Author Archives: Rafeeq Rehman

About Rafeeq Rehman

Consultant, Author, Researcher.

A Conference Dedicated to Security Operations Center (SOC)

As shown in CISO MindMap 2023, job of security professionals is complex and Security Operations Center (SOC) is a significant part of this job. SOC analysts are stressed out by overwhelming number of incidents and dealing with these incidents in a timely … Continue reading

Posted in SOC | Tagged , , , | Comments Off on A Conference Dedicated to Security Operations Center (SOC)

CISO MindMap 2023: What do InfoSec Professionals Really do?

Most people outside the Cybersecurity profession don’t fully realize and appreciate the complexity of a security professional’s job. Since 2012, CISO MindMap has been an effective educational tool to communicate CISO responsibilities and has enabled security professionals to design and … Continue reading

Posted in cisomindmap, Leadership | Tagged , , , , , , | Comments Off on CISO MindMap 2023: What do InfoSec Professionals Really do?

Risk Assessment – On Estimating Control Strength

In a previous blog post, I discussed qualitative, quantitative, and scoring methods of risk assessment. Irrespective of which method we use, estimating “control strength” is an important part of calculating overall risk (especially in qualitative and quantitative methods). To improve … Continue reading

Posted in Risk Management | Tagged | Comments Off on Risk Assessment – On Estimating Control Strength

Risk Assessment – Qualitative, Quantitative and Scoring

Information security community has been performing risk assessment for as long as the profession existed. The risk assessment is  typically classified as qualitative (e.g. Critical, High, Medium, Low) or quantitative (a dollar amount). Risk scoring is a relatively new phenomenon … Continue reading

View post to subscribe to site newsletter.

Posted in InfoSec | Tagged , , | Comments Off on Risk Assessment – Qualitative, Quantitative and Scoring

Four Questions CISOs Should Ask Themselves Everyday

While there is a huge list of CISO responsibilities as we discussed in CISO Mindmap, keeping oneself focused on value creation and security program improvements is not easy. The following four questions will help improve efficiency of the program by … Continue reading

Posted in Entrepreneurship, Leadership | Tagged , | Comments Off on Four Questions CISOs Should Ask Themselves Everyday

Software Bill of Material and Vulnerability Management Blind Spots

Open source software is everywhere (which is not a bad thing in itself). However, many buyers don’t have inventory of open source components included in software products they are buying. Business even fail in keeping tack of open source components … Continue reading

Posted in InfoSec, Open Source | Tagged , | Comments Off on Software Bill of Material and Vulnerability Management Blind Spots

Podcast: CISO MindMap and Recommendations for 2022-23

Recently we recorded a podcast with CISO Tradecraft focusing on CISO MindMap 2022 and recommendations for 2022-23. As a reference the latest CISO MindMap is available here and detailed recommendations page is also available here. You can listen to the … Continue reading

Posted in InfoSec, Leadership, SOC | Tagged , , , , | Comments Off on Podcast: CISO MindMap and Recommendations for 2022-23

EBK-Cybersecurity: Understanding Stock Market Terminology

Basic Stock Market Terminology for CyberSecurity Professionals and Why Should They Care! June 26, 2022 – Rafeeq Rehman The role of InfoSec professionals has morphed into a critical business function. One should expect getting involved in “business” discussion often, and … Continue reading

Posted in EBK-Security | Tagged , , | Comments Off on EBK-Cybersecurity: Understanding Stock Market Terminology