Friday, August 14, 2020

A failed Risk Management

I have created a small self-explanatory diagram that explains how front-line defences are often useless while your internal security architecture is not up to the mark.

Monday, May 11, 2020

SOC Monitoring Mindmap

This COVID-19 pandemic significantly influenced the worldwide economy. The rapid interruption to organization businesses around the globe has left organizations attempting to keep up security and business resilience.

Often in this fast shift, SOC divisions cannot monitor and track events coming from multiple sources, tools, and departments because they have no visibility into the threat environment or too much visibility in their infrastructure, which often leads them to false-positive incidents.

Sunday, November 24, 2019

Guidelines for Corporate Email Audit

Many security firms often provide audit assurance to their clients. As a part of their many activities, auditing corporate email system is one of their principal activity. In this article, I have 40 guidelines which an auditor or manager can use to audit their clients' corporate email system. It includes some technical and more procedural guidelines.

Auditing remote access process and procedures

In this article, I am going to share a small checklist that will help auditors and testers to provide assurance on remote access processes and procedures for any company. This is not a technical article but controls defined in this list can be well-reviewed by managers and to be discussed with clients. For each part, if they want to go in-depth, they can.

Thursday, September 26, 2019

Integrate Threat Intelligence program into your daily security operations - Phase 3 - Effectiveness of the Analysis Process

This is the fourth article of 5 articles series on integrating threat intelligence into daily security operations. If you have not gone through the first three articles, then I highly recommend you reading that as all articles are connected to one another in a proper sequence. In this article, I am going to talk about the effectiveness of the analysis process. Here is article 1, article 2 and article 3.

Tuesday, September 17, 2019

Integrate Threat Intelligence program into your daily security operations - Phase 2 - Collecting Intelligence

This is the third article of 5 articles series on threat integrating threat intelligence into daily security operations. If you have not gone through the first two articles, then I highly recommend you reading that as all articles are connected to one another in a proper sequence. In this article, we are going to talk about phase 2 in which we will discuss what would be the intelligence collection strategy, methods and procedures. Here is article 1 and article 2.

Saturday, May 18, 2019

Integrate Threat Intelligence program into your daily security operations - Phase 1 - Planning and Preparation

From the last article located at here, we have now a majority of information to start the preparation and planning. In this article, I am going to explain how we can initiate the project and start preparing plans and procedures. This can be done in two phases.

Initial meetings with internal team to discuss the current threat landscape of an organisation.

Review observations that can help to prepare a perfect plan.

Wednesday, May 15, 2019

Integrate the Threat Intelligence program into your daily security operations - Phase 0 - Introduction


There is a huge amount of the increasing use of sophisticated malware, and often organisations fail to understand the real intent of such activities by a large group of hackers, nation-sponsored attacks, organized cybercrimes, cyber terrorists. These attacks result in revenue disruption, damaging public and private reputation and demolishing business processes and workflow.

Intelligence is staying ahead of the next threat targeting to your organisation by implementing protective measures to protect your brand reputation, data, people, process and technology infrastructure. I am assuming whoever reading this article has a little bit of background knowledge on threat intelligence terminology.

Just having a Threat intelligence product itself is not sufficient, data should be collected, classified and correlated with hacking tools, tactics and techniques.