APPENDIX E
Cybersecurity Operational Processes
To maintain an effective cybersecurity posture, the Chief Information Security Officer (CISO) should maintain a number of enterprise operational processes to include the following:
- Policies and Policy Exception Management
- Project and Change Security Reviews
- Risk Management
- Control Management
- Auditing and Deficiency Tracking
- Asset Inventory and Audit
- Change Control
- Configuration Management Database Re-certification
- Supplier Reviews and Risk Assessments
- Cyberintrusion Response
- All-Hazards Emergency Preparedness Exercises
- Vulnerability Scanning, Tracking, and Management
- Patch Management and Deployment ...
Get Enterprise Cybersecurity: How to Build a Successful Cyberdefense Program Against Advanced Threats now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
