareness & Culture

  • Awareness programs
  • Phishing simulations
  • Secure behavior training
  • Insider risk reduction

# 12. Physical & Environmental Security

  • Facility access control
  • Data center security
  • CCTV & monitoring
  • Environmental controls

# 13. Third-Party & Supply Chain Security

  • Vendor security assessments
  • Contractual security clauses
  • Ongoing monitoring
  • Cloud/SaaS risk management

# 14. Security Strategy & Leadership (CISO Office)

  • Security strategy & roadmap
  • Budget & resource planning
  • Executive communication
  • Program maturity & alignment with business

© Copyright . All rights reserved.