The CISO Desk Reference Guide® is a collection of books written for current and aspiring information security leaders and practitioners. Every book in our catalog is written by practitioners with hands-on experience in their respective domains. The books are divided into four series. The Foundation Series consists of the original two-volume set, The CISO Desk Reference Guide® Volumes 1 & 2, and the Executive Primer, intended for senior leadership and board members who need a foundational understanding of the CISO’s role and the disciplines within information security. Volumes 1 and 2 of The CISO Desk Reference Guide® describe the CISO’s role in-depth and were inducted into the Cybersecurity Canon Hall of Fame in June 2020.

The Practitioner Series is intended for practitioners who need to understand critical processes at an in-depth level. There are several titles under development and details will be published as timeframes firm up.

The Governance Series will addresses topics crucial for understanding and demonstrating the reliability of the program as required by external parties. This includes reference guides for privacy professionals, vendor management, and security compliance. Our data privacy reference Data Privacy Program Guide released in July of 2022. Our Vendor Management guide is under development now.

The Small Business Series provides material essential for leaders without the resources of larger companies who still have valuable businesses to protect. Titles published so far include The Essential Guide to Cybersecurity for SMBs, Creating a Small Business Cybersecurity Program, and for very small businesses, Bring Your Own Cyber: A Small Business Owner’s Guide to Basic Network Security.

CISO Desk Reference Guide Volume 1

Volume 1 of the CISO Desk Reference Guide® provides a basis for any CISO — experienced, new to the role, or aspiring — to baseline their program and confidently assert strengths, weaknesses and next steps. In this book we pioneered the tri-perspective style to provide three distinct viewpoints on each topic.

CISO Desk Reference Guide Volume 2

Volume 2 of the CISO Desk Reference Guide® again uses the tri-perspective style to deliver a blueprint for CISOs to elevate their program and achieve excellence across all critical information security domains. It concludes with an exercise to assist the CISO in developing their own strategic information security plan.

Executive Primer

The CISO Desk Reference Guide: Executive Primer culls the executive and board relevant material from the two-volume set, and presents it in a concise form designed to educate the senior leadership team. The information is presented as a CISO’s eye view so the board or company executive can better understand the unique challenges the CISO faces and how to best support them.

Develop Your Cybersecurity Career Path

The CISO Desk Reference Guide: Develop Your Cybersecurity Career Path will show you how to enter the cybersecurity field at any level. Whether you are looking for an entry level position or want to translate years of experience to an entry at the right level, this book will help you explore the options for a career in cyber, and help you chart a path right for you.

Cyber Crisis Response introduces the SONAR Method™

Cyber Crisis Response introduces the SONAR Method™, a proven, proprietary framework for responding to and managing a range of cyber incidents, from singular events to the most complex cyber breaches and crises. Crisis response is complex, using the SONAR Method™ will help any practitioner take control of the incident before it escalates out of control.

A Comprehensive Guide to Application Security for CISOs

In today's world, cybersecurity is more important than ever. Application-based attacks are on the rise, and organizations of all sizes are at risk. Legal, regulation, customer demands, and business requirements push organizations to create trustworthy software while improving the process transparency to the stakeholders.

Case Studies

In the CISO Desk Reference Guide: Case Studies, we will present a dozen or so high-profile breaches from the perspective of what controls and best practices could be deployed that would help prevent a similar breach from happening again. The objective is to learn from our adversaries and improve our collective defenses.

Data Privacy

The Data Privacy Program Guide offers pragmatic advice to various stakeholders on how to build a privacy program that inspires trust and is aligned to organizational strategy and risk management practices of the firm while also addressing important regulations – both domestic and international – that require privacy practices that reflect and support the data subject’s or the consumer’s rights over their information.

Vendor Management

From meeting regulatory requirements for assessing third-party risk, to understanding where your data resides externally, to understanding who has access to your data and your systems, vendor management has become an essential discipline for managing enterprise risk. The CISO Desk Reference Guide: Vendor Management will be the foundation of your vendor management program.

Security Compliance

Compliance does not equal security, but security compliance should never be dismissed as bureaucratic or waved away as a mere regulatory requirement. Much of what we think of as essential security hygiene is encapsulated by security frameworks relied upon to demonstrate compliance. The CISO Desk Reference Guide: Security Compliance shows how to both be compliant and use compliance to achieve a better security posture.

The Essential Guide to Cybersecurity for SMBs

The Essential Guide to Cybersecurity for SMBs is book one in the CISO Desk Reference Guide small business series. The essays included in this book provide both security professionals and executives of small businesses a blueprint of best practices to protect themselves and their customers.

Creating a Small Business Cybersecurity Program

Creating a Small Business Cybersecurity Program is the second book in the CISO Desk Reference Guide® small business series, targeted toward businesses with 25 to 500 employees and limited or no technology or security staff. It provides non-technical, practical, step-by-step instructions for small business owners who need to create a cybersecurity program.

Bring Your Own Cyber

The third book in the CISO Desk Reference Guide® small business series is Bring Your Own Cyber. Best for very small businesses, this book teaches the basics, how to lock the doors and not be a cyber sap. No jargon, no formal program (except when legally required) and nothing to get in the way of doing business. What the owner needs to know, and how they get it done!