Is it Time for Data Driven Business Innovation Strategy?

Credit – Pexels

Data-driven business innovation is not something of distant future anymore. It is a reality of today. Many businesses are already reaping benefits of monetizing internal data that they already possess. Some are taking data-driven business innovation to the next levels by mashing up internal data with public data sources like social media feeds, weather data, and real time traffic information. Whereas others are working on generating new data from sources which were not possible in the past. For example, sensors and affordable wireless data communications is enabling gathering data from vehicles, agriculture, manufacturing, equipment utilization, and other. So what is fueling this revolution and why now? Following are few main reasons why this is happening and why you should give it a serious consideration.

  • Cost of Storing Data – Cost of storing enormous amounts of data has decreased to a level where it is almost insignificant. Quite contrary to the old days when capital investment was needed to build storage infrastructure, now almost unlimited and on-demand data storage is available from many Cloud services providers.
  • Availability of Analytics Tools – Data analytics tools, both commercial and in the open source, are available to process very large amounts of data at extremely low cost. Hadoop based technologies, Cloud services, and Machine Learning are fueling development of new tools.
  • Use of Unstructured Data – Older technologies for data storage and analytics were mostly based upon structured data. However, machine learning and AI advancements have made it possible to use unstructured data for business purposes. Now it is possible to monetize notes from customer service representatives, IVR, and unstructured public data sources.
  • Visualization – Data visualization is key to effective data-driven decision making. Now these tools are available as a service, enabling creating powerful visualizations and dashboards very quickly and without purchasing expensive tools.
  • Wireless Communications – Very affordable wireless data communication is enabling collecting data from mobile sources and remote locations that was not possible just few years back.

How businesses can monetize vast amounts to data and create data-driven strategy for business innovation? The answer is a little different depending upon type of business and the industry segment. Following are some of the ideas that you can think about as a starting point.

  • Customer Insights – A better understanding of customers and getting insights into customer behavior is every business’ dream. Data is enabling businesses gain customer insights for better customer services and building innovative brands. This is especially interesting for B2C interactions in financial, insurance, retail and other industries.
  • Product Improvement – Many manufacturers are using data to improve products, identify product defects, understand how products are being used, and in many other ways.
  • New Business Models – Many companies are using data to create new revenue streams at different levels. Some companies are simply getting into the business of selling data while others are offering data analytics as a service. Equipment manufacturers are working on providing proactive maintenance in addition to machinery, all with the help of data gathered through different sensors.
  • New Levels of Efficiency and Process Improvement – Data is fueling gaining new levels of efficiency in business processes, manufacturing processes, and even in service industries.

The bottom line is that it is imperative for every business to understand the data assets they possess, understand the data value chain, and initiate a data-driven business transformation strategy.

Posted in Digital Transformation | Tagged , , , | Comments Off on Is it Time for Data Driven Business Innovation Strategy?

Information Security Leaders Handbook

Few years ago, I wrote Information Security Leaders Handbook but it was not listed as a download on this blog. With this post, I would like to put it here and also check the level of interest from InfoSec community for an updated version (Second Edition). Please send your comments at my Twitter handle @rafeeq_rehman or through this blog.

Information Security Leaders Handbook

The objective of this book is to make you a successful information security professional by learning from experience of great leaders in this field. This book is a little dated now but provides core fundamental models in a concise manner. It is easy to read and use in managing information security programs. Most of the chapters accompany visual mind maps, action items, and other visual tools for easy understanding.

Click HERE to download the PDF version of the book.

How is this book organized?

The book covers a set of carefully selected topics. This is to ensure that focus remains on principles that are the most important to the success of a security professional. The topics are arranged in six parts as listed below.

  1. Know The Business – List of topics important for understanding and knowing the business.
  2. Information Security Strategy – Elements of information security strategy, how to create strategy and put it into practice.
  3. Security Operations – Major areas related to running an effective security operations program.
  4. Risk Management – How to assess and manage risk.
  5. Personal Branding – Creating personal brand and establishing credibility to be effective as information security leader.
  6. Appendices – Miscellaneous data points and sources of information.

How to Use This Book?

I suggest that you read one chapter daily, take actions, set goals, and write those actions and goals on the “Goals and Activity Log” page at the end of each chapter. Next day, read another chapter and write the actions and goals with target dates. As you go along, start reading random chapters and keep on reviewing and updating your actions and goals to measure your progress and success.

A Systematic Way of Achieving Excellence

The book provides a systematic and measurable way towards excellence in your job. I have gone to great length to limit each topic to two pages or less. Please use the “Goals and Activity Log” page to record your progress and make the best use of your time. While you go along, record your experiences and share them on the book web site.

Subscribe to Blog for Release Dates and Updates

Please subscribe to this blog to keep yourself updated about the release date of the book. You can use “Follow Blog via Email” link on top-right corner of this page.

Your feedback is very important to me. Please share your thoughts on my Twitter handle at @rafeeq_rehman

Other Useful Links for InfoSec Professionals

DISCLAIMER: All material presented is my own and not of my employer and does not constitute any recommendations, endorsements or professional consultation.

Posted in InfoSec, Leadership | Tagged , , , , | Comments Off on Information Security Leaders Handbook

CISO MindMap 2017 – What Do InfoSec Professional Really Do?

Note: An updated version of CISO MindMap (2018) is published here

While Ransomware may be the talk of the town these days, many other profound changes are happening in the industry that impact job of information security professionals. Keeping in view these change, I felt a need for updating CISO MindMap. The new and updated CISO MindMap 2017 is attached below. This time, I have highlighted all changes in red color to make it easy for those who have been following this CISO MindMap for some time.

One major change is about IoT, keeping in view that more and more companies see value and are adopting IoT technologies. Lines between IoT, Industrial IoT, and industrial control systems are blurring gradually. Security professionals are being called in to respond to IoT incidents, which are increasing over time. The IoT vendors are in infancy from security perspective in many cases, with lax security controls. I feel there is a need for all organizations to include IoT as an essential part of their overall security operations. With a little research inside their organization, they may be surprised how many IoT technologies are already being used by their businesses that they may not be aware of.

I also believe that InfoSec professionals should make subjects such as artificial intelligence, drones, sharing economy, and data analytics as part of their learning goals. InfoSec is an essential enabler for modern businesses and we, as a community, should be at the forefront of this progress instead of standing in the way.

Last but not the least, InfoSec professionals must keep a better “Customer Experience” as a guiding principle of everything they do. I would recommend taking a short course on “design thinking” methodology that would make people think and act differently and more productively. We must improve our brand!

Like always, feel free to provide your feedback and comments. Also, register on this blog to keep updated. You can also download PDF version of the CISO MindMap.

CISO MindMap

Your feedback is welcomed on my Twitter handle at @rafeeq_rehman


Posted in InfoSec, IoT, Leadership | Tagged , , , , | Comments Off on CISO MindMap 2017 – What Do InfoSec Professional Really Do?

What is Return on Security Investment (ROSI) Anyway?

Credit Pexels

ROSI or Return On Security Investment is simply a way to calculate if a security control is worth implementation or not. For a control to be financially viable, the reduction of risk has to be greater than the cost of implementing security control. Continue reading

Posted in InfoSec | Tagged , , , | Comments Off on What is Return on Security Investment (ROSI) Anyway?

Business Innovation with a Data Driven Approach

Effective use of data has become a key to run modern business, gain enhanced customer insight, improve loyalty, and drive sales.

More and more companies are realizing that a customer-centric and data-driven approach is the only way to compete in this hyper-connected business world.

Continue reading

Posted in Digital Transformation | Tagged , , | Comments Off on Business Innovation with a Data Driven Approach

Aligning Business Goals with InfoSec Strategy

How do you align yourself with the business you are supporting? What value are you creating? These are the questions that every CISO should be thinking on regular basis. In a typical organization, the CEO has a list of business goals and objectives that trickle down through chain of leadership. Objective for IT leaders are usually derived from CEO’s business objectives to support the organization. Understanding the organizational objectives as well as the personalities of business leaders helps in creating and aligning the information security strategy. Continue reading

Posted in InfoSec, Leadership | Tagged , , | Comments Off on Aligning Business Goals with InfoSec Strategy

DBIR 2017 – Major Findings of Verizon Data Breach Investigations Report

Credits Pixabay

Verizon is publishing Data Breach Investigations Report (DBIR) for over 10 years. The latest release is DBIR 2017 which was published on April 27th. This year’s report contains 1935 confirmed data breaches and more than 42000 security incidents. Like always, DBIR 2017 provides great insights about how data breaches are happening, who is behind attacks, and what their motives are. Continue reading

Posted in InfoSec | Tagged , , | Comments Off on DBIR 2017 – Major Findings of Verizon Data Breach Investigations Report

Three Fundamental Questions for Strategic Decision Making

How to pick the right projects for the next year or the next thing to work on? Recently, this was the major point of discussion in the planning meeting of a non-profit organization. Irrespective of for-profit or non-profit status, all organizations and businesses have to make the same strategic decisions about picking and choosing projects. Continue reading

Posted in Digital Transformation, Entrepreneurship, Leadership | Tagged , , | Comments Off on Three Fundamental Questions for Strategic Decision Making

Customer Experience: The Missing Pillar of Information Security Programs

Few days back, an information security executive asked for help. He has been struggling with demonstrating “tangible business value” of his information security program. We started our dialog about the company business, revenue sources, key issues, competitors and how he could help his organization turn their customers into their brand advocates. Continue reading

Posted in Digital Transformation, InfoSec, Leadership | Tagged , , , , , | Comments Off on Customer Experience: The Missing Pillar of Information Security Programs

Building a Successful Security Operations Center Part 3: SOC Budget Calculator

Sometime back I published an article “What it Really Takes to Stand up a SOC”. This included a MindMap showing everything you need to consider while making a decision about establishing an internal Security Operations Center. Since then, many people have asked questions about estimating budget for standing up an internal SOC. Continue reading

Posted in InfoSec | Tagged , , , | Comments Off on Building a Successful Security Operations Center Part 3: SOC Budget Calculator