Building a holistic security program is not a trivial process. However, you can get started by following a simplified workflow and build from there.
It is important to remember that security is a lifecycle. It must be continually maintained and refined.
- COBIT - Governance at an organizational level
- NIST - Cybersecurity Framework with holistic guidance for implementing security in different functional areas of the organization.
- Platform Security
- App Security
- Developer Workflows
- Network Security
- Data Protection Impact Assessment
- Regional Privacy and Data Security Laws
- Industry-specific Laws
- Medical devices
- Privacy Management
- Employee Training
- Consumer Rights
- Risk Analysis