The CISO Desk Reference Guide® is a collection of books written for current and aspiring information security leaders and practitioners. Every book in our catalog is written by practitioners with hands-on experience in their respective domains. The books are divided into four series. The Foundation Series consists of the original two-volume set, The CISO Desk Reference Guide® Volumes 1 & 2, along with two books under development. Coming in December, the Executive Primer, intended for senior leadership and board members who need a foundational understanding of the CISO’s role and the disciplines within information security. In 2022 we’ll publish a set of case studies that examine what went wrong in some of the highest profile breaches, and how we can change to be more secure. Volumes 1 and 2 of The CISO Desk Reference Guide® describe the CISO’s role in-depth and were inducted into the  Cybersecurity Canon Hall of Fame in June 2020.

The Practitioner Series is intended for practitioners who need to understand critical processes at an in-depth level. There are several titles under development and details will be published as timeframes firm up.

The Governance Series will address topics crucial for understanding and demonstrating the reliability of the program as required by external parties. This includes reference guides for privacy professionals, vendor management, and security compliance. Our data privacy reference is scheduled for publication in Q1 of 2022.

The Small Business Series provides material essential for leaders without the resources of larger companies who still have valuable businesses to protect. Titles published so far include The Essential Guide to Cybersecurity for SMBs, Creating a Small Business Cybersecurity Program, and for very small businesses, Bring Your Own Cyber: A Small Business Owner’s Guide to Basic Network Security.

CISO Desk Reference Guide Volume 1

Volume 1 of the CISO Desk Reference Guide® provides a basis for any CISO — experienced, new to the role, or aspiring — to baseline their program and confidently assert strengths, weaknesses and next steps. In this book we pioneered the tri-perspective style to provide three distinct viewpoints on each topic.

CISO Desk Reference Guide Volume 2

Volume 2 of the CISO Desk Reference Guide® again uses the tri-perspective style to deliver a blueprint for CISOs to elevate their program and achieve excellence across all critical information security domains. It concludes with an exercise to assist the CISO in developing their own strategic information security plan.

Executive Primer

The CISO Desk Reference Guide: Executive Primer culls the executive and board relevant material from the two-volume set, and presents it in a concise form designed to educate the senior leadership team. The information is presented as a CISO’s eye view so the board or company executive can better understand the unique challenges the CISO faces and how to best support them.

Develop Your Cybersecurity Career Path

The CISO Desk Reference Guide: Develop Your Cybersecurity Career Path will show you how to enter the cybersecurity field at any level. Whether you are looking for an entry level position or want to translate years of experience to an entry at the right level, this book will help you explore the options for a career in cyber, and help you chart a path right for you.

Case Studies

In the CISO Desk Reference Guide: Case Studies, we will present a dozen or so high-profile breaches from the perspective of what controls and best practices could be deployed that would help prevent a similar breach from happening again. The objective is to learn from our adversaries and improve our collective defenses.

Vendor Management

From meeting regulatory requirements for assessing third-party risk, to understanding where your data resides externally, to understanding who has access to your data and your systems, vendor management has become an essential discipline for managing enterprise risk. The CISO Desk Reference Guide: Vendor Management will be the foundation of your vendor management program.

Security Compliance

Compliance does not equal security, but security compliance should never be dismissed as bureaucratic or waved away as a mere regulatory requirement. Much of what we think of as essential security hygiene is encapsulated by security frameworks relied upon to demonstrate compliance. The CISO Desk Reference Guide: Security Compliance shows how to both be compliant and use compliance to achieve a better security posture.

Data Privacy

The Privacy Desk Reference Guide offers pragmatic advice to various stakeholders on how to build a privacy program that is aligned to organizational strategy and risk management practices of the firm while also addressing important regulations – both domestic and international – that require privacy practices that reflect and support the data subject’s or the consumer’s rights over their information.

The Essential Guide to Cybersecurity for SMBs

The Essential Guide to Cybersecurity for SMBs is book one in the CISO Desk Reference Guide small business series. The essays included in this book provide both security professionals and executives of small businesses a blueprint of best practices to protect themselves and their customers.

Creating a Small Business Cybersecurity Program

Creating a Small Business Cybersecurity Program is the second book in the CISO Desk Reference Guide® small business series, targeted toward businesses with 25 to 500 employees and limited or no technology or security staff. It provides non-technical, practical, step-by-step instructions for small business owners who need to create a cybersecurity program.

Bring Your Own Cyber

The third book in the CISO Desk Reference Guide® small business series is Bring Your Own Cyber. Best for very small businesses, this book teaches the basics, how to lock the doors and not be a cyber sap. No jargon, no formal program (except when legally required) and nothing to get in the way of doing business. What the owner needs to know, and how they get it done!