digraph CISO_Mindmap {
    rankdir=LR;
    splines=ortho;
    node [
        shape=ellipse,
        style=filled,
        fontname="Arial",
        fontsize=10
    ];
    edge [
        fontname="Arial",
        fontsize=9
    ];

    CISO [label="CISO\n(Chief Information Security Officer)", fillcolor="#AED6F1", fontcolor="#000000"];

    // Governance & Strategy
    Gov [label="Governance & Strategy", fillcolor="#FACC15", shape=rectangle];
    Policies [label="Policies & Standards", fillcolor="#FEF3C7"];
    RiskMgmt [label="Risk Management", fillcolor="#FEF3C7"];
    Awareness [label="Awareness & Training", fillcolor="#FEF3C7"];

    CISO -> Gov;
    Gov -> Policies;
    Gov -> RiskMgmt;
    Gov -> Awareness;

    // SOC
    SOC [label="Security Operations Center (SOC)", fillcolor="#EC7063", shape=rectangle];
    SOC1 [label="SOC Level 1", fillcolor="#F1948A"];
    SOC2 [label="SOC Level 2 / Threat Hunting", fillcolor="#F1948A"];
    SIEM [label="SIEM/SOAR Engineering", fillcolor="#F1948A"];

    CISO -> SOC;
    SOC -> SOC1;
    SOC -> SOC2;
    SOC -> SIEM;

    // Incident Response / Forensics
    IR [label="Incident Response & Digital Forensics", fillcolor="#E74C3C", shape=rectangle];
    Triage [label="Triage & Analysis", fillcolor="#F5B7B1"];
    Forensics [label="Forensics", fillcolor="#F5B7B1"];
    Crisis [label="Crisis Management", fillcolor="#F5B7B1"];

    CISO -> IR;
    IR -> Triage;
    IR -> Forensics;
    IR -> Crisis;

    // Cyber Threat Intelligence
    CTI [label="Cyber Threat Intelligence", fillcolor="#A627F5", shape=rectangle];
    StratCTI [label="Strategic CTI", fillcolor="#D7BDE2"];
    OperCTI [label="Operational CTI", fillcolor="#D7BDE2"];
    TacCTI [label="Tactical CTI", fillcolor="#D7BDE2"];

    CISO -> CTI;
    CTI -> StratCTI;
    CTI -> OperCTI;
    CTI -> TacCTI;

    // Vulnerability Management
    VM [label="Vulnerability Management", fillcolor="#F7DC6F", shape=rectangle];
    InfraScan [label="Infrastructure Scanning", fillcolor="#FCF3CF"];
    AppScan [label="Application Scanning", fillcolor="#FCF3CF"];
    PatchMgmt [label="Patch Management & Remediation", fillcolor="#FCF3CF"];

    CISO -> VM;
    VM -> InfraScan;
    VM -> AppScan;
    VM -> PatchMgmt;

    // Pentesting / Red Team
    PT [label="Pentesting / Red Team", fillcolor="#76D7C4", shape=rectangle];
    IntPent [label="Internal Pentest", fillcolor="#A9DFBF"];
    ExtPent [label="External Pentest", fillcolor="#A9DFBF"];
    RT [label="Red Team / Purple Team", fillcolor="#A9DFBF"];

    CISO -> PT;
    PT -> IntPent;
    PT -> ExtPent;
    PT -> RT;

    // Security Architecture
    SecArch [label="Security Architecture", fillcolor="#85C1E9", shape=rectangle];
    InfraArch [label="Infrastructure Architecture", fillcolor="#AED6F1"];
    CloudArch [label="Cloud Architecture", fillcolor="#AED6F1"];
    AppArch [label="Application Architecture", fillcolor="#AED6F1"];

    CISO -> SecArch;
    SecArch -> InfraArch;
    SecArch -> CloudArch;
    SecArch -> AppArch;

    // Network & Infra Security
    NetSec [label="Network & Infrastructure Security", fillcolor="#5499C7", shape=rectangle];
    Firewalls [label="Firewalls / IDS/IPS", fillcolor="#AED6F1"];
    VPN [label="VPN / Remote Access", fillcolor="#AED6F1"];
    ZeroTrust [label="Network Segmentation\n& Zero Trust", fillcolor="#AED6F1"];

    CISO -> NetSec;
    NetSec -> Firewalls;
    NetSec -> VPN;
    NetSec -> ZeroTrust;

    // Identity & Access Management
    IAM [label="Identity & Access Management", fillcolor="#52BE80", shape=rectangle];
    IAG [label="IAG / RBAC / Role Model", fillcolor="#82E0AA"];
    PrivMgmt [label="Privileged Access Mgmt (PAM)", fillcolor="#82E0AA"];

    CISO -> IAM;
    IAM -> IAG;
    IAM -> PrivMgmt;

    // Cloud Security
    CloudSec [label="Cloud Security", fillcolor="#5DADE2", shape=rectangle];
    CSPM [label="CSPM / Cloud Compliance", fillcolor="#AED6F1"];
    CWPP [label="CWPP / Workload Protection", fillcolor="#AED6F1"];
    CIEM [label="CIEM / Cloud Access Monitoring", fillcolor="#AED6F1"];

    CISO -> CloudSec;
    CloudSec -> CSPM;
    CloudSec -> CWPP;
    CloudSec -> CIEM;

    // App Security
    AppSec [label="Application Security (AppSec)", fillcolor="#2ECC71", shape=rectangle];
    SAST [label="SAST/DAST", fillcolor="#58D68D"];
    DevSecOps [label="DevSecOps", fillcolor="#58D68D"];
    SecureSDLC [label="Secure SDLC", fillcolor="#58D68D"];

    CISO -> AppSec;
    AppSec -> SAST;
    AppSec -> DevSecOps;
    AppSec -> SecureSDLC;

    // Compliance & Audit
    Compliance [label="Compliance & Audit", fillcolor="#909497", shape=rectangle];
    ISO27001 [label="ISO 27001, GDPR, NIS2", fillcolor="#D5D8DC"];
    ISO27005 [label="ISO 27005 Risk Assessment", fillcolor="#D5D8DC"];

    CISO -> Compliance;
    Compliance -> ISO27001;
    Compliance -> ISO27005;

    // Business Continuity
    BC [label="Business Continuity & Crisis Management", fillcolor="#F5B041", shape=rectangle];
    BCPDRP [label="BCP/DRP", fillcolor="#F8C471"];
    CrisisTeam [label="Crisis Team", fillcolor="#F8C471"];
    Tests [label="Tests & Exercises", fillcolor="#F8C471"];

    CISO -> BC;
    BC -> BCPDRP;
    BC -> CrisisTeam;
    BC -> Tests;
}