* [[b.理论储备:01.tcpip|TCPIP]] * [[b.理论储备:02.网络设备|网络设备]] * [[b.理论储备:03.病毒与漏洞|病毒与漏洞]] * [[b.理论储备:04.操作系统|操作系统]] * [[b.理论储备:05.安全框架与标准|安全框架与标准]] * [[b.理论储备:06.安全培训|安全培训]] * [[b.理论储备:07.安全从业资格|安全从业资格]] * [[b.理论储备:08.书籍阅读|书籍阅读]] * [[b.理论储备:09.安全行业|安全行业]] * [[b.理论储备:10.编程语言|编程语言]] * [[b.理论储备:11.wordlist|WordList]] * [[b.理论储备:12.日经xtech|日经XTech]] * [[b.理论储备:13.日经computer|日经コンピューター]] ---- Roadmap for Learning Cyber Security **Cybersecurity Domains** * **Security Architecture** * Cryptography * Secure System Build * Baseline Configuration * Secure Application Development * Network Design * Data Protection * Cloud Security * Federated Identity * CASB * Access Control * Identify Management * Privileged Access Management * Identify & Access Management * Security Engineering * **Frameworks and Standard** * NIST * ISO/IEC * COBIT * SANS/CSC * **Security Operation** * Vulnerability Management * Protection * Data Leakage * Detection * Prevention * Recovery * DR * BCP * SIEM * SOC * Incident Response * Active Defense * **Physical Security** * **User Education** * Training (new skills) * Awareness (reinforcement) * **Career Development** * Conferences * Certification * Training * Peer Group * Self-study * **Threat Intelligence** * External * Internal * Contextual * Intel. Sharing * IOCs * **Risk Assessment** * Source Code Scan * Blackbox * Whitebox * Vulnerability Scan * Assets Inventory * 3rd Party Risk * 4th Party Risk * Data-Centric Risk * Data-Flow Map * Penetration Test * Blue Team * Social Engineering * Infrastructure * Red Team * Social Engineering * Infrastructure * Application * **Governance** * Aduit * Executive Management Involvement * Reports and Scorecards * KPIs/KPIs * Risk informed * Company's Written Supervisory Procedures (WSP) * Policy * Procedure * Standard * Guideline * Laws and Regulations * Industry Specific * Federal * State