Few years ago, I wrote Information Security Leaders Handbook but it was not listed as a download on this blog. With this post, I would like to put it here and also check the level of interest from InfoSec community … Continue reading
Note: An updated version of CISO MindMap (2018) is published here While Ransomware may be the talk of the town these days, many other profound changes are happening in the industry that impact job of information security professionals. Keeping in … Continue reading
ROSI or Return On Security Investment is simply a way to calculate if a security control is worth implementation or not. For a control to be financially viable, the reduction of risk has to be greater than the cost of … Continue reading
Effective use of data has become a key to run modern business, gain enhanced customer insight, improve loyalty, and drive sales. More and more companies are realizing that a customer-centric and data-driven approach is the only way to compete in … Continue reading
How do you align yourself with the business you are supporting? What value are you creating? These are the questions that every CISO should be thinking on regular basis. In a typical organization, the CEO has a list of business … Continue reading
Verizon is publishing Data Breach Investigations Report (DBIR) for over 10 years. The latest release is DBIR 2017 which was published on April 27th. This year’s report contains 1935 confirmed data breaches and more than 42000 security incidents. Like always, … Continue reading
How to pick the right projects for the next year or the next thing to work on? Recently, this was the major point of discussion in the planning meeting of a non-profit organization. Irrespective of for-profit or non-profit status, all … Continue reading
Few days back, an information security executive asked for help. He has been struggling with demonstrating “tangible business value” of his information security program. We started our dialog about the company business, revenue sources, key issues, competitors and how he … Continue reading
Sometime back I published an article “What it Really Takes to Stand up a SOC”. This included a MindMap showing everything you need to consider while making a decision about establishing an internal Security Operations Center. Since then, many people … Continue reading
Although traditional methods of communications like RESTful APIs can be used for IOT communications, MQTT and CoAP are the two major IoT protocols for exchanging messages in IoT networks. This is a quick overview of both of these protocols.