A wanted to define an overarching security framework to encapsulate all the core elements that needed to be considered as part of ‘Security’. This forms a starting point to delve into specific areas which I’ve bulleted to delve deeper.
Identity & Access Management
- Authentication
- Authorisation
- User groups, role, and permission management
- Directory Services
- Single Sign On (SSO) and Federation
Network & Infrastructure
- DMZ, firewalls, and reverse Proxies
- Intrusion and virus detection
- Server hardening
- Physical security
Compliance
- Security policies (PCI, PII, privacy, cookie laws,)
- ISO27001
- Security Review and Risk Assessment
- Penetration Testing
- Audit & Logging
- Monitoring & reporting
Data & Information
- Encryption & hashing
- Transmission
- Storage
- Protocols
- Archiving