Professional Documents
Culture Documents
Operations
Resilience
Others ...
Twitter: @rafeeq_rehman 2-Factor (multi-factor) Authentication - MFA
Deep fakes
Responsibilities Face recognition
Digital Certificates
COBIT
ISO
Traditional Network Segmentation
Risk Mgmt/Control Frameworks ITIL
Micro segmentation strategy
NIST - relevant NIST standards and guidelines
Application protection
FAIR
Defense-in-depth
Visibility across multiple frameworks
Remote Access
Resource Management
Encryption Technologies
Roles and Responsibilities
Backup/Replication/Multiple Sites Governance
Data Ownership, sharing, and data privacy
Cloud/Hybrid/Multiple Cloud Vendors Security Architecture
Conflict Management
Software Defined Networking
Operational Metrics
Network Function Virtualization
Metrics and Reporting Executive Metrics and Reporting
Zero trust models and roadmap
Validating effectiveness of metrics
SASE/SSE strategy, vendors
IT, OT, IoT/IIoT Convergence
Overlay networks, secure enclaves
Explore options for cooperative SOC, collaborative infosec
Multi-Cloud architecture
Tools and vendors consolidation
SOX
Aligning with Corporate
HIPAA and HITECH
Objectives
Regular Audits
Compliance and Audits Continuous Mgmt Updates, metrics
SSAE 18
Innovation and Value Creation
NIST/FISMA
Expectations Management
Executive order on improving the Nation's Cybersecurity
Selling InfoSec (Internal Branding)
Build project business cases
Other compliance needs
Show progress/ risk reduction
ROSI
Vendor Contracts
Enable Secure Application access
Investigations/Forensics
Secure expanded attack surface
Attorney-Client Privileges Legal and Human Resources Work from Home
Security of sensitive data accessed from home
Data Retention and Destruction
Data Classification
Partner Access
Risk Management
Encryption/Masking
Industrial Controls
1. Increase attention on resilience
Systems
PLCs
2. Reduce and consolidate security tools and vendors
3. Build a brand for security team
Operational Technologies
SCADA
HMIs