The cybersecurity leaders’ high-level concerns open the discussion on what may be a focus. Cybersecurity leaders (CSO, CISO, BISO, TISO, ISO, Director, Manager, etc.) must maintain a cybersecurity program with related subprograms while ensuring cyber resilience. The cybersecurity leader’s high-level concerns are broken down into core domains. Be mindful this is not about cybersecurity leader skills but areas of concern,i.e., the items that will have to be addressed under a program and policy architecture while driving maturity and capability. This is not an exhaustive list, and it will change over time. Each will be broken down into their respective domains for more depth. A caveat is the differences in critical infrastructure industry sectors. It is relatively difficult to address the differences across each. These domain areas are broken down into domains as noted in the diagram above:

Each domain represents core aspects a cybersecurity leader must deliver on. Generally speaking, not all cybersecurity leaders are accountable for physical security; it may fall under an entirely different leader. Likewise, physical security and cybersecurity operations were divided to address the reality that physical and logical security are different domains. Too often, terminology is used interchangeably when it should not be, or security, a broad term, is not qualified, i.e., noting security when physical security or cybersecurity is the desired context.

Anyone can use and modify this public domain document to meet their needs.

SABSA is the copyright and trademark of the SABSA Institute; all rights reserved.
TOGAF is the copyright and trademark of The Open Group; all rights reserved.