CISO DRG Publishing is pleased to announce publication of the second edition of The Essential Guide to Cybersecurity for SMBs: Practical Advice for CISOs at Small and Medium Size Businesses, by Gary Hayslip, co-founder of CISO DRG Publishing.

Gary wrote the first edition of The Essential Guide to Cybersecurity for SMBs in February of 2020, and this book has been a wonderful resource to cybersecurity professions and small and medium size businesses. If the three years since the first edition came out have taught us anything, it’s that smaller firms now have just as big a target and the experience Gary shares has never been timelier.

The second edition has been updated with new insights and updated references. Congratulations, Gary, and thank you for updating this important work.

InfraGard National Members Alliance is pleased to announce our instructors and speakers for Cyber Defenders, presented in partnership with RSA Conference.

During this immersive two-day workshop, receive briefings from the FBI’s cyber and counterintelligence divisions, explore cyber laws shaping the regulatory environment, and discuss what constitutes ‘reasonable security’ with two experts who literally wrote the book on the subject. Sessions focused on leveraging threat intelligence and implementing effective insider-threat programs will provide attendees with practical steps they can take to manage risk in their organizations. #InfraGard

View the agenda at https://lnkd.in/gAhzbaRj

Register by the March 10 deadline at https://lnkd.in/gaKiiJZG

Information Governance Leadership Summit:
March 30 & 31
San Diego, California

Attendance includes: 2 Workshops, breakfasts, lunches, breaks, 2 signed books & a networking reception

Click here to register!

About the Agenda

Day 1: Drafting Effective IG Policies
Effective Policy Writing has been cited by IG pros in recent research as a top priority and key to successful IG programs. Day One of the 2nd Annual CIGO Association “Information Governance Leadership Summit” will bring together IG leaders from around the world for a deep dive with renowned policy expert Lewis Eisen, author of, “Respectful Policies and Directives: How to Write Rules People Want to Follow.”

Networking Reception

To close the first day, we will hold a Networking Reception at the hotel, with appetizers and an open bar. We want to encourage forming bonds and long-term business relationships to help advance careers, and the field of IG.

Day 2: Privacy Program Management and Info Risk Management

Privacy & Cybersecurity expert, Justine Phillips, Partner at the major law firm DLA Piper, along with Cybersecurity expert Matt Stamper, CIPP/US, CISA, CISM, CRISC, CDPSE, QTE, the “CISO to CISOs” will present a two-part workshop on Privacy Program Management, and Information Risk Management, based on their book, “Data Privacy Program Guide: How to Build a Privacy Program the Inspires Trust.”

We will also have a panel discussion of leading experts in IG and InfoRisk.

Cost: $1495, includes all materials, meals, reception, and breaks.

14 hours of Continuing Education Units approved by CIGO Association

Seating is limited. So register today.

CISO DRG is pleased to announce publication of the second edition of Creating a Small Business Cybersecurity Program: A Non-Technical Guide for Small Business Owners.

After the first edition of this book was initially published in July 2020, using the CIS Controls® version 7.1, the CIS Controls® underwent a major update to version 8, issued in May 2021. The new version emphasizes the three Implementation Groups and expanded Implementation Group 1 (IG1), which applies primarily to small-to-medium businesses (SMBs). Another change in v.8 is having only 18 primary controls rather than 20. The Controls v.7.1 started with 43 Safeguards for IG1, then through revision, realignment, or incorporation into other Safeguards; IG1 v.8 has 56 Safeguards. These Safeguards are the key to achieving the security objectives identified in the overall CIS Controls®.

This Second Edition has incorporated the v.8 Safeguards into the book’s content, so that small business owners can follow simple, step-by-step approach to implementing these new safeguards in their company. Other changes are also included in the edition to bring the information up-to-date and provide new guidance on best industry practices.

(The following is taken from the introduction to the addendum)

After the book was initially published in July 2020, using the CIS Controls^® version 7.1, the CIS Controls^® underwent a major update to version 8, issued in May 2021. The new version emphasizes the three Implementation Groups, including an expanded Implementation Group 1 (IG1), which applies primarily to small-to-medium businesses (SMBs). Another change in v.8 is now having only 18 primary Controls, rather than 20. In addition, the book only focused on 37 Safeguards; however, IG1 started with 43 Safeguards in v.7.1. In v.8, 11 new Safeguards were added to IG1, while others were revised or merged into other Safeguards. This Addendum will address all of the v.8 IG1 Safeguards, even if the v.7.1 equivalent was not provided explicitly in the book.

This Addendum aims to provide businesses with a guide to take you from v.7.1 into the new v.8 Safeguards while maintaining the categorization structure created in the book. This Addendum will walk you through, chapter-by-chapter, first the changed Safeguards and then the newly added Safeguards within the categories for each chapter. The four chapters that identify key Safeguards will continue to address the same groupings of control measures, as listed below.

• Chapter 11—Key Safeguards for SMBs (“The Basics”)
• Chapter 12—Implementing Administrative and Configuration Controls
• Chapter 13—Implementing User Controls and Training
• Chapter 14—Implementing Incident and Breach Controls

In addition to the changes to the Safeguards in the CIS Controls, in July 2022, we updated the governance documents associated with the book and made them available at: Version 8 Addendum to Creating a Small Business Cybersecurity Program Control

CISO DRG Publishing is pleased to announce the availability of the Data Privacy Program Guide: How to Build a Privacy Program that Inspires Trust, the first book in the CISO Desk Reference Guide® Governance Series. This book was written by David Goodman, Justine Phillips, and Matt Stamper and is intended for Chief Privacy Officers and privacy professionals at all levels of the organization. This book focuses on building and managing privacy programs. From the author’s extensive and varied backgrounds, readers will gain unique insights, practical advice, and inspiration. Privacy professionals will learn how to create a privacy program that will help you improve your relationship with your customers while giving you the foundation for complying with the dizzying maze of privacy regulations. This is a groundbreaking book in the privacy space.

Congratulations David, Justine, and Matt, well done!

CISO DRG Publishing is pleased to announce the availability of the CISO Desk Reference Guide Executive Primer: The Executive’s Guide to Security Programs  the third book in the CISO Desk Reference Guide® Foundation Series. This book was written by Bill Bonney, Gary Hayslip, and Matt Stamper and presents topics we first discussed in Volumes 1 and 2 of the CISO Desk Reference Guide. However, where Volumes 1 and 2 of the CISO Desk Reference Guide are designed to help CISOs and aspiring CISOs benefit from the experiences of seasoned executives who have walked in their shoes, the Executive Primer is written to include the CISO’s colleagues and provide a C-suite perspective for both the security function and security executives.

Congratulations Bill, Gary, and Matt, well done!

Ben Rothke has reviewed over 700 books on a range of topics. One of his most frequent topics is Cybersecurity. Suffice it to say he knows a thing or two because he’s read a book or two. Over 5,000 people have found his reviews helpful and CISO DRG is very proud of Gary Hayslip, Chris Foulon and Renee Small for writing Develop Your Cybersecurity Career Path, Ben’s most recent review subject. Thank you Ben – your reviews are always insightful.

Ben posted his review on Oct 1 and gave Develop Your Cybersecurity Career Path 5 stars. Here is the full review:

One does not have to drive very long down a highway to see billboards with programs encouraging people to sign-up to get trained in a career in the lucrative field of information security. Articles such as The 10 fastest-growing jobs of the next decade, Wanted: Millions of cybersecurity pros. Salary: Whatever you want, and other similar pieces have created a feeding frenzy in the information security space.

While those articles are often more histrionic than accurate, the reality remains that there are indeed many information security jobs open. As I wrote in The fallacy of the information security skill shortage, a large part of the so-called information security skills shortage has more to do with firms that refuse to pay market rates for information security professionals.

But for those who have an interest in information security, how exactly can they enter the field? In Develop Your Cybersecurity Career Path: How to Break into Cybersecurity at Any Level, authors and security veterans Gary Hayslip, Christophe Foulon, and Renee Small have written a practical, and more importantly, honest guide on how to enter the field.

One of the mistakes people make is thinking cybersecurity is a monolithic field. But within cybersecurity, there are many different domains are areas. This is best exemplified by Henry Jiang (CISO at Diligent Corporation) in his map of the cybersecurity domain. A quick glance at his map shows scores of different areas, which exemplified how diverse information security is.

Many times, books with multiple authors suffer from consistency and readability due to different styles and approaches. But this book benefits from multiple authors as there are numerous ways to get into security, and each author brings their unique story and strategy.

Many people are tempted to go into security for the money, but the book cautions that they will not succeed without a passion for the topic. While security is portrayed in the media as often being James Bond-like, the authors detail the dark side of information security, which a person should consider before going down the path.

I would have liked to see in the book an emphasis on those considering a security career to get their hands on Kali Linux. Kali is an open-source Linux distro make for security, forensics, and penetration testing. It has over 600 information security tools. Kali is an excellent way for someone to get their hands wet with security tools and see if they are interested in it.

This is an inexpensive way to play with security, as you can run Kali on a $300 desktop. But 20 years ago, the tools on Kali alone would have easily cost over $250,000. A lot has changed in the last few decades.

There are countless articles about getting into the security field, many of them vendor-sponsored. But there’s a death of sage advice on how to do it right. For anyone considering entering the information security career path, Develop Your Cybersecurity Career Path is an excellent book to help them on their journey.