The CISO Desk Reference Guide® is a collection of books written for current and aspiring information security professionals by practitioners with hands-on experience in their respective domains. The books are divided into four series. The Foundation Series consists of the original two-volume set along with two books under development, including an executive primer intended for senior leadership and board members who need a foundational understanding of the CISO’s role and the disciplines within information security. The Practitioner Series is intended for the CISO and their direct staff who need to understand critical processes at an in-depth level. The Governance Series will address topics crucial for understanding and demonstrating the reliability of the program as required by external parties. The Small Business Series provides material essential for leaders without the resources of larger companies who still have valuable businesses to protect.

The founders of the CISO Desk Reference Guide, Bill Bonney, Gary Hayslip, and Matt Stamper are bringing their individual perspectives and vast industry experience and augmenting the books as needed with contributions from additional industry leaders to develop a catalog of books that will be invaluable to any information security professional.

CISO Desk Reference Guide Volume 1

Volume 1 of the CISO Desk Reference Guide® provides a basis for any CISO — experienced, new to the role, or aspiring — to baseline their program and confidently assert strengths, weaknesses and next steps. In this book we pioneered the tri-perspective style to provide three distinct viewpoints on each topic.

CISO Desk Reference Guide Volume 2

Volume 2 of the CISO Desk Reference Guide® again uses the tri-perspective style to deliver a blueprint for CISOs to elevate their program and achieve excellence across all critical information security domains. It concludes with an exercise to assist the CISO in developing their own strategic information security plan.

Executive Primer

The CISO Desk Reference Guide: Executive Primer culls the executive and board relevant material from the two-volume set, and the presents it in a concise form designed to educate the senior leadership team. The information is presented as a CISO’s eye view so the board or company executive can better understand the unique challenges the CISO faces and how to best support them.

Case Studies

In the CISO Desk Reference Guide: Case Studies, we will present a dozen or so high-profile breaches from the perspective of what controls and best practices could be deployed that would help prevent a similar breach from happening again. The objective is to learn from our adversaries and improve our collective defenses.

Threat Intel

As security executives, we are tasked most importantly with understanding the strategic value of cybersecurity’s role in the business and helping to communicate how those investments are positively impacting the business. The CISO Desk Reference Guide: Threat Intelligence teaches information security professionals how to incorporate threat intelligence into your strategic plans and your daily operations.

Incident Management

Incident response is best addressed by implementing a virtuous cycle: prepare, detect, contain, eradicate, recover and improve. In The CISO Desk Reference Guide: Incident Response, the reader will learn how to create a program to respond to incidents by building a dynamic, adaptable plan.

Vendor Management

From meeting regulatory requirements for assessing third-party risk, to understanding where your data resides externally, to understanding who has access to your data and your systems, vendor management has become an essential discipline for managing enterprise risk. The CISO Desk Reference Guide: Vendor Management will be the foundation of your vendor management program.

Security Compliance

Compliance does not equal security, but security compliance should never be dismissed as bureaucratic or waved away as a mere regulatory requirement. Much of what we think of as essential security hygiene is encapsulated by security frameworks relied upon to demonstrate compliance. The CISO Desk Reference Guide: Security Compliance shows how to both be compliant and use compliance to achieve a better security posture.

Data Privacy

The Privacy Desk Reference Guide offers pragmatic advice to various stakeholders on how to build a privacy program that is aligned to organizational strategy and risk management practices of the firm while also addressing important regulations – both domestic and international – that require privacy practices that reflect and support the data subject’s or the consumer’s rights over their information.

The Essential Guide to Cybersecurity for SMBs

The Essential Guide to Cybersecurity for SMBs is book one in the CISO Desk Reference Guide small business series. The essays included in this book provide both security professionals and executives of small businesses a blueprint of best practices to protect themselves and their customers.

Creating a Small Business Cybersecurity Program

Creating a Small Business Cybersecurity Program is the second book in the CISO Desk Reference Guide® small business series, targeted toward businesses with 25 to 50 employees and limited or no technology or security staff. It provides non-technical, practical, step-by-step instructions for small business owners who need to create a cybersecurity program.

Be Your Own CISO

The third book in the CISO Desk Reference Guide® small business series is Be Your Own CISO. Best for very small businesses, this book teaches the basics, how to lock the doors and not be a cyber sap. No jargon, no formal program (except when legally required) and nothing to get in the way of doing business. What does the owner need to know and how they get it done!