Tag Archives: infosec

CISO MindMap 2017 – What Do InfoSec Professional Really Do?

While Ransomware may be the talk of the town these days, many other profound changes are happening in the industry that impact job of information security professionals. Keeping in view these change, I felt a need for updating CISO MindMap. … Continue reading

Posted in InfoSec, IoT, Leadership | Tagged , , , , | Comments Off on CISO MindMap 2017 – What Do InfoSec Professional Really Do?

What is Return on Security Investment (ROSI) Anyway?

ROSI or Return On Security Investment is simply a way to calculate if a security control is worth implementation or not. For a control to be financially viable, the reduction of risk has to be greater than the cost of … Continue reading

Posted in InfoSec | Tagged , , , | Comments Off on What is Return on Security Investment (ROSI) Anyway?

Aligning Business Goals with InfoSec Strategy

How do you align yourself with the business you are supporting? What value are you creating? These are the questions that every CISO should be thinking on regular basis. In a typical organization, the CEO has a list of business … Continue reading

Posted in InfoSec, Leadership | Tagged , , | Comments Off on Aligning Business Goals with InfoSec Strategy

2016 CISO MindMap – What do InfoSec Professionals Do?

Please note that this is an older post An updated MindMap available here. It took some time to update the CISO MindMap but finally it is here. Thanks to all who provided suggestions for this update. A very rapid change … Continue reading

Posted in InfoSec, IoT, Leadership | Tagged , , , , | Comments Off on 2016 CISO MindMap – What do InfoSec Professionals Do?

A take on information security reports

There are almost as many information security reports out there as the number of security vendors. Keeping up to date about these reports could be a challenge and sometimes these reports may become an information overload for security professionals. Verizon … Continue reading

Posted in InfoSec | Tagged , , | Comments Off on A take on information security reports

Using SWOT Analysis to Create InfoSec Strategy

SWOT (Strengths, Weaknesses, Opportunities, Threats) analysis is an industry standard way of analyzing current situation (marketing, business strategy, risk assessment, etc). In many cases, SWOT analysis provides foundation for creating business strategy. Following is a short description of how we … Continue reading

Posted in InfoSec, Leadership | Tagged , , | Comments Off on Using SWOT Analysis to Create InfoSec Strategy

The Bare Minimum Business Terminology Every InfoSec Professional Must Know

The role of CISO, and other InfoSec professionals, has morphed into a critical business function. One should expect getting involved in “business” discussion often, and at higher levels. Understanding and speaking business language is more important than ever for success … Continue reading

Posted in InfoSec, Leadership | Tagged , | Comments Off on The Bare Minimum Business Terminology Every InfoSec Professional Must Know

What it really takes to stand up a SOC

IDC (and other analysts) predict information security, threat intelligence, data analytics, hunting, among others, are expected to grow and become more important part of a CISO’s strategy in 2015 and beyond. If one has money and backing of a large organization, … Continue reading

Posted in InfoSec, Leadership | Tagged , , , | Comments Off on What it really takes to stand up a SOC