Tag Archives: strategy

Security Hygiene

While responsibilities of leaders in information security are very extensive as shown in the CISO MindMap, following are seven foundational and “must-have” capabilities that every information security program should have. If any of these capabilities is missing, the first priority … Continue reading

Posted in InfoSec | Tagged , , , , | Comments Off on Security Hygiene

Risk Assessment – Qualitative, Quantitative and Scoring

Information security community has been performing risk assessment for as long as the profession existed. The risk assessment is  typically classified as qualitative (e.g. Critical, High, Medium, Low) or quantitative (a dollar amount). Risk scoring is a relatively new phenomenon … Continue reading

View post to subscribe to site newsletter.

Posted in InfoSec | Tagged , , | Comments Off on Risk Assessment – Qualitative, Quantitative and Scoring

CISO MindMap 2022 – Recommendations

I have included six specific recommendations with the recent publication of CISO MindMap. This article is to further elaborate on these recommendations, why these matter, and what actions information security leaders can take. The objective of this article is to … Continue reading

View post to subscribe to site newsletter.

Posted in cisomindmap, InfoSec | Tagged , , , | Comments Off on CISO MindMap 2022 – Recommendations

A 3-3-4-5 Model for CISO Strategy

Many CISOs and Infosec leaders I meet face continuous challenge to communicate their strategy that is simple and others in their organization can understand and relate to. I have created a simple model for CISOs to explain it on a single page and have found it to be an effective tool. Continue reading

Posted in InfoSec, Leadership | Tagged , , | Comments Off on A 3-3-4-5 Model for CISO Strategy

Scalable Log Collection as Foundation of SOC

Logs provide a wealth of information and that is one of the reasons that almost all security standards and frameworks (NIST, ISO, PCI, and others) emphasize on collection, storage, and analysis of log data as one of the key aspects … Continue reading

Posted in InfoSec, SOC | Tagged , , , | Comments Off on Scalable Log Collection as Foundation of SOC

Is it Time for Data Driven Business Innovation Strategy?

Data-driven business innovation is not something of distant future anymore. It is a reality of today. Many businesses are already reaping benefits of monetizing internal data that they already possess. Some are taking data-driven business innovation to the next levels … Continue reading

Posted in Digital Transformation | Tagged , , , | Comments Off on Is it Time for Data Driven Business Innovation Strategy?

Three Fundamental Questions for Strategic Decision Making

How to pick the right projects for the next year or the next thing to work on? Recently, this was the major point of discussion in the planning meeting of a non-profit organization. Irrespective of for-profit or non-profit status, all … Continue reading

Posted in Digital Transformation, Entrepreneurship, Leadership | Tagged , , | Comments Off on Three Fundamental Questions for Strategic Decision Making

Customer Experience: The Missing Pillar of Information Security Programs

Few days back, an information security executive asked for help. He has been struggling with demonstrating “tangible business value” of his information security program. We started our dialog about the company business, revenue sources, key issues, competitors and how he … Continue reading

Posted in Digital Transformation, InfoSec, Leadership | Tagged , , , , , | Comments Off on Customer Experience: The Missing Pillar of Information Security Programs

A Three-Step Approach to Build IoT Business for Manufacturers

Manufacturers have been building products (or things) for a very long time. A major shift is in the competitive landscape is about making these products or things “smart”. Now, people not only need a light bulb, but they want a … Continue reading

Posted in IoT | Tagged , | Comments Off on A Three-Step Approach to Build IoT Business for Manufacturers