How highly effective CISOs lean forward with proactive risk management
No executive wants to be blindsided by risks, and the role of the CISO is more crucial than ever in preventing that. The most effective CISOs run highly effective, risk-focused security programs and are experts at relating technology, digital, and cyber risks to the business and its initiatives.
Sysdig’s latest blog by Matt Stamper, CIPP/US, CISA, CISM, CRISC, CDPSE, QTE dives into how CISOs can effectively manage and communicate digital and cyber risks within their organizations.
Catch it here to learn how to enhance your organization’s cyber risk management strategy: https://okt.to/huK2CQ hashtag#CISO hashtag#Cybersecurity hashtag#RiskManagement
Protect Your Practice and Protect Your Business
CISO DRG Publishing is proud to announce the publication of two new books in the Small Business Series. These are successor books to Bring Your Own Cyber, originally published in 2020. Protect Your Business: A Small Business Guide to Basic Cybersecurity is written for small businesses and Protect Your Practice: Basic Cybersecurity for Healthcare, Legal and Financial Professionals is tailored specifically to small independent offices is professional services.
The eight chapters in these books teach readers the basics. They use plain language to small owners and independent professionals how to become more secure. They include prudent steps readers can take right away to be more secure and every chapter comes with “Pro Steps” to take it to the next level.
Available for immediate sale, Matt, Gary, and Bill congratulate Bill and David. Good work, guys!
Cyber Crisis Response: Leveraging the SONAR Method to Accelerate Response and Recovery
CISO DRG Publishing is proud to announce the publication of Cyber Crisis Response: Leveraging the SONAR Method to Accelerate Response and Recovery, by Andrew Gorecki and Christopher Scott.
In Cyber Crisis Response, Andrew and Chris introduce The SONAR Method™, a proven, proprietary framework they developed through years of being on the front line, responding to cyber crises as the unfold. Andrew and Chris have lived in the trenches of crisis response, this book describes many of the common pitfalls and their battle-tested solutions. There is no better way to learn than to do it yourself, but understanding the lessons others have learned is essential to help you prepare.
Crisis response is a complex undertaking that requires the coordination of multiple, often conflicting, activities. No playbook replaces experience and critical thinking. Using The SONAR Method will help any practitioner:
- Understand how to stabilize an environment during a cyber attack
- Learn how to organize the team and resources needed to resolve the situation
- Facilitate negotiations across a wide variety of stakeholders involved in the crisis
- Discover how to effectively articulate and communicate the situation and resolution to a broad range of stakeholders
- Develop the specific action plan required to remediate and recover from the incident
With a foreword written by George Kurtz, President/CEO and co-founder of CrowdStrike, Cyber Crisis Response is the essential resource for you to up your game and respond with confidence when the inevitable cyber crisis strikes.
Available for immediate sale, Matt, Gary, and Bill congratulate Andrew and Chris. Well done, gentlemen!
What is the interview process like for CISOs?
In this episode, Host Ron Eddings catches up with repeat guest, Gary Hayslip, CISO at SoftBank Investment Advisors and co-author of CISO Desk Reference guide. Gary explains that the varied nature of his current CISO role contrasts with the broader industry trends. He discusses how that nature plays into the CISO hiring process and career path, as well as how his books are helping to bridge the gap among professionals.
Impactful Moments:
00:00 – Welcome
00:59 – Introducing guest, Gary Hayslip
01:38 – The Path to Becoming a CISO
08:04 – CSO vs CISO
10:47 – “I’m firing you…”
15:03 – Interviewing for the CISO role
17:56 – Join Our Mastermind
18:39 – Being ‘Mr. Maybe’
21:41 – CISO- A Day in the Life
24:50 – Using Books to Pave the Way
Links:
- Connect with Gary on LinkedIn: https://www.linkedin.com/in/ghayslip/
- Check out Gary’s Books on Amazon
Third Edition of the CISO Desk Reference Guide, Volume 1 and 2 released together
CISO DRG Publishing is pleased to announce publication of the third edition of the CISO Desk Reference Guide: A Practical Guide for CISOs, Volume 1 and 2, by Bill Bonney, Gary Hayslip, and Matt Stamper, co-founders of CISO DRG Publishing. We wrote the Guide as a foundational reference for CISOs. The third edition has been updated with new insights and updated references along with new chapters on emerging technologies (Chapter 12 in Volume 2) and cyber liability insurance (Chapter 7 in Volume 1).
As a guide written specifically for CISOs, we hope Volumes 1 and 2 of the CISO Desk Reference Guide become trusted resources for you, your teams, and your colleagues in the C-suite. Congratulations, Bill, Gary, and Matt, and thank you for updating this important work.
Second edition of The Essential Guide to Cybersecurity for SMBs: Practical Advice for CISOs at Small and Medium Size Businesses
CISO DRG Publishing is pleased to announce publication of the second edition of The Essential Guide to Cybersecurity for SMBs: Practical Advice for CISOs at Small and Medium Size Businesses, by Gary Hayslip, co-founder of CISO DRG Publishing.
Gary wrote the first edition of The Essential Guide to Cybersecurity for SMBs in February of 2020, and this book has been a wonderful resource to cybersecurity professions and small and medium size businesses. If the three years since the first edition came out have taught us anything, it’s that smaller firms now have just as big a target and the experience Gary shares has never been timelier.
The second edition has been updated with new insights and updated references. Congratulations, Gary, and thank you for updating this important work.
SPEAKERS ANNOUNCED: CYBER DEFENDERS @ RSA CONFERENCE
InfraGard National Members Alliance is pleased to announce our instructors and speakers for Cyber Defenders, presented in partnership with RSA Conference.
During this immersive two-day workshop, receive briefings from the FBI’s cyber and counterintelligence divisions, explore cyber laws shaping the regulatory environment, and discuss what constitutes ‘reasonable security’ with two experts who literally wrote the book on the subject. Sessions focused on leveraging threat intelligence and implementing effective insider-threat programs will provide attendees with practical steps they can take to manage risk in their organizations. #InfraGard
View the agenda at https://lnkd.in/gAhzbaRj
Register by the March 10 deadline at https://lnkd.in/gaKiiJZG
Information Governance Leadership Summit
Information Governance Leadership Summit:
March 30 & 31
San Diego, California
Attendance includes: 2 Workshops, breakfasts, lunches, breaks, 2 signed books & a networking reception
About the Agenda
Day 1: Drafting Effective IG Policies
Effective Policy Writing has been cited by IG pros in recent research as a top priority and key to successful IG programs. Day One of the 2nd Annual CIGO Association “Information Governance Leadership Summit” will bring together IG leaders from around the world for a deep dive with renowned policy expert Lewis Eisen, author of, “Respectful Policies and Directives: How to Write Rules People Want to Follow.”
Networking Reception
To close the first day, we will hold a Networking Reception at the hotel, with appetizers and an open bar. We want to encourage forming bonds and long-term business relationships to help advance careers, and the field of IG.
Day 2: Privacy Program Management and Info Risk Management
Privacy & Cybersecurity expert, Justine Phillips, Partner at the major law firm DLA Piper, along with Cybersecurity expert Matt Stamper, CIPP/US, CISA, CISM, CRISC, CDPSE, QTE, the “CISO to CISOs” will present a two-part workshop on Privacy Program Management, and Information Risk Management, based on their book, “Data Privacy Program Guide: How to Build a Privacy Program the Inspires Trust.”
We will also have a panel discussion of leading experts in IG and InfoRisk.
Cost: $1495, includes all materials, meals, reception, and breaks.
14 hours of Continuing Education Units approved by CIGO Association
Seating is limited. So register today.
Second edition of Creating a Small Business Cybersecurity Program: A Non-Technical Guide for Small Business Owners.
CISO DRG is pleased to announce publication of the second edition of Creating a Small Business Cybersecurity Program: A Non-Technical Guide for Small Business Owners.
After the first edition of this book was initially published in July 2020, using the CIS Controls® version 7.1, the CIS Controls® underwent a major update to version 8, issued in May 2021. The new version emphasizes the three Implementation Groups and expanded Implementation Group 1 (IG1), which applies primarily to small-to-medium businesses (SMBs). Another change in v.8 is having only 18 primary controls rather than 20. The Controls v.7.1 started with 43 Safeguards for IG1, then through revision, realignment, or incorporation into other Safeguards; IG1 v.8 has 56 Safeguards. These Safeguards are the key to achieving the security objectives identified in the overall CIS Controls®.
This Second Edition has incorporated the v.8 Safeguards into the book’s content, so that small business owners can follow simple, step-by-step approach to implementing these new safeguards in their company. Other changes are also included in the edition to bring the information up-to-date and provide new guidance on best industry practices.
Version 8 Addendum to Creating a Small Business Cybersecurity Program – August 2022
(The following is taken from the introduction to the addendum)
After the book was initially published in July 2020, using the CIS Controls® version 7.1, the CIS Controls® underwent a major update to version 8, issued in May 2021. The new version emphasizes the three Implementation Groups, including an expanded Implementation Group 1 (IG1), which applies primarily to small-to-medium businesses (SMBs). Another change in v.8 is now having only 18 primary Controls, rather than 20. In addition, the book only focused on 37 Safeguards; however, IG1 started with 43 Safeguards in v.7.1. In v.8, 11 new Safeguards were added to IG1, while others were revised or merged into other Safeguards. This Addendum will address all of the v.8 IG1 Safeguards, even if the v.7.1 equivalent was not provided explicitly in the book.
This Addendum aims to provide businesses with a guide to take you from v.7.1 into the new v.8 Safeguards while maintaining the categorization structure created in the book. This Addendum will walk you through, chapter-by-chapter, first the changed Safeguards and then the newly added Safeguards within the categories for each chapter. The four chapters that identify key Safeguards will continue to address the same groupings of control measures, as listed below.
- Chapter 11—Key Safeguards for SMBs (“The Basics”)
- Chapter 12—Implementing Administrative and Configuration Controls
- Chapter 13—Implementing User Controls and Training
- Chapter 14—Implementing Incident and Breach Controls
In addition to the changes to the Safeguards in the CIS Controls, in July 2022, we updated the governance documents associated with the book and made them available at: Version 8 Addendum to Creating a Small Business Cybersecurity Program Control