Security does not have to be a difficult or intimidating topic. Whether you're a small to medium-sized organization looking to improve your security, a current CISO seeking to enhance your practices, or someone aspiring to become a CISO, this project is designed to guide you through the essential knowledge areas of cybersecurity and risk management.
This project is intended to organize the ideas, processes, and supporting templates and tools required to succeed as a new CISO. While it will have humble beginnings, we hope it will grow and evolve with engagement from the community over time.
The views expressed as part of this project are the views of the individual contributors and do not reflect the views of our employer(s) or any affiliated organization(s).
If you are a small to medium-sized organization looking to improve your security, start with these basic steps:
- Make sure you have antivirus setup on all machines / properly enabled.
- Use MFA everywhere you can.
- Select strong and unique passwords (sometimes a password manager can help).
- Set all your systems and software to auto-update or implement a process to manage updates and patches.
- Talk to your employees about phishing and malware (basic awareness).
- Take a closer look at what is internet facing, and get help if you have things that concern you in this regard.
- If possible, have someone take a look at your cloud email (O365 or Gmail) settings and any firewalls or Wi-Fi configurations you may have.
- Be sure to back up your data and make sure you have backups in a secure, different location from your business.
This repository is organized into 22 comprehensive sections, each focusing on a key knowledge area of cybersecurity and risk management:
- Getting Started
- Understanding Business Risk
- Understanding the Adversary
- Mapping Attack Surface
- CIS18 and Basic Security Controls
- Security Architecture and Engineering
- Product and Software Security
- Secure Business Process Design
- Identity and Access Management
- Security Management
- Security Leadership
- Governance Risk and Compliance
- Security Awareness
- Security Operations - SOC
- Response - IR
- Business Continuity Planning - BCP
- Disaster Recovery - DR
- Vulnerability Management and Risk
- Frameworks and Standards
- Careers - The Road to CISO
- Cyber Insurance
- Resources
Each section contains detailed guidance, best practices, and supporting materials to help you understand and implement cybersecurity measures effectively.
We welcome contributions from the community! Please read our Contributing Guidelines to get started.
Here are some additional resources you can leverage:
- Join our discussions in the Issues section
- Submit feature requests or bug reports
- Connect with other contributors and users
- Share your experiences and insights
This project is licensed under the MIT License - see the LICENSE file for details.
- Thanks to all contributors who have helped shape this project
- Inspired by the need for accessible cybersecurity guidance for organizations of all sizes
- Grateful for the wealth of knowledge shared by security professionals worldwide
Secure through knowledge, vigilant through sharing, stronger together—this is the essence of modern cyber defense.