Many security vendors are published their threat reports and making recommendations to CISOs and other leaders for better protection of security assets. After reading many of these reports, following is a summary of major risks identified by these reports and … Continue reading
Just published first chapter draft of the my latest book: “CyberSecurity Arm Wrestling: Winning the perpetual fight against crime by building a modernSecurity Operations Center“. This chapter is available for immediate download by clicking here. The chapter covers the following … Continue reading
Budget estimates are a major part of building SOC business case. A typical budget will consist of the following three major components: Capital Cost– This consists of initial expense of building SOC and includes everything from furniture to hardware, software … Continue reading
Logs provide a wealth of information and that is one of the reasons that almost all security standards and frameworks (NIST, ISO, PCI, and others) emphasize on collection, storage, and analysis of log data as one of the key aspects … Continue reading
Continuous learning and skills development is an essential part of any Cybersecurity professional but they don’t get enough time during normal work week. So why not turn Saturdays into a collaborative learning events where people come to share knowledge, teach, … Continue reading
Like last year, ransomware continues to be a major issue for many organizations. One of the best things any organization can do to itself is to prepare for dealing with ransomware incidents. While ransomware is morphing into crypto currency mining … Continue reading
SOC Planning – Defining SOC Scope Defining scope for the SOC is crucial for its success and to determine stakeholders for the SOC. The scope will help determine cost, associates needed to run the SOC, SOC processes and many other … Continue reading
Few years ago, I wrote Information Security Leaders Handbook but it was not listed as a download on this blog. With this post, I would like to put it here and also check the level of interest from InfoSec community … Continue reading
Note: An updated version of CISO MindMap (2018) is published here While Ransomware may be the talk of the town these days, many other profound changes are happening in the industry that impact job of information security professionals. Keeping in … Continue reading
ROSI or Return On Security Investment is simply a way to calculate if a security control is worth implementation or not. For a control to be financially viable, the reduction of risk has to be greater than the cost of … Continue reading