CISO DRG Publishing is pleased to announce publication of the second edition of The Essential Guide to Cybersecurity for SMBs: Practical Advice for CISOs at Small and Medium Size Businesses, by Gary Hayslip, co-founder of CISO DRG Publishing.

Gary wrote the first edition of The Essential Guide to Cybersecurity for SMBs in February of 2020, and this book has been a wonderful resource to cybersecurity professions and small and medium size businesses. If the three years since the first edition came out have taught us anything, it’s that smaller firms now have just as big a target and the experience Gary shares has never been timelier.

The second edition has been updated with new insights and updated references. Congratulations, Gary, and thank you for updating this important work.

InfraGard National Members Alliance is pleased to announce our instructors and speakers for Cyber Defenders, presented in partnership with RSA Conference.

During this immersive two-day workshop, receive briefings from the FBI’s cyber and counterintelligence divisions, explore cyber laws shaping the regulatory environment, and discuss what constitutes ‘reasonable security’ with two experts who literally wrote the book on the subject. Sessions focused on leveraging threat intelligence and implementing effective insider-threat programs will provide attendees with practical steps they can take to manage risk in their organizations. #InfraGard

View the agenda at https://lnkd.in/gAhzbaRj

Register by the March 10 deadline at https://lnkd.in/gaKiiJZG

Information Governance Leadership Summit:
March 30 & 31
San Diego, California

Attendance includes: 2 Workshops, breakfasts, lunches, breaks, 2 signed books & a networking reception

Click here to register!

About the Agenda

Day 1: Drafting Effective IG Policies
Effective Policy Writing has been cited by IG pros in recent research as a top priority and key to successful IG programs. Day One of the 2nd Annual CIGO Association “Information Governance Leadership Summit” will bring together IG leaders from around the world for a deep dive with renowned policy expert Lewis Eisen, author of, “Respectful Policies and Directives: How to Write Rules People Want to Follow.”

Networking Reception

To close the first day, we will hold a Networking Reception at the hotel, with appetizers and an open bar. We want to encourage forming bonds and long-term business relationships to help advance careers, and the field of IG.

Day 2: Privacy Program Management and Info Risk Management

Privacy & Cybersecurity expert, Justine Phillips, Partner at the major law firm DLA Piper, along with Cybersecurity expert Matt Stamper, CIPP/US, CISA, CISM, CRISC, CDPSE, QTE, the “CISO to CISOs” will present a two-part workshop on Privacy Program Management, and Information Risk Management, based on their book, “Data Privacy Program Guide: How to Build a Privacy Program the Inspires Trust.”

We will also have a panel discussion of leading experts in IG and InfoRisk.

Cost: $1495, includes all materials, meals, reception, and breaks.

14 hours of Continuing Education Units approved by CIGO Association

Seating is limited. So register today.

CISO DRG is pleased to announce publication of the second edition of Creating a Small Business Cybersecurity Program: A Non-Technical Guide for Small Business Owners.

After the first edition of this book was initially published in July 2020, using the CIS Controls® version 7.1, the CIS Controls® underwent a major update to version 8, issued in May 2021. The new version emphasizes the three Implementation Groups and expanded Implementation Group 1 (IG1), which applies primarily to small-to-medium businesses (SMBs). Another change in v.8 is having only 18 primary controls rather than 20. The Controls v.7.1 started with 43 Safeguards for IG1, then through revision, realignment, or incorporation into other Safeguards; IG1 v.8 has 56 Safeguards. These Safeguards are the key to achieving the security objectives identified in the overall CIS Controls®.

This Second Edition has incorporated the v.8 Safeguards into the book’s content, so that small business owners can follow simple, step-by-step approach to implementing these new safeguards in their company. Other changes are also included in the edition to bring the information up-to-date and provide new guidance on best industry practices.

(The following is taken from the introduction to the addendum)

After the book was initially published in July 2020, using the CIS Controls^® version 7.1, the CIS Controls^® underwent a major update to version 8, issued in May 2021. The new version emphasizes the three Implementation Groups, including an expanded Implementation Group 1 (IG1), which applies primarily to small-to-medium businesses (SMBs). Another change in v.8 is now having only 18 primary Controls, rather than 20. In addition, the book only focused on 37 Safeguards; however, IG1 started with 43 Safeguards in v.7.1. In v.8, 11 new Safeguards were added to IG1, while others were revised or merged into other Safeguards. This Addendum will address all of the v.8 IG1 Safeguards, even if the v.7.1 equivalent was not provided explicitly in the book.

This Addendum aims to provide businesses with a guide to take you from v.7.1 into the new v.8 Safeguards while maintaining the categorization structure created in the book. This Addendum will walk you through, chapter-by-chapter, first the changed Safeguards and then the newly added Safeguards within the categories for each chapter. The four chapters that identify key Safeguards will continue to address the same groupings of control measures, as listed below.

• Chapter 11—Key Safeguards for SMBs (“The Basics”)
• Chapter 12—Implementing Administrative and Configuration Controls
• Chapter 13—Implementing User Controls and Training
• Chapter 14—Implementing Incident and Breach Controls

In addition to the changes to the Safeguards in the CIS Controls, in July 2022, we updated the governance documents associated with the book and made them available at: Version 8 Addendum to Creating a Small Business Cybersecurity Program Control

CISO DRG Publishing is pleased to announce the availability of the Data Privacy Program Guide: How to Build a Privacy Program that Inspires Trust, the first book in the CISO Desk Reference Guide® Governance Series. This book was written by David Goodman, Justine Phillips, and Matt Stamper and is intended for Chief Privacy Officers and privacy professionals at all levels of the organization. This book focuses on building and managing privacy programs. From the author’s extensive and varied backgrounds, readers will gain unique insights, practical advice, and inspiration. Privacy professionals will learn how to create a privacy program that will help you improve your relationship with your customers while giving you the foundation for complying with the dizzying maze of privacy regulations. This is a groundbreaking book in the privacy space.

Congratulations David, Justine, and Matt, well done!