# Cyber Defense Matrix The [Cyber Defense Matrix](https://cyberdefensematrix.com/) (TM) is a book about how to orient controls to increase the overall effectiveness and resilience of cybersecurity in an environment from the lens of protecting asset classes. The method for analyzing controls is devised into a matrix that can then be oriented for reviews and strategy. Asset classes are provided down the left side of the matrix and classes of security domains across the top for a matrix view of different aspects of controls and defenses. ## Cyber City Map x Cyber Defense Matrix | | Identify<br> | Protect | Detect | Respond | Recover | | ------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------- | | | Inventorying assets and vulns, measuring attack surface, prioritizing, baselining normal, threat modeling, risk assessment | Preventing or limiting impact, patching, containing, isolating, hardening, managing access, vuln mitigation | Discovering events, triggering on anomalies, hunting for intrusions, security analytics | Acting on events, eradicating intrusion, assessing damage, forensic reconstruction | Returning to normal operations, restoring services, documenting lessons learned, resiliency | | **Network**<br><br>Connections and traffic flowing among devices and apps, communication paths | [[Asset Management]]<br><br>[[Attack Surface Enumeration]]<br><br>[[Defense Modeling]]<br><br>[[Domain Management]]<br><br>[[Exploit Management]]<br><br>[[Network Management]]<br><br>[[Persona Management]] | [[Allow Listing]]<br><br>[[Deny Listing]]<br><br>[[Domain Management]]<br><br>[[Network Management]]<br><br>[[Remediation Management]]<br><br>[[Third Party Management]]<br><br> | [[Alert Correlation]]<br><br>[[Deception Management]]<br><br>[[Domain Management]]<br><br>[[Log Management]]<br><br>[[Network Management]]<br><br>[[Stream Processing]] | [[Domain Management]]<br><br>[[Forensic Analysis]]<br><br>[[Incident Management]]<br><br>[[Network Management]] | [[Backup and Recovery]]<br><br>[[Domain Management]]<br><br>[[Failure Tracing]]<br><br>[[Network Management]] | | **Systems**<br><br>Workstations, servers, phones, tablets, storage, network devices, IoT infrastructure, etc. | [[Asset Management]]<br><br>[[Attack Surface Enumeration]]<br><br>[[Defense Modeling]]<br><br>[[Device Management]]<br><br>[[Exploit Management]]<br><br>[[Persona Management]] | [[Allow Listing]]<br><br>[[Deny Listing]]<br><br>[[Device Management]]<br><br>[[Remediation Management]]<br><br>[[Third Party Management]] | [[Alert Correlation]]<br><br>[[Deception Management]]<br><br>[[Device Management]]<br><br>[[Log Management]]<br><br>[[Stream Processing]] | [[Device Management]]<br><br>[[Forensic Analysis]]<br><br>[[Incident Management]] | [[Backup and Recovery]]<br><br>[[Device Management]]<br><br>[[Failure Tracing]] | | **Applications**<br><br>Software, interactions, and application flows on the devices | [[Application Management]]<br><br>[[Asset Management]]<br><br>[[Attack Surface Enumeration]]<br><br>[[Code Management]]<br><br>[[Defense Modeling]]<br><br>[[Email Management]]<br><br>[[Exploit Management]]<br><br>[[Persona Management]]<br><br>[[Third Party Management]] | [[Allow Listing]]<br><br>[[Application Management]]<br><br>[[Deny Listing]]<br><br>[[Email Management]]<br><br>[[Code Management]]<br><br>[[Remediation Management]]<br><br>[[Third Party Management]] | [[Alert Correlation]]<br><br>[[Application Management]]<br><br>[[Deception Management]]<br><br>[[Email Management]]<br><br>[[Log Management]]<br><br>[[Stream Processing]]<br><br>[[Third Party Management]] | [[Application Management]]<br><br>[[Email Management]]<br><br>[[Forensic Analysis]]<br><br>[[Incident Management]]<br><br>[[Third Party Management]] | [[Application Management]]<br><br>[[Backup and Recovery]]<br><br>[[Email Management]]<br><br>[[Failure Tracing]]<br><br>[[Third Party Management]] | | **Data**<br><br>Content at rest, in transit, or in use by the resources listed | [[Asset Management]]<br><br>[[Attack Surface Enumeration]]<br><br>[[Data Management]]<br><br>[[Defense Modeling]]<br><br>[[Exploit Management]]<br><br>[[Persona Management]] | [[Allow Listing]]<br><br>[[Data Management]]<br><br>[[Deny Listing]]<br><br>[[Remediation Management]]<br><br>[[Third Party Management]] | [[Alert Correlation]]<br><br>[[Data Management]]<br><br>[[Deception Management]]<br><br>[[Log Management]]<br><br>[[Stream Processing]] | [[Data Management]]<br><br>[[Forensic Analysis]]<br><br>[[Incident Management]] | [[Backup and Recovery]]<br><br>[[Data Management]]<br><br>[[Failure Tracing]] | | **Identity**<br><br>The people using the resources listed | [[Asset Management]]<br><br>[[Attack Surface Enumeration]]<br><br>[[Defense Modeling]]<br><br>[[Exploit Management]]<br><br>[[Identity and Access Management]]<br><br>[[Persona Management]]<br><br>[[Third Party Management]]<br><br>[[Training]] | [[Allow Listing]]<br><br>[[Deny Listing]]<br><br>[[Identity and Access Management]]<br><br>[[Remediation Management]]<br><br>[[Third Party Management]]<br><br>[[Training]] | [[Alert Correlation]]<br><br>[[Deception Management]]<br><br>[[Identity and Access Management]]<br><br>[[Log Management]]<br><br>[[Stream Processing]]<br><br>[[Third Party Management]]<br><br>[[Training]] | [[Forensic Analysis]]<br><br>[[Identity and Access Management]]<br><br>[[Incident Management]]<br><br>[[Third Party Management]]<br><br>[[Training]] | [[Backup and Recovery]]<br><br>[[Failure Tracing]]<br><br>[[Identity and Access Management]]<br><br>[[Third Party Management]]<br><br>[[Training]] | ## Inspiration & Resources + [Cyber Defense Matrix](https://cyberdefensematrix.com/) + [Cybersecurity Maturity Matrix (cybermaturitymatrix.com)](https://cybermaturitymatrix.com/?annotate=false&preset=cdm) ## Release Notes + [[WIP - Q3 2024 Release#Map Cyber Defense Matrix to Cybersecurity Capabilities]] ## [Cyber City Map](https://cybercitymap.com/) © 2023-2024 by [ThirdScore, Inc.](https://thirdscore.com/) All Rights Reserved.