In case you are following my previous posts (link 1, link 2), you must be aware that I have been reading and posting a lot of thoughts on different ISO frameworks. But reading about these frameworks reminds me of a quote by Socrates – The more I know, the more I realize I know nothing….
The Fallacy of ‘Zero-Trust’ model. Is that even a thing?
In 2010, John Kindervag of Forrester Research piqued a new concept, the ‘Zero Trust’ model. In the traditional information security model, there are essentially 2 zones – the trusted zone which is regarded as ‘secure’ and the untrusted zone as ‘insecure’. The zero trust model essentially says not to trust anyone on the network –…
Difference between Backup and Archive
Backup and Archive are prominently used interchangeably and are considered the same, but that’s far from the case. The terms are entirely different and are best illustrated by the following definitions: A data backup is a copy of a data set currently in use that is made for the purpose of recovering from the loss…
A Beginner’s Guide to ISO ISMS Standards
ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body interested in a subject for which a technical committee has been established has the right to be represented on that committee….
A Beginner’s Guide to Information Security Frameworks
Checklists turn out…to be among the basic tools of the quality and productivity revolution in aviation, engineering, construction – in virtually every field combining high risk and complexity. Checklists seem lowly and simplistic, but they help fill in for the gaps in our brains and between our brains. – Atul Gawande Just as Checklists solve…
Lessons learnt from combining COBIT 5 & ITIL
In Summer’18, I worked at PayPal and had the first-hand experience of working with COBIT 51 . Though it’s been ~7 years that I have been working in the GRC space and worked on numerous projects that involved COBIT 5 guidance and principles, never once I had the opportunity to initiate a project, understand what…
14 Must-know Tips and Formulas from ‘Excel 2016: Advanced Formulas and Functions’ [Part 2]
This is the second part of the advanced Excel series. The first part of the series can be accessed by clicking here. Array Formulas and Functions To convert the normal formulas to Array formulas, press ‘Ctrl+Shift+Enter. The formulas will be surrounded by Parantheses {}, which signifies that the it has been converted to an array…
33 Must-know Tips and Formulas from ‘Excel 2016: Advanced Formulas and Functions’ [Part 1]
I recently completed this training on Lynda.com, and found the following tips and formulas to be useful. I have summed up ~4 hours of learning in these 33 bullets. Formula and Function Tips and Shortcuts Displaying and highlighting formulas Use ‘Ctrl+~’ to show all the formulas in the excel Another method is to use ‘Show…
Why do we need Governance Frameworks, SOC 2 Audits, & Compliance?
Yesterday I met my previous roommate who’s a Computer Science nerd and recently completed his internship at one of the best tech companies in the Valley. We met after a long time and soon after discussing how we’ve been, he asked about my work. I told him – “I am currently working on the Governance…
Shon Harris’s Free Audio Course for CISSP
Lately, I am receiving a lot of messages (and seeing a lot of posts) asking for the ‘best’ tool to prepare for CISSP. I wish I had a secret sauce; unfortunately, I don’t have any (and if someone says, they have, they are lying). But, you can definitely replace your podcasts/songs with the Shon Harris’s…