Category Archives: InfoSec

Estimating SOC Budget

Budget estimates are a major part of building SOC business case. A typical budget will consist of the following three major components: Capital Cost– This consists of initial expense of building SOC and includes everything from furniture to hardware, software … Continue reading

Posted in InfoSec, SOC | Comments Off on Estimating SOC Budget

Scalable Log Collection as Foundation of SOC

Logs provide a wealth of information and that is one of the reasons that almost all security standards and frameworks (NIST, ISO, PCI, and others) emphasize on collection, storage, and analysis of log data as one of the key aspects … Continue reading

Posted in InfoSec, SOC | Tagged , , , | Comments Off on Scalable Log Collection as Foundation of SOC

Announcing Cybersecurity Learning Saturday

Continuous learning and skills development is an essential part of any Cybersecurity professional but they don’t get enough time during normal work week. So why not turn Saturdays into a collaborative learning events where people come to share knowledge, teach, … Continue reading

Posted in InfoSec | Tagged , | Comments Off on Announcing Cybersecurity Learning Saturday

CISO MindMap 2018 – What Do InfoSec Professionals Really Do?

Like last year, ransomware continues to be a major issue for many organizations. One of the best things any organization can do to itself is to prepare for dealing with ransomware incidents. While ransomware is morphing into crypto currency mining … Continue reading

Posted in InfoSec, Leadership, SOC | Tagged , , , , , | Comments Off on CISO MindMap 2018 – What Do InfoSec Professionals Really Do?

Building a Successful Security Operations Center (SOC): Part 4

SOC Planning – Defining SOC Scope Defining scope for the SOC is crucial for its success and to determine stakeholders for the SOC. The scope will help determine cost, associates needed to run the SOC, SOC processes and many other … Continue reading

Posted in InfoSec, SOC | Tagged , , , , , , | Comments Off on Building a Successful Security Operations Center (SOC): Part 4

CISO MindMap 2017 – What Do InfoSec Professional Really Do?

Note: An updated version of CISO MindMap (2018) is published here While Ransomware may be the talk of the town these days, many other profound changes are happening in the industry that impact job of information security professionals. Keeping in … Continue reading

Posted in InfoSec, IoT, Leadership | Tagged , , , , | Comments Off on CISO MindMap 2017 – What Do InfoSec Professional Really Do?

What is Return on Security Investment (ROSI) Anyway?

ROSI or Return On Security Investment is simply a way to calculate if a security control is worth implementation or not. For a control to be financially viable, the reduction of risk has to be greater than the cost of … Continue reading

Posted in InfoSec | Tagged , , , | Comments Off on What is Return on Security Investment (ROSI) Anyway?

Aligning Business Goals with InfoSec Strategy

How do you align yourself with the business you are supporting? What value are you creating? These are the questions that every CISO should be thinking on regular basis. In a typical organization, the CEO has a list of business … Continue reading

Posted in InfoSec, Leadership | Tagged , , | Comments Off on Aligning Business Goals with InfoSec Strategy

DBIR 2017 – Major Findings of Verizon Data Breach Investigations Report

Verizon is publishing Data Breach Investigations Report (DBIR) for over 10 years. The latest release is DBIR 2017 which was published on April 27th. This year’s report contains 1935 confirmed data breaches and more than 42000 security incidents. Like always, … Continue reading

Posted in InfoSec | Tagged , , | Comments Off on DBIR 2017 – Major Findings of Verizon Data Breach Investigations Report