Compliance · 67 articles

Compliance

RBI, SEBI CSCRF, CERT-In, ISO 27001, SOC 2 — Indian regulatory mapping.

Academy

Module 5 · Third-Party and Supply-Chain Risk Management

Why this module exists. The threat model has shifted. The hardest perimeter to defend now is your vendors’ perimeter. This module is…

May 14, 2026 · 4 min read
Academy

Module 3 · Qualitative Risk Assessment — ISO 27005 / NIST 800-30 Done Well

Why this module exists. Done well, qualitative risk assessment is cheap, repeatable, and good enough for 90% of decisions. Done badly, it…

May 14, 2026 · 4 min read
Academy

Module 4 · Building a Risk Register That Drives Decisions

Why this module exists. Every Indian enterprise has a risk register. Few have one anyone uses to decide what to fund. The…

May 14, 2026 · 4 min read
Academy

Module 2 · Quantitative Risk Analysis with FAIR

Why this module exists. Boards make decisions in money. Heat maps in red, amber, green do not translate to “should we spend…

May 14, 2026 · 4 min read
Academy

Module 5 · Security Policy Architecture — Policy, Standard, Procedure, Baseline

Why this module exists. Auditors ask for “the policy.” Engineers want “the rule.” Both are right; they are asking different questions of…

May 13, 2026 · 4 min read
Academy

Module 6 · Security Maturity Models — NIST CSF, ISO 27001, SAMM, CIS in Practice

Why this module exists. Every Indian enterprise we audit has a “maturity assessment” somewhere on file. Few have one that has been…

May 13, 2026 · 5 min read
Academy

Module 4 · Risk Appetite Statement — Writing One That Drives Decisions

Why this module exists. Risk appetite is where governance meets engineering reality. Without a stated appetite, every risk decision becomes ad hoc…

May 13, 2026 · 5 min read
Academy

Module 2 · First 90 Days as a Security Leader — The Practitioner Playbook

Why this module exists. CISO and security-leader transitions in Indian enterprises follow a predictable failure mode. The new leader arrives, the board…

May 13, 2026 · 4 min read
Academy

Module 3 · Board Reporting for Security — Metrics, Narrative, Cadence

Why this module exists. The board is not your peer audience. They are not security practitioners. The report that wins your peers’…

May 13, 2026 · 5 min read
Compliance

OpenSSH 10.x Makes Post-Quantum Key Exchange Default: What Indian Sysadmins Should Do

OpenSSH 10.x now prefers hybrid post-quantum key exchange by default. Indian sysadmins must upgrade servers, tune sshd_config, and plan for TLS and…

May 12, 2026 · 3 min read
1 2 3 4 5 6 7