In order to make the process of targeting the correct and complete list of controls easier to understand for new users/components. Open Control should provide a cheatsheet/guide on some general types of SecOps tooling and to which controls they'd typically contribute to.
In order to effectively do this there needs to be an established taxonomy of component types. Based on some looking into one ready made framework could be the NIST Framework for Improving Critical Infrastructure Cybersecurity https://www.nist.gov/cyberframework. I went ahead an converted the spreadsheet into 3 yaml chunks for the Function -> Category -> Subcategory hierarchy:
https://gist.github.com/JJediny/65438415b5e38ac7560ad5f5597f1877
But that only serves as topic areas not discrete categories by which to curate a group of related/similar technologies that ideally share a common mapping to controls.
In order to make the process of targeting the correct and complete list of controls easier to understand for new users/components. Open Control should provide a cheatsheet/guide on some general types of SecOps tooling and to which controls they'd typically contribute to.
In order to effectively do this there needs to be an established taxonomy of component types. Based on some looking into one ready made framework could be the NIST Framework for Improving Critical Infrastructure Cybersecurity https://www.nist.gov/cyberframework. I went ahead an converted the spreadsheet into 3 yaml chunks for the
Function -> Category -> Subcategory
hierarchy: https://gist.github.com/JJediny/65438415b5e38ac7560ad5f5597f1877But that only serves as topic areas not discrete categories by which to curate a group of related/similar technologies that ideally share a common mapping to controls.
Other resources
https://cloudsecurityalliance.org/wp-content/uploads/2011/09/SecaaS_V1_0.pdf https://downloads.cloudsecurityalliance.org/assets/research/security-as-a-service/csa-categories-securities-prep.pdf
https://cloudsecurityalliance.org/group/security-as-a-service/#_downloads