Following the new taxonomy proposed by @mattaereal here, I would like to suggest the following categories for the OpSec domain. Feedback would be greatly appreciated, along with any help in taking each category forward into sub-categories, items, benchmarks, etc.
Categories in OpSec that I can think of (with some sub-categories) are:
- Identity and Access Management
Subs: Authentication, Federation, RBAC, MFA
- Endpoint protection
Subs: end-user, mobile, server
- Communications Security
Subs: phishing, smishing, data exfiltration, URL protection
- Data Security
Subs: PoLP, data classification, information rights management
- Wallet security
- Digital risk protection
Subs: brand protection, fraud prevention, pretexting, data leak detection, baiting, impersonation, compromised credentials, dark web monitoring
- Cloud security
Subs: cloud architecture, BoM, segmentation, firewalls, log monitoring
- Vendor / Third-Party security
- Physical security
- Incident response
- Travel security
I am sure that I am missing quite a lot, and my knowledge in certain areas is limited. Enhancements and contributions would be very helpful.
Following the new taxonomy proposed by @mattaereal here, I would like to suggest the following categories for the OpSec domain. Feedback would be greatly appreciated, along with any help in taking each category forward into sub-categories, items, benchmarks, etc.
Categories in OpSec that I can think of (with some sub-categories) are:
Subs: Authentication, Federation, RBAC, MFA
Subs: end-user, mobile, server
Subs: phishing, smishing, data exfiltration, URL protection
Subs: PoLP, data classification, information rights management
Subs: brand protection, fraud prevention, pretexting, data leak detection, baiting, impersonation, compromised credentials, dark web monitoring
Subs: cloud architecture, BoM, segmentation, firewalls, log monitoring
I am sure that I am missing quite a lot, and my knowledge in certain areas is limited. Enhancements and contributions would be very helpful.