About Rafeeq Rehman
Consultant, Author, Researcher.
There are few things that every architect should do but most forget. As you know, there is no shortage of technology architecture frameworks and standards. You may have come across TOGAF for enterprise architecture and SABSA (Sherwood Applied Business Security … Continue reading →
My latest book “Cybersecurity Arm Wrestling: Winning the perpetual fight against crime by building a modern Security Operations Center (SOC)” is published and available on amazon.com worldwide. This is a relatively short book with 11 chapters, three sections and about … Continue reading →
The final draft of “Cybersecurity Arm Wrestling – Winning the perpetual fight against crime by building a modern Security Operations Center (SOC)” book is complete and is available for download and your comments. The book consists of ten chapters as … Continue reading →
Over years of my professional work and research, I found six ingredients absolutely necessary for success of any SOC, big or small. When you combine these ingredients with continuous improvement activities, you will get excellent business results. On the other … Continue reading →
Draft of Chapter 7 of my book “Cybersecurity Arm Wrestling – Winning the perpetual fight against crime by building a modern Security Operations Center” is complete and available for download. This chapter is about “Operate” part of the “Plan-Design-Build-Operate” strategy and … Continue reading →
Historically Security Operations Centers (SOC) have been a combination of people, processes, and technology designed to protect information systems, detect and respond to incidents to minimize damage. Many times SOC were built to meet fundamental needs for log collection and … Continue reading →
Once SOC analysts declare an event as a security incident, the CSIRT takes the ownership of the incident, take necessary actions and close it. The objective of CSIRT is to execute workflow for responding to the incidents once it is … Continue reading →
With digital economy taking a foothold, the CISO’s work is just getting more complex as new technologies are adopted by businesses, strict privacy laws are enacted globally, and attack surface is expanding by each day. Networks are no longer confined to data centers or corporate offices, and older ideas of managing security operations are obsolete. Continue reading →
Posted in InfoSec, SOC
|
Tagged API, automation, cloud, containers, DFIR, forensic, IoT, Open Source, serverless, SOC, SOC conference
|
No matter the size of your InfoSec budget, it is prudent to take a more critical look at security programs and find ways of ways for program management. So where should a CISO be paying attention to find waste and … Continue reading →
SOC staff is dealing with threats and investigations on regular basis every day. In many cases these threats are repetitive. Dealing with continuous onslaught of Cyber threats makes SOC staff stressed. Stress and burnout are real problem. What is stress? … Continue reading →
Posted in InfoSec
|
Tagged ciso, SOC
|
