The CISO Desk Reference Guide® is a collection of books written for current and aspiring information security leaders and practitioners. Every book in our catalog is written by practitioners with hands-on experience in their respective domains. The books are divided into four series. The Foundation Series consists of the original two-volume set, The CISO Desk Reference Guide® Volumes 1 & 2, and the Executive Primer, intended for senior leadership and board members who need a foundational understanding of the CISO’s role and the disciplines within information security. Volumes 1 and 2 of The CISO Desk Reference Guide® describe the CISO’s role in-depth and were inducted into the Cybersecurity Canon Hall of Fame in June 2020.
The Practitioner Series is intended for practitioners who need to understand critical processes at an in-depth level. For executives and managers who are required to lead the response to cyber crises, we offer Cyber Crisis Response: Leveraging the SONAR Method™ to Accelerate Response and Recovery. Also in this series is Develop Your Cybersecurity Career Path, which goes in-depth about breaking into cyber at any level. Other titles are currently in development.
The Governance Series addresses topics crucial for understanding and demonstrating the reliability of your programs as required by external parties. This includes reference guides for privacy professionals, vendor management, and security compliance. Our data privacy reference Data Privacy Program Guide: How Build a Privacy Program that Inspires Trust was released in July of 2022. Our third-party risk management guide, Mastering Third-Party Risk: A Practical Handbook for Managing Vendor, Third-Party, and Supply Chain Threats in Every Organization provides a thorough treatment of third-party risk, whether you’re dealing primarily with regional vendors or a complex global supply chain.
The Small Business Series provides material essential for leaders without the resources of larger companies who still have valuable businesses to protect. Titles include: The Essential Guide to Cybersecurity for SMBs, Creating a Small Business Cybersecurity Program, and for very small businesses, Protect Your Business: A Small Business Guide to Basic Network Security and Protect Your Practice: Basic Cybersecurity for Healthcare, Legal and Financial Professionals offers and covers the unique security issues affecting small businesses and one and two-person professional offices.
Foundation Series
CISO Desk Reference Guide Volume 1
Volume 1 of the CISO Desk Reference Guide® provides a basis for any CISO — experienced, new to the role, or aspiring — to baseline their program and confidently assert strengths, weaknesses and next steps. In this book we pioneered the tri-perspective style to provide three distinct viewpoints on each topic.
CISO Desk Reference Guide Volume 2
Volume 2 of the CISO Desk Reference Guide® again uses the tri-perspective style to deliver a blueprint for CISOs to elevate their program and achieve excellence across all critical information security domains. It concludes with an exercise to assist the CISO in developing their own strategic information security plan.
Executive Primer
The CISO Desk Reference Guide: Executive Primer culls the executive and board relevant material from the two-volume set, and presents it in a concise form designed to educate the senior leadership team. The information is presented as a CISO’s eye view so the board or company executive can better understand the unique challenges the CISO faces and how to best support them.
Practitioner Series
A Comprehensive Guide to Application Security: Volume One – Foundations of Application Security
A Comprehensive Guide to Application Security: Volume Two - Building and Maintaining Secure Applications
A Comprehensive Guide to Application Security: Volume Two – Building and Maintaining Secure Applications builds upon the foundation laid in Volume One. The first volume taught you how to understand and apply secure development principles, and this one teaches you how to lead them—across teams, departments, and the entire organization.
Cyber Crisis Response introduces the SONAR Method™
Cyber Crisis Response introduces the SONAR Method™, a proven, proprietary framework for responding to and managing a range of cyber incidents, from singular events to the most complex cyber breaches and crises. Crisis response is complex, using the SONAR Method™ will help any practitioner take control of the incident before it escalates out of control.
Switching to Cyber: The Mid-Career Guide to Launching a Cybersecurity Career
This book is designed to provide mid-career transitioners to cybersecurity with competence and confidence, and empower you with clear, actionable steps to make the most of your new career. Whether you’re a seasoned professional in a different field or a recent retiree ready for a new challenge, Switching to Cyber will help you.
Case Studies
In the CISO Desk Reference Guide: Case Studies, we will present a dozen or so high-profile breaches from the perspective of what controls and best practices could be deployed that would help prevent a similar breach from happening again. The objective is to learn from our adversaries and improve our collective defenses.
Develop Your Cybersecurity Career Path
The CISO Desk Reference Guide: Develop Your Cybersecurity Career Path will show you how to enter the cybersecurity field at any level. Whether you are looking for an entry level position or want to translate years of experience to an entry at the right level, this book will help you explore the options for a career in cyber, and help you chart a path right for you.
Governance Series
Data Privacy
The Data Privacy Program Guide offers pragmatic advice to various stakeholders on how to build a privacy program that inspires trust and is aligned to organizational strategy and risk management practices of the firm while also addressing important regulations – both domestic and international – that require privacy practices that reflect and support the data subject’s or the consumer’s rights over their information.
Mastering Third-Party Risk
Helping you design a third-party risk management program that’s robust, forward-thinking, and exceeds mere regulatory compliance. This book empowers you to proactively manage risks, enhance your supply chain, and prepare for emerging threats.
Small Business Series
The Essential Guide to Cybersecurity for SMBs
The Essential Guide to Cybersecurity for SMBs is book one in the CISO Desk Reference Guide small business series. The essays included in this book provide both security professionals and executives of small businesses a blueprint of best practices to protect themselves and their customers.
Creating a Small Business Cybersecurity Program
Creating a Small Business Cybersecurity Program is the second book in the CISO Desk Reference Guide® small business series, targeted toward businesses with 25 to 500 employees and limited or no technology or security staff. It provides non-technical, practical, step-by-step instructions for small business owners who need to create a cybersecurity program.
Protect Your Business
The third book in the CISO Desk Reference Guide® small business series is Protect Your Business. Best for very small businesses, this book teaches the basics, how to secure your devices and not be a cyber sap. No jargon, no formal program (except when legally required) and nothing to get in the way of doing business. What the owner needs to know, and how to get it done!
Protect Your Practice
The fourth book in the CISO Desk Reference Guide® small business series is Protect Your Practice. Tailored for in healthcare, legal, and financial professionals, this book adds a deep dive into data protection and privacy concerns. Still with no jargon, but recognizing formal programs are usually required. What the practice needs to know, without wasting valuable time!