If you want a single slide deck that will provide you a great baseline to most elements of a modern security organization, view the slides in this CISO workshop. There are also videos, but, full disclosure, I have not watched those. This is a great learning and reference resource.
The workshop covers all aspects of a comprehensive security program including strategic initiatives, roles and responsibilities, success metrics, maturity models, and more.
Who should review this?
The information mainly targets senior security leaders (CISO, directors, architects), but really it is useful to see a strong overview of most departments within a CISO organization and cross train or review if you have not had exposure to all departments.
What does it contain?
This document contains overviews of:
- Starting points / fundamentals
- General threat information
- Business alignment – how to priortize security
- Security Disciplines – foundational capabilities
- Security roles and responsibilities
- Cloud Adoption Framework – a secure process to adopt / migrate to the cloud
- Zero Trust – a broad overview of this concept
- Example metrics
- A Security Operating Model
- Program Maturity Recommendations
Overall, this provides a lot of detail across a number of areas. It’s also a great place to review architecture, process, and structure diagrams that could inspire you with content for somethign you’re working on. Similar to some of the AWS reference and security pillar resources, it is great information even if you aren’t using Azure or it isn’t the only cloud platform you use.