Free/Opensource Tools -

• IT GRC Asset Management
  Some functions can be used for technical controls to policy enforcement
  OTRS http://www.otrs.com/en/
  Redmine http://www.redmine.org/
  Mantis http://www.mantisbt.org/
• IT GRC Risk Management-
  GLPI http:

Here is a comprehensive checklist to Evaluate SIEM Vendors. We highly appreciate this community contribution.
by Sunil Soni, CISO, Punjab National Bank

Vendor Selection Framework For Integration Of Threat Intelligence With SIEM

Key Selection Cr

Here's a list of World's Best and Most Popular IT Security Conferences. Details such as Tentative Time, Pass Price and Locations are mentioned so you can plan your Calendar.

Top IT Security Conferences In The World:

1. Black Hat

Claims to be the mo

Technical Skills:

Major Areas Of Focus:

• Incident Response
• Computer Forensics
• Network Security
• Secure Architecture

( Read More: CISO Platform Top IT Security Influencers (Part 1) )

Conceptual (Understand How-It-Works):

• Fundamental security conce

The next Leap(26th leap) Second will be on 30 June,2015. The last one was on 30 June,2012.

What Is It?

Earth's rotation is slowing down around it's own axis, so we need to Leap a few seconds to catch up. Occasionally seconds are added to UTC to comp

CISO Platform Launches India’s First Ever Study Of The Salary Of Cyber Security Professionals

New Delhi, Bangalore, India, June 4, 2015: CISO Platform, an online community for senior IT Security Professionals announces the official launch of its co

Gaana.com, one of the  popular music streaming service got hacked. It is reported that 10 million username, email addresses, MD5-encrypted password, date of births, and other personal information has been stolen. 

It is reported by their CEO that the

We had a long and nice week at RSA Conference 2015 in San Franciso. Some of you might have missed the event or missed some of the good talks even though you were there. so we have handpicked the best of RSA  just for you.

Important Note:

• All presen

RSA expo floor is the madness that we love. The fringes are more interesting to me than the center. If you want to spot the new go to the fringes. We tried to have a bit of fun this year by analyzing the buzzwords as seen in the expo floor.

How we di

I am on my way back from RSA Conference 2015 @ San Francisco. It is a cloudy day at New York. Perfect day to write a quick blog. Here's my interpretation of Amit Yoran's talk with a bit of my thoughts poured into it.

Taller walls won't solve the pro

Watch Video: (Webinar) RIOT( Raiding Internet Of Things)

(Read more:  Annual Survey on Cloud Adoption Status Across Industry Verticals)

Quick Glimpse

Fairly technical content with demos where Jacob Holcomb speaks on Internet Of Things, Threat Mode

2014 has been a great year at CISO Platform. We had around 1500 new senior executives joining the platform and published 120 new articles on security. Here are some of the best ones from 2014.

This is a great Man In the Browser Attack webinar(15 min), hosted by CISO Platform and briefly points out the Risks and also Recommends Some Fixes. It is presented by the CTO at Iviz. MiTB being particularly important for banking and finance Industry

Contrary to the common man belief that 'Windows is very insecure', Microsoft has been very proactive in security. Apple iOS has a great deal of security too, it is described in its building from scratch in the iOS security document. Here are the few

Watch Talk:

(Read more:  5 Best Practices to secure your Big Data Implementation)

BadUSB — On accessories that turn evil by Karsten Nohl

Karsten Nohl is a cryptographer and security researcher

This talk introduces a new form of malware that oper

Watch Video:

(Read more:  Under the hood of Top 4 BYOD Security Technologies: Pros & Cons)

Ants and Elephants in the CISO's Office by Paul Rain

I will show how ISO 9001 and ISO 27001 can be used together to deliver business value and demonstrate

From a recent webinar, I gathered the very notably important parts into organized sub-parts. This is the first part wherein the major hardware threats and my insights on them are described. Below is the exact portion of the webinar discussing the ha

A concise primer to Forensics for a beginner or a security expert- an insight into actual solution achieved through Forensics. The problem states a PGP message intercepted by an RAT and needs to be decrypted without the actual key? The process is br

(Read more:  APT Secrets that Vendors Don't Tell)

The Heartbleed bug was a catastrophic vulnerability in widely used OpenSSL TLS implementation. This talk at CISO Platform Annual Summit, will give background how the Heartbleed bug was found by Cod

Cyber Safety in Cars and Medical Devices by Beau Woods, creator of IOT Security Framework. We are adopting connecting, computerized technology faster than we are able to secure it. When this technology is integrated into life and safety systems, bits