About Rafeeq Rehman
Consultant, Author, Researcher.
Most people outside the Cybersecurity profession don’t fully realize and appreciate the complexity of a security professional’s job. Since 2012, CISO MindMap has been an effective educational tool to communicate CISO responsibilities and has enabled security professionals to design and … Continue reading →
Like this:
Like Loading...
In a previous blog post, I discussed qualitative, quantitative, and scoring methods of risk assessment. Irrespective of which method we use, estimating “control strength” is an important part of calculating overall risk (especially in qualitative and quantitative methods). To improve … Continue reading →
Like this:
Like Loading...
Information security community has been performing risk assessment for as long as the profession existed. The risk assessment is typically classified as qualitative (e.g. Critical, High, Medium, Low) or quantitative (a dollar amount). Risk scoring is a relatively new phenomenon … Continue reading →
Like this:
Like Loading...
While there is a huge list of CISO responsibilities as we discussed in CISO Mindmap, keeping oneself focused on value creation and security program improvements is not easy. The following four questions will help improve efficiency of the program by … Continue reading →
Like this:
Like Loading...
Open source software is everywhere (which is not a bad thing in itself). However, many buyers don’t have inventory of open source components included in software products they are buying. Business even fail in keeping tack of open source components … Continue reading →
Like this:
Like Loading...
Recently we recorded a podcast with CISO Tradecraft focusing on CISO MindMap 2022 and recommendations for 2022-23. As a reference the latest CISO MindMap is available here and detailed recommendations page is also available here. You can listen to the … Continue reading →
Like this:
Like Loading...
Basic Stock Market Terminology for CyberSecurity Professionals and Why Should They Care! June 26, 2022 – Rafeeq Rehman The role of InfoSec professionals has morphed into a critical business function. One should expect getting involved in “business” discussion often, and … Continue reading →
Like this:
Like Loading...
June 18, 2022 – By Rafeeq Rehman The role of InfoSec professionals has morphed into a critical business function. One should expect getting involved in “business” discussion often, and at increasing higher levels of business structure up to board of … Continue reading →
Like this:
Like Loading...
I have included six specific recommendations with the recent publication of CISO MindMap. This article is to further elaborate on these recommendations, why these matter, and what actions information security leaders can take. The objective of this article is to … Continue reading →
Like this:
Like Loading...
NOTE: An updated version of CISO MindMap has been published here. Let me start with the quote from last year: Most people outside the Cybersecurity profession don’t fully realize and appreciate the complexity of a security professional’s job. Since 2012, … Continue reading →
Like this:
Like Loading...