CISO DRG Publishing is proud to announce the publication of Cyber Crisis Response:  Leveraging the SONAR Method to Accelerate Response and Recovery, by Andrew Gorecki and Christopher Scott.

In Cyber Crisis Response, Andrew and Chris introduce The SONAR Method™, a proven, proprietary framework they developed through years of being on the front line, responding to cyber crises as the unfold. Andrew and Chris have lived in the trenches of crisis response, this book describes many of the common pitfalls and their battle-tested solutions. There is no better way to learn than to do it yourself, but understanding the lessons others have learned is essential to help you prepare.

Crisis response is a complex undertaking that requires the coordination of multiple, often conflicting, activities. No playbook replaces experience and critical thinking. Using The SONAR Method will help any practitioner:

• Understand how to stabilize an environment during a cyber attack
• Learn how to organize the team and resources needed to resolve the situation
• Facilitate negotiations across a wide variety of stakeholders involved in the crisis
• Discover how to effectively articulate and communicate the situation and resolution to a broad range of stakeholders
• Develop the specific action plan required to remediate and recover from the incident

With a foreword written by George Kurtz, President/CEO and co-founder of CrowdStrike, Cyber Crisis Response is the essential resource for you to up your game and respond with confidence when the inevitable cyber crisis strikes.

Available for immediate sale, Matt, Gary, and Bill congratulate Andrew and Chris. Well done, gentlemen!

Information Governance Leadership Summit:
March 30 & 31
San Diego, California

Attendance includes: 2 Workshops, breakfasts, lunches, breaks, 2 signed books & a networking reception

Click here to register!

About the Agenda

Day 1: Drafting Effective IG Policies
Effective Policy Writing has been cited by IG pros in recent research as a top priority and key to successful IG programs. Day One of the 2nd Annual CIGO Association “Information Governance Leadership Summit” will bring together IG leaders from around the world for a deep dive with renowned policy expert Lewis Eisen, author of, “Respectful Policies and Directives: How to Write Rules People Want to Follow.”

Networking Reception

To close the first day, we will hold a Networking Reception at the hotel, with appetizers and an open bar. We want to encourage forming bonds and long-term business relationships to help advance careers, and the field of IG.

Day 2: Privacy Program Management and Info Risk Management

Privacy & Cybersecurity expert, Justine Phillips, Partner at the major law firm DLA Piper, along with Cybersecurity expert Matt Stamper, CIPP/US, CISA, CISM, CRISC, CDPSE, QTE, the “CISO to CISOs” will present a two-part workshop on Privacy Program Management, and Information Risk Management, based on their book, “Data Privacy Program Guide: How to Build a Privacy Program the Inspires Trust.”

We will also have a panel discussion of leading experts in IG and InfoRisk.

Cost: $1495, includes all materials, meals, reception, and breaks.

14 hours of Continuing Education Units approved by CIGO Association

Seating is limited. So register today.

CISO DRG is pleased to announce publication of the second edition of Creating a Small Business Cybersecurity Program: A Non-Technical Guide for Small Business Owners.

After the first edition of this book was initially published in July 2020, using the CIS Controls® version 7.1, the CIS Controls® underwent a major update to version 8, issued in May 2021. The new version emphasizes the three Implementation Groups and expanded Implementation Group 1 (IG1), which applies primarily to small-to-medium businesses (SMBs). Another change in v.8 is having only 18 primary controls rather than 20. The Controls v.7.1 started with 43 Safeguards for IG1, then through revision, realignment, or incorporation into other Safeguards; IG1 v.8 has 56 Safeguards. These Safeguards are the key to achieving the security objectives identified in the overall CIS Controls®.

This Second Edition has incorporated the v.8 Safeguards into the book’s content, so that small business owners can follow simple, step-by-step approach to implementing these new safeguards in their company. Other changes are also included in the edition to bring the information up-to-date and provide new guidance on best industry practices.

(The following is taken from the introduction to the addendum)

After the book was initially published in July 2020, using the CIS Controls^® version 7.1, the CIS Controls^® underwent a major update to version 8, issued in May 2021. The new version emphasizes the three Implementation Groups, including an expanded Implementation Group 1 (IG1), which applies primarily to small-to-medium businesses (SMBs). Another change in v.8 is now having only 18 primary Controls, rather than 20. In addition, the book only focused on 37 Safeguards; however, IG1 started with 43 Safeguards in v.7.1. In v.8, 11 new Safeguards were added to IG1, while others were revised or merged into other Safeguards. This Addendum will address all of the v.8 IG1 Safeguards, even if the v.7.1 equivalent was not provided explicitly in the book.

This Addendum aims to provide businesses with a guide to take you from v.7.1 into the new v.8 Safeguards while maintaining the categorization structure created in the book. This Addendum will walk you through, chapter-by-chapter, first the changed Safeguards and then the newly added Safeguards within the categories for each chapter. The four chapters that identify key Safeguards will continue to address the same groupings of control measures, as listed below.

• Chapter 11—Key Safeguards for SMBs (“The Basics”)
• Chapter 12—Implementing Administrative and Configuration Controls
• Chapter 13—Implementing User Controls and Training
• Chapter 14—Implementing Incident and Breach Controls

In addition to the changes to the Safeguards in the CIS Controls, in July 2022, we updated the governance documents associated with the book and made them available at: Version 8 Addendum to Creating a Small Business Cybersecurity Program Control

CISO DRG Publishing is pleased to announce the availability of the Data Privacy Program Guide: How to Build a Privacy Program that Inspires Trust, the first book in the CISO Desk Reference Guide® Governance Series. This book was written by David Goodman, Justine Phillips, and Matt Stamper and is intended for Chief Privacy Officers and privacy professionals at all levels of the organization. This book focuses on building and managing privacy programs. From the author’s extensive and varied backgrounds, readers will gain unique insights, practical advice, and inspiration. Privacy professionals will learn how to create a privacy program that will help you improve your relationship with your customers while giving you the foundation for complying with the dizzying maze of privacy regulations. This is a groundbreaking book in the privacy space.

Congratulations David, Justine, and Matt, well done!