52 |
Detection and Response
53 |
54 |
55 | -
56 | 24/7 SOC (internal or external/MSSP)
57 |
64 |
65 | -
66 | SIEM with use cases mapped to MITRE ATT&CK
67 |
74 |
75 | -
76 | Threat hunting and anomaly detection
77 |
84 |
85 | -
86 | Incident response plan (IRP) and tabletop exercises
87 |
94 |
95 | -
96 | EDR/XDR with real-time threat detection
97 |
104 |
105 | -
106 | IOC/IOA ingestion and alerting
107 |
114 |
115 | -
116 | Forensic capabilities and retention of logs/artifacts
117 |
124 |
125 | -
126 | Crisis communication and legal escalation procedures
127 |
134 |
135 | -
136 | Post-incident reviews and lessons learned
137 |
144 |
145 |
146 |
147 |
148 |
Prevention
149 |
150 |
151 | -
152 | Firewalls (NGFW), IDS/IPS, Web Application Firewalls (WAFs)
153 |
160 |
161 | -
162 | Email filtering and sandboxing
163 |
170 |
171 | -
172 | Endpoint protection and application whitelisting
173 |
180 |
181 | -
182 | Network access control (NAC)
183 |
190 |
191 | -
192 | Data Loss Prevention (DLP) systems
193 |
200 |
201 | -
202 | Zero Trust Architecture (ZTA) adoption
203 |
210 |
211 | -
212 | Security policies enforced via MDM, GPOs, CASB, etc
213 |
220 |
221 | -
222 | Secure software development practices (e.g., SAST/DAST)
223 |
230 |
231 | -
232 | Phishing simulation and behavior reinforcement
233 |
240 |
241 |
242 |
243 |
244 |
An Integrated Portfolio That Enables Orchestration
245 |
246 |
247 | -
248 | Centralized log management and SIEM integration
249 |
256 |
257 | -
258 | SOAR (Security Orchestration Automation and Response) capabilities
259 |
266 |
267 | -
268 | Threat intelligence platform (TIP) integration with detection systems
269 |
276 |
277 | -
278 | Unified dashboards across detection, response, asset visibility, and vulnerabilities
279 |
286 |
287 | -
288 | Automated response playbooks
289 |
296 |
297 | -
298 | APIs for tool integrations
299 |
306 |
307 | -
308 | Common data formats (e.g., STIX, TAXII)
309 |
316 |
317 | -
318 | Detection-as-Code and infrastructure-as-code integrations
319 |
326 |
327 | -
328 | Cloud and on-premise tool coverage
329 |
336 |
337 |
338 |
339 |
340 |
A Focus on the Fundamentals
341 |
342 |
343 | -
344 | Patch and vulnerability management program
345 |
352 |
353 | -
354 | Asset inventory and configuration management (CMDB)
355 |
362 |
363 | -
364 | MFA enforced across all critical access points
365 |
372 |
373 | -
374 | Secure baseline configurations and hardening guides
375 |
382 |
383 | -
384 | Data backup and restore testing
385 |
392 |
393 | -
394 | Secure network architecture (e.g., segmentation, firewall rules)
395 |
402 |
403 | -
404 | Least privilege and identity lifecycle management
405 |
412 |
413 | -
414 | Endpoint protection and mobile device management (MDM)
415 |
422 |
423 | -
424 | Logging and monitoring at minimum recommended levels
425 |
432 |
433 |
434 |
435 |
436 |
Dedication To Recruiting and Retaining Staff
437 |
438 |
439 | -
440 | Clear organizational chart for cybersecurity roles
441 |
448 |
449 | -
450 | Defined career paths and upskilling plans (e.g., certifications, hands-on labs)
451 |
458 |
459 | -
460 | Competitive compensation and retention strategies
461 |
468 |
469 | -
470 | Established Security Champions Program within departments
471 |
478 |
479 | -
480 | Team structure that includes red team, blue team, and governance functions
481 |
488 |
489 | -
490 | Partnerships with universities, talent pools, or MSSPs
491 |
498 |
499 | -
500 | Diversity, equity, and inclusion in hiring
501 |
508 |
509 |
510 |
511 |
512 |
513 |
Policies to establish boundaries, standards & mandatory requirements
514 |
515 |
516 | -
517 | Formal Information Security Policy approved by leadership
518 |
525 |
526 | -
527 | Acceptable Use Policy (AUP) for devices, internet, and email
528 |
535 |
536 | -
537 | Clear data classification and handling policy (public, internal, confidential, restricted)
538 |
545 |
546 | -
547 | Policy on information security roles and responsibilities (RACI)
548 |
555 |
556 | -
557 | Risk management policy aligned with frameworks like ISO 27001 or NIST CSF
558 |
565 |
566 | -
567 | Periodic policy review and update process (at least annually or on significant changes)
568 |
575 |
576 | -
577 | Change management policy for IT systems
578 |
585 |
586 | -
587 | Document retention and destruction policy
588 |
595 |
596 | -
597 | Document retention and destruction policy
598 |
605 |
606 |
607 |
608 |
609 |
610 |
611 |
612 |
An Actual Security Strategy
613 |
614 |
615 | -
616 | Formalized, board-approved cybersecurity strategy aligned with business goals
617 |
624 |
625 | -
626 | Defined security governance structure
627 |
634 |
635 | -
636 | Identified crown jewels and business-critical assets
637 |
644 |
645 | -
646 | Risk management framework (e.g., NIST RMF, ISO 27005)
647 |
654 |
655 | -
656 | Defined roles and responsibilities (RACI)
657 |
664 |
665 | -
666 | Budget planning and roadmap for improvement
667 |
674 |
675 | -
676 | Alignment with compliance requirements (e.g., ISO 27001, NIST CSF, GDPR)
677 |
684 |
685 |
686 |
687 |