About Rafeeq Rehman
Consultant, Author, Researcher.
While negativity usually becomes very toxic for any team fairly quickly, defeatist attitude is probably the worst. Defeatists give up even before trying and urge others to do the same. They fear change. “A defeatist is the opposite of an … Continue reading →
View post to subscribe to site newsletter.
Like this:
Like Loading...
I am not telling you anything new when I say that an essential part of a CISO’s job is to build a Cybersecurity program, communicate it to stakeholders, and continuously tweak it based upon continuously changing threat landscape. Job of … Continue reading →
Like this:
Like Loading...
Many CISOs and Infosec leaders I meet face continuous challenge to communicate their strategy that is simple and others in their organization can understand and relate to. I have created a simple model for CISOs to explain it on a single page and have found it to be an effective tool. Continue reading →
Like this:
Like Loading...
Many organizations with mature Cybersecurity program have implemented controls to safeguard their digital assets. However, controls can give a false sense of security as many times mere existence of a control does not mean that it is (a) adequate and/or (b) effective. Protecting crown jewels requires continuous monitoring and evaluating controls. This article describes a 5-step threat modeling process to improve resiliency of your program, identify gaps and close these gaps. Continue reading →
View post to subscribe to site newsletter.
Like this:
Like Loading...
Verizon security recently published a white paper titled “CISO’s Guide to Cloud Security: What to know and what to ask before you buy” that points out five steps to help decision making on purchasing Cloud products and services. For each step, the white paper also provides recommendations to consider. This is a summary of this white paper. Continue reading →
Like this:
Like Loading...
Note: An updated version of this article is available now. Please click here to go to CISO MindMap 2020 version. Just like other areas of information technology, information security landscape continues to change at a fast pace. The updated CISO … Continue reading →
Like this:
Like Loading...
Winning the perpetual fight against crime by building a modern Security Operations Center I am happy to announce that first three chapters of my book “Cybersecurity Arm Wrestling: Winning the perpetual fight against crime by building a modern Security Operations … Continue reading →
View post to subscribe to site newsletter.
Like this:
Like Loading...
Posted in SOC
|
Tagged Book, cybersecurity, SOC
|
Collecting and processing security logs is one of the primary function of any SOC. Log sources vary widely, starting from security device logs, network components, applications, servers and many others. Continue reading →
Like this:
Like Loading...
Posted in InfoSec, SOC
|
Tagged logging, SOC, Syslog
|
Many security vendors are published their threat reports and making recommendations to CISOs and other leaders for better protection of security assets. After reading many of these reports, following is a summary of major risks identified by these reports and … Continue reading →
Like this:
Like Loading...
Just published first chapter draft of the my latest book: “CyberSecurity Arm Wrestling: Winning the perpetual fight against crime by building a modernSecurity Operations Center“. This chapter is available for immediate download by clicking here. The chapter covers the following … Continue reading →
Like this:
Like Loading...
Posted in InfoSec, SOC
|
Tagged infosec, SOC
|
