shawndwells
commented
5 years ago No activity on this discussion for over two years. Closing for inactivity. Feel free to reopen as appropriate!
Closed JJediny closed 5 years ago
shawndwells
commented
5 years ago No activity on this discussion for over two years. Closing for inactivity. Feel free to reopen as appropriate!
In order to make the process of targeting the correct and complete list of controls easier to understand for new users/components. Open Control should provide a cheatsheet/guide on some general types of SecOps tooling and to which controls they'd typically contribute to.
In order to effectively do this there needs to be an established taxonomy of component types. Based on some looking into one ready made framework could be the NIST Framework for Improving Critical Infrastructure Cybersecurity https://www.nist.gov/cyberframework. I went ahead an converted the spreadsheet into 3 yaml chunks for the
Function -> Category -> Subcategoryhierarchy: https://gist.github.com/JJediny/65438415b5e38ac7560ad5f5597f1877But that only serves as topic areas not discrete categories by which to curate a group of related/similar technologies that ideally share a common mapping to controls.
Other resources
https://cloudsecurityalliance.org/wp-content/uploads/2011/09/SecaaS_V1_0.pdf https://downloads.cloudsecurityalliance.org/assets/research/security-as-a-service/csa-categories-securities-prep.pdf
https://cloudsecurityalliance.org/group/security-as-a-service/#_downloads