How do you align yourself with the business you are supporting? What value are you creating? These are the questions that every CISO should be thinking on regular basis. In a typical organization, the CEO has a list of business goals and objectives that trickle down through chain of leadership. Objective for IT leaders are usually derived from CEO’s business objectives to support the organization. Understanding the organizational objectives as well as the personalities of business leaders helps in creating and aligning the information security strategy. Continue reading
Verizon is publishing Data Breach Investigations Report (DBIR) for over 10 years. The latest release is DBIR 2017 which was published on April 27th. This year’s report contains 1935 confirmed data breaches and more than 42000 security incidents. Like always, DBIR 2017 provides great insights about how data breaches are happening, who is behind attacks, and what their motives are. Continue reading
How to pick the right projects for the next year or the next thing to work on? Recently, this was the major point of discussion in the planning meeting of a non-profit organization. Irrespective of for-profit or non-profit status, all organizations and businesses have to make the same strategic decisions about picking and choosing projects. Continue reading
Few days back, an information security executive asked for help. He has been struggling with demonstrating “tangible business value” of his information security program. We started our dialog about the company business, revenue sources, key issues, competitors and how he could help his organization turn their customers into their brand advocates. Continue reading
Sometime back I published an article “What it Really Takes to Stand up a SOC”. This included a MindMap showing everything you need to consider while making a decision about establishing an internal Security Operations Center. Take a look at the PDF Download link for this MindMap. Since then, many people have asked questions about estimating budget for standing up an internal SOC. Continue reading
Although traditional methods of communications like RESTful APIs can be used for IOT communications, MQTT and CoAP are the two major IoT protocols for exchanging messages in IoT networks. This is a quick overview of both of these protocols. Continue reading
Budget estimates are a major part of SOC business case. A typical budget will consist of capital cost, payroll expenses, and annual recurring costs. The budget estimates also helps in making decision about build an internal SOC or using SOC as a Service. Following is a summary of three major cost components. Capital Cost – […]
Information Security is a rapidly changing field as advancements due to disruptive technologies, like SDN, IoT, NFV and others, have direct impact on security management programs. Information Security professionals, in general, are perceived to be slow in adapting to new technologies and are many times considered a road block. This perception must change and this post […]
This is my latest Blog on CISOcast
Initiatives for Digital Transformation are at front and center of every major corporation to keep their business competitive and relevant. Many technology research organizations are publishing papers about different aspects of digital transformation, which is categorized as a new industrial revolution. Continue reading
It took some time to update the CISO MindMap but finally it is here. Thanks to all who provided suggestions for this update.
A very rapid change is happening across the industries. Whether it is digital transformation, Internet of Things (IoT), Software Defined Networking (SDN), crypto currencies, virtual reality, 3D printing or others, change is visible everywhere. These changes are happening across all industries. CISOs not only need to adapt quickly to these changes but need to be on the leading edge of these changes. Business enablement is becoming a key role of modern CISOs. Good luck with all of this!
UPDATE: If you are want to hang a printed copy of this mind map in your office, I would suggest using the CISO MindMap_a0 PDF and getting a 24×36 inch print from OfficeMax or some other place.
A related post to this mind map is about building a security operations center or SOC. Please refer to “What is Takes to Build a SOC“.
PDF versions of CISO mind map are available for download using the following links.