I remember watching a Ted talk long back. I don’t remember much of it, but do remember a sentence from the talk – “The days you remember are the days you live”. Following are the few days that I’ll remember and cherish from 2023. 👉 Got promoted to Security & Compliance Director, Mar ’23 👉…
Category: General
All the general articles will go here.
Book Notes – Built to Last, Jim Collins
After Good to Great, I had high expectations from this book, but it fell short. The research is good, but for some reason seemed outdated e.g. comparing the greatest companies of our generation and did not have a reference to Google / Apple / Microsoft which seemed odd – no fault of the book though…
HIPAA Simplified {Part 3 – HITECH Act, HIPAA Regulatory, Omnibus, Privacy, & Security Rule}
The HITECH Act HITECH is an acronym for Health Information Technology for Economic & Clinical Health. How is HITECH Act related to HIPAA? The HITECH Act is a part of an economic stimulus package introduced in 2009 during the Obama administration, the American Recovery and Reinvestment (ARRA) Act of 2009. The purpose of the HITECH…
All AWS Concepts and Services for AWS Cloud Practitioner Exam (Simplified)
Cloud Computing – storing your data at someone else’s computer / using someone else’s CPU to perform processing / both Infrastructure as a Service (IaaS) – Hardware, bare-metal Platform as a Service (PaaS) – Infrastructure + Operating System Software as a Service (SaaS) – Infrastructure + Operating System + Software Scalability – Easily grow based on demand Elasticity – Easily shrink…
How I passed CGEIT in the first attempt and you can too!
ISACA’s CGEIT certification is aimed at IT professionals responsible for directing, managing, and supporting the governance of IT. I passed the ISACA’s CGEIT exam on Apr 26, 2020. Here’s a brief of my preparation strategy and the resources I used. Strategy: Like previous ISACA and (ISC)2 certifications, I started with the CGEIT Review Manual from ISACA…
Vulnerability Management, Vulnerability Management v/s Penetration Testing, Vulnerability Management Lifecycle
Vulnerability Management (VM) is one of the most important exercises for keeping a system secure. In his post, I would sum up the different phases of Vulnerability Management. But before that, I would like to clarify the distinction between Vulnerability Management and Penetration Testing (PT). Difference between VM and PT VM is the practice of…
Difference between Accreditation and Certification
Many people use ‘Accreditation’ and ‘Certification’ interchangeably, but they are not the same. Certification is a technical review that assesses the security mechanisms and evaluates their effectiveness. Accreditation is management’s official acceptance of the information in the certification process findings. For example, if a company is planning to undergo an ISO 27001 certification. The company…
What, when, how – Scalability v/s Elasticity v/s Availability
Even if you’re remotely associated with the Cloud, I am sure you must have heard about the Availability and Scalability of the instances. Even though this is one of the fundamentals of the Cloud, I have seen many people using both the services interchangeable. Please be mindful – they are NOT the same. Here is…
3 Lines of Defense for Cyber Security professionals
In the wake of the financial crisis, the IIA came up with a model for better Risk Management and called it the ‘3 Lines of Defense’ model. This model allows regulators to better assess the risks in the financial industry. Though the model was mainly written for financial services, it is widely accepted in the…
GDPR, GDPR compliance and 11 steps for a successful project plan
General Data Protection Regulation (GDPR) has come into effect on May 25, 2018. It will apply to all companies with operations in the EU region and to companies based anywhere in the world but stores and processes EU citizen data (even if the processing is done outside the EU). The failure to comply with the…