Frameworks – MOBS Bangladesh

Cybersecurity Assessment Frameworks

August 17, 2025August 18, 2025 Shuvro

Reading Time: 7 minutesCybersecurity assessment frameworks are structured methodologies guiding organizations to establish and maintain robust cybersecurity postures. They provide a roadmap for identifying, assessing, and managing risks to digital assets, enhancing resilience, streamlining operations, and building trust. Cybersecurity is a core business enabler, requiring agile, adaptive security, strong governance, and leveraging a complementary ecosystem of frameworks to tailor security to unique needs.

Implementation Plan – SOC-CMM

August 17, 2025August 17, 2025 Shuvro

Reading Time: 4 minutesThis document provides a concise overview of the “Implementation Plan – SOC-CMM” research blueprint, synthesizing key insights for establishing, maturing, and optimizing Security Operations Center (SOC) capabilities. It highlights the core framework, implementation lifecycle, and critical areas for optimization across people, processes, technology, performance, and compliance.

Playbook Summary: The CRO Playbook in the Enterprise

August 14, 2025August 14, 2025 Shuvro

Reading Time: 4 minutesThis document provides a condensed overview of the key frameworks, processes, and strategies detailed in the full “Playbook – The CRO Playbook in the Enterprise.”

Playbook – The CTO Playbook in the Enterprise

August 10, 2025August 10, 2025 Shuvro

Reading Time: 4 minutesStatus: Final Blueprint Author: Shahab Al Yamin Chawdhury Organization: Principal Architect & Consultant Group Research Date: January 21, 2025 Location: Dhaka, Bangladesh Version: 1.0 Part I: The Strategic Mandate of the Modern CTO The role of the Chief Technology Officer Read More …

Enterprise Product – SIEM Product Comparison

August 10, 2025 Shuvro

Reading Time: 3 minutesThe selection of a Security Information and Event Management (SIEM) platform is a foundational decision for any modern Security Operations Center (SOC). The modern SIEM has evolved from a simple log repository into an intelligent, AI-driven platform essential for digital resilience.

Enterprise Information Management (EIM)

August 9, 2025August 9, 2025 Shuvro

Reading Time: 4 minutesEnterprise Information Management (EIM) is an integrative discipline for structuring, describing, and governing information assets across organizational and technological boundaries to improve efficiency, promote transparency, and enable business insight.

Playbook – The CISO Playbook in the Enterprise

August 9, 2025August 9, 2025 Shuvro

Reading Time: 3 minutesThe modern Chief Information Security Officer (CISO) has evolved from a technical manager into a strategic business leader. In an era of enterprise-wide digital transformation, the CISO’s primary mandate is to architect digital trust, enabling secure business growth while managing cyber risk.

Playbook – The Data Playbook in the Enterprise

August 7, 2025 Shuvro

Reading Time: 4 minutesStatus: Final Blueprint Author: Shahab Al Yamin Chawdhury Organization: Principal Architect & Consultant Group Research Date: September 4, 2023 Location: Dhaka, Bangladesh Version: 1.0 Executive Summary: The Data Imperative In the modern economy, data is the central force behind competitive Read More …

Playbook – The Applications Playbook in the Enterprise

August 7, 2025 Shuvro

Reading Time: 5 minutesThis playbook provides a comprehensive, structured framework for managing enterprise applications as strategic business enablers.

Role of the Enterprise Architect

August 6, 2025 Shuvro

Reading Time: 3 minutesStatus: Final Blueprint Author: Shahab Al Yamin Chawdhury Organization: Principal Architect & Consultant Group Research Date: January 9, 2022 Location: Dhaka, Bangladesh Version: 1.0 Executive Summary The Enterprise Architect (EA) is a pivotal strategic role that integrates business strategy with Read More …

ISO 27005 – Implementation Roadmap

August 3, 2025August 3, 2025 Shuvro

Reading Time: 3 minutesStatus: Final Blueprint Summary Author: Shahab Al Yamin Chawdhury Organization: Principal Architect & Consultant Group Research Date: August 21, 2024 Location: Dhaka, Bangladesh Version: 1.0 1.0 Executive Summary & Strategic Imperative This document provides a summarized blueprint for implementing the Read More …

Emerging Trends in IT Risks and the Evolution of Control Strategies

August 3, 2025August 3, 2025 Shuvro

Reading Time: 3 minutesThe 2025 IT risk landscape is defined by the industrialization of cyber threats and the obsolescence of traditional, reactive security postures. Adversaries now leverage AI-driven attack platforms, operate sophisticated Ransomware-as-a-Service (RaaS) ecosystems, and systematically exploit global supply chains.

Application Modernization – Understanding Business Requirements, Rules & Their Roles

August 2, 2025 Shuvro

Reading Time: 4 minutesStatus: Final Blueprint Author: Shahab Al Yamin Chawdhury Organization: Principal Architect & Consultant Group Research Date: July 26, 2024 Version: 1.0 1. The Strategic Imperative for Modernization Application modernization is a critical business initiative to update legacy software, aligning it Read More …

Auditor Became CISSP – Never Performed in Projects & in IS Development, Would You Hire Him for Your Infrastructure Platform Management? Can or Should that Knowledge Gap be Admissible?

August 1, 2025August 1, 2025 Shuvro

Reading Time: 6 minutesStatus: Final Blueprint (Summary) Author: Shahab Al Yamin Chawdhury Organization: Principal Architect & Consultant Group Research Date: June 1, 2024 Location: Dhaka, Bangladesh Version: 1.0 1. The Core Dilemma: Assessor vs. Builder Mindset We are observing worldwide adoption on CISSP Read More …

Future Design of Your IT Organization

July 30, 2025July 30, 2025 Shuvro

Reading Time: 4 minutesThe modern business landscape demands that the IT organization transform from a back-office support function into a strategic engine for growth and innovation.

ISO 37301 – Implementation Roadmap

July 30, 2025July 30, 2025 Shuvro

Reading Time: 4 minutesISO 37301:2021 is the international standard for establishing, implementing, and improving a Compliance Management System (CMS).

AI for OSINT in Your Advanced SOC

July 27, 2025July 27, 2025 Shuvro

Reading Time: 4 minutesThis blueprint presents a strategic framework for redressing this imbalance by fusing Artificial Intelligence (AI) with Open-Source Intelligence (OSINT) within a modernized Security Operations Center (SOC)

Auditing Cross-Account Roles in Azure, AWS & GCP

July 27, 2025 Shuvro

Reading Time: 4 minutesStatus: Final Blueprint Author: Shahab Al Yamin Chawdhury Organization: Principal Architect & Consultant Group Research Date: 2024-07-27 Location: Dhaka, Bangladesh Version: 1.0 Executive Summary In the contemporary multi-cloud enterprise, the ability to grant access across distinct cloud accounts, tenants, and Read More …

CMMI Cybermaturity Platform in the Enterprise

July 26, 2025July 27, 2025 Shuvro

Reading Time: 3 minutesStatus: Summary Blueprint Author: Shahab Al Yamin Chawdhury Organization: Principal Architect & Consultant Group Research Date: May 23, 2025 Version: 1.0 1. Executive Summary This document summarizes the architectural blueprint for the CMMI Cybermaturity Platform, an enterprise solution designed to Read More …

Snowflake Data Lake – A Comprehensive Guide

July 25, 2025July 25, 2025 Shuvro

Reading Time: 5 minutesThis guide explores Snowflake’s role as a unified data platform, bridging traditional data warehouses and flexible data lakes

DCAM – Data Management Capability Assessment Model

July 24, 2025 Shuvro

Reading Time: 3 minutesStatus: Final Blueprint Author: Shahab Al Yamin Chawdhury Organization: Principal Architect & Consultancy Group Version: 1.0 Date: July 26, 2024 1. The Strategic Imperative In the modern digital economy, data is a primary strategic asset. The ability to manage, govern, Read More …

SOC Capability Model

July 24, 2025 Shuvro

Reading Time: 3 minutesStatus: Final Blueprint Summary Author: Shahab Al Yamin Chawdhury Organization: Principal Architect & Consultant Group Research Date: April 4, 2024 The SOC as a Strategic Business Enabler The modern Security Operations Center (SOC) has evolved from a technical cost center Read More …

Hunting Threats in Developer Environments

July 23, 2025July 23, 2025 Shuvro

Reading Time: 4 minutesStatus: Final Blueprint Author: Shahab Al Yamin Chawdhury Organization: Principal Architect & Consultant Group Research Date: September 10, 2023 Version: 1.0 Executive Summary The modern software development environment has evolved into a distributed, cloud-native, and AI-augmented ecosystem, fundamentally changing the Read More …

Too Many Cybersecurity Frameworks – When to Use Which

July 23, 2025July 23, 2025 Shuvro

Reading Time: 4 minutesStatus: Final Blueprint Author: Shahab Al Yamin Chawdhury Organization: Principal Architect & Consultant Group Research Date: May 4, 2024 Location: Dhaka, Bangladesh Version: 1.0 1. Executive Summary Modern enterprises face a paradox: a landscape of abundant cybersecurity frameworks has led Read More …

CTEM – Continuous Threat Exposure Management in the Enterprise

July 23, 2025July 23, 2025 Shuvro

Reading Time: 4 minutesStatus: Final Blueprint Author: Shahab Al Yamin Chawdhury Organization: Principal Architect & Consultant Group Research Date: July 23, 2025 Location: Dhaka, Bangladesh Version: 1.0 Executive Summary Continuous Threat Exposure Management (CTEM) marks a strategic evolution from reactive, incident-driven security to Read More …

Insider Threats in Hybrid Work Environments

July 21, 2025July 21, 2025 Shuvro

Reading Time: 4 minutesStatus: Final Blueprint Author: Shahab Al Yamin Chawdhury Organization: Principal Architect & Consultant Group Research Date: July 21, 2024 Location: Dhaka, Bangladesh Version: 1.0 1.0 Executive Summary 2.0 The Evolving Threat Landscape 3.0 Amplified Risk Factors in Hybrid Environments 4.0 Read More …

Multicloud Security – Make it More Effective

June 27, 2025June 27, 2025 Shuvro

Reading Time: 4 minutesTable of Contents 1. Executive Summary Enterprises embracing two or more public clouds face unique security challenges: inconsistent controls, blind spots, and operational complexity. This report outlines a holistic architecture—spanning network fabric, resilient application platforms, identity-centric access, client-specific handling, and Read More …

Supercharge Your Security: A Modern Approach with Zero Trust

June 26, 2025 Shuvro

Reading Time: 2 minutesImage source: Security Adoption Resources | Microsoft Learn Traditional security models that rely on a fortified perimeter are no longer enough. With the rise of remote work, cloud applications, and increasingly sophisticated cyber threats, organizations need a more dynamic and Read More …

DDoS Protection for Your Organization

June 1, 2025June 1, 2025 Shuvro

Reading Time: 3 minutesProtecting an organization from DDoS attacks requires a multi-layered approach, including prevention, mitigation, and continuous monitoring. Here’s a breakdown of key strategies: Image Source: How Cloudflare auto-mitigated world record 3.8 Tbps DDoS attack Strategy 1. Preventing DDoS Attacks 2. Securing Read More …

Cloud Computing Reference Architecture

May 28, 2025May 28, 2025 Shuvro

Reading Time: 9 minutesImage Source: https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication500-292.pdf Cloud computing has become an integral part of modern IT infrastructure, enabling enterprises to achieve scalability, efficiency, and agility. This paper discusses the Cloud Computing Reference Architecture (CCRA), including its key adoption requirements, standard bodies of knowledge Read More …

The Need for a New Integrated GRC Architecture

May 28, 2025May 28, 2025 Shuvro

Reading Time: 3 minutesImage source: OCEG Organizations face unprecedented challenges in governance, risk management, and compliance (GRC). The increasing complexity of risks, regulations, and operational demands necessitates a modern, integrated approach to GRC. To connect the dots between risks, compliance, and other GRC elements that Read More …

CISO Due Diligence

May 25, 2025 Shuvro

Reading Time: 2 minutesCISO due diligence refers to the process a CISO (Chief Information Security Officer) and their team conduct to assess the cybersecurity posture and practices of an organization or third party, particularly during mergers and acquisitions, or before entering into a Read More …

AZURE | AWS | ORACLE: A Data Lake Architecture along with a Textual Representation of its Structure.

May 24, 2025May 24, 2025 Shuvro

How Wireless Pre-Shared Key Works

May 24, 2025 Shuvro

Reading Time: 7 minutesWireless Pre-Shared Key (PSK) A Pre-Shared Key (PSK) is a security mechanism used in Wi-Fi Protected Access (WPA) networks. It works by requiring both the wireless access point (AP) and the client device to have the same secret key before Read More …

Automatic Car Toll System

May 22, 2025May 22, 2025 Shuvro

Reading Time: 2 minutesEmphasizing on the technology requirements, implementation challenges, and platform security management: Image Source: Transportation | ITS Intelligent Transportation Solutions Overview The Automatic Car Toll System (ACTS) is an innovative solution aimed at streamlining toll collection processes for highways and bridges. Read More …

Develop Your Own Authentication Server

May 20, 2025 Shuvro

Reading Time: 4 minutesImage Source: TokenBasedAuthentication2.png (3121×1648) Developing an authentication server is a crucial part of building secure applications. Here’s a structured approach to creating one: 1. Define Your Authentication Method: Decide whether you’ll use: 2. Choose a Tech Stack: Pick a language Read More …

OAuth v2.0 Architecture Diagram, Integration Possibilities and Deployment Challenges

May 20, 2025May 20, 2025 Shuvro

Reading Time: 5 minutesImage Source: What is OAuth? (An Introduction to OAuth and OpenID) – The Genius Blog OAuth 2.0 is a widely used authorization framework that enables secure access to resources without exposing user credentials. Here’s a breakdown of its architecture, possibilities Read More …

LDAP Server

May 19, 2025May 19, 2025 Shuvro

Reading Time: 2 minutesImage Source: https://www.okta.com/identity-101/what-is-ldap/ The Lightweight Directory Access Protocol (LDAP) is an open, vendor-neutral, industry-standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. LDAP is based on a simpler subset of the standards Read More …

Privileged Access Management (PAM)

May 17, 2025May 17, 2025 Shuvro

Reading Time: 2 minutesPAM organizes the key aspects of securing high-privilege accounts and activities. It typically includes core functionalities like discovery, control, password management, session monitoring, and compliance, along with components like account discovery, access management, and password vault. The mindmap helps understand Read More …

Data & Analytics Capability Model

May 6, 2025May 6, 2025 Shuvro

Reading Time: 3 minutesA Data & Analytics Capability Model is a framework that organizations use to assess and improve their ability to leverage data and analytics for better decision-making and business outcomes. It outlines the various skills, processes, and technologies needed to effectively manage, analyze, Read More …

Microsoft Defender XDR Mindmap

May 4, 2025May 4, 2025 Shuvro

Reading Time: 2 minutesA mind map for Extended Detection and Response (XDR) can help visualize the components and concepts involved in XDR security solutions. This can be useful for understanding the scope, capabilities, and integration points of XDR, as well as for planning and implementing Read More …

Prioritize Your Risk in Data Security

April 28, 2025 Shuvro

Reading Time: 3 minutesOrganizations face significant challenges in securing sensitive information while navigating an evolving threat landscape. Effective data security practices require a strategic approach to identify, assess, and mitigate risks. This concept paper explores key aspects of data security risks, solutions, and Read More …

Identity Governance and Administration (IGA)

April 16, 2025April 16, 2025 Shuvro

Reading Time: 2 minutesIdentity Governance and Administration (IGA) is a framework that manages and controls user identities and access rights within an organization. It combines identity lifecycle management and access governance to ensure that users have the right access to resources at the Read More …

Case Study: Implementing Enterprise Architecture in an ISP Business in Bangladesh

April 8, 2025April 8, 2025 Shuvro

Reading Time: 3 minutesBackground: with an increasing demand for reliable internet services in Bangladesh, a twenty years ofd ISP aimed to differentiate itself by providing high-quality, affordable services while ensuring efficient operations and scalability. To achieve these goals, Enterprise Architecture (EA) was implemented Read More …

How Generative AI Can Improve Solution Delivery

April 8, 2025April 8, 2025 Shuvro

Reading Time: 2 minutesGenerative AI (Gen AI) can help teams create better solutions faster, even when facing tough challenges like limited resources and complex projects, limited team size etc. Teams often deal with:• Struggles to attract and keep skilled employees.• Difficulty getting the Read More …

Azure Well-Architected Framework (WAF)

December 29, 2024December 29, 2024 Shuvro

Reading Time: 5 minutesThe Azure Well-Architected Framework (WAF) encompasses five essential tenets that guide solution architects in building robust and efficient workloads on Microsoft Azure: These tenets collectively provide a strong foundation for designing and operating workloads on Azure, ensuring they deliver business value over time. Read More …

PPTD (People, Process, Technology, Data) in a SOC

March 27, 2024April 1, 2024 Shuvro

Reading Time: 2 minutesLet’s break down the importance of people, process, technology, and data in a Cybersecurity Operations Center (SOC): People: The SOC is staffed by a team of skilled security professionals, including security analysts, incident responders, threat intelligence analysts, and security engineers. Read More …

CIS Benchmarks + CDM + MITRE ATT&CK: Strengthening Cybersecurity Defense

March 11, 2024March 11, 2024 Shuvro

Reading Time: 3 minutesIn today’s rapidly evolving digital landscape, organizations face an ever-increasing threat of cyberattacks. To fortify their defenses, they must adopt a comprehensive approach that combines industry standards, advanced detection mechanisms, and proactive strategies. In this blog post, we explore the Read More …