CIS Controls Ambassador, Alan Watkins Pens New Book

CIS Controls included in new book: “Creating a Small Business Cybersecurity Program”

EAST GREENBUSH, N.Y., July 14, 2020 – The Center for Internet Security, Inc. (CIS®) is pleased to announce the launch of a new book by Controls Ambassador, Alan B. Watkins titled, Creating a Small Business Cybersecurity Program. Watkins is the former owner/consultant of ABW Consulting Services and is currently a Core Adjunct Professor at National University, Department of Engineering and Computing within the College of Professional Studies.

Creating a Small Business Cybersecurity Program provides guidance and basic steps small businesses with 25-50 employees should implement, from creating governance documents to policies and procedures. Watkins devotes four chapters to the CIS Controls® and Sub-Controls in Implementation Group 1 (IG1) – the definition of basic cyber hygiene –  and discusses risk management through the use of the CIS Risk Assessment Method.

“Implementation Group 1 is the starting point for anyone wanting to use the CIS Controls in their organization. Medium and larger businesses should continue with Implementation Groups 2 and 3,” said Watkins. “In my discussions with local chambers of commerce and the Better Business Bureau, as well as several small business owners and managers, I saw a need for a simple, non-technical guide for creating an overall cybersecurity program for small businesses. It had to focus on low-cost or no-cost options, because these businesses don’t have the financial or human capital resources to dedicate for cybersecurity; they needed something that would fit into their current business structure and culture.”

The CIS Controls are a prioritized and simplified set of cybersecurity safeguards created to stop today’s most pervasive and dangerous cyber-attacks. They are developed, refined, and validated by a global community of cybersecurity experts. The CIS Controls have 20 top-level Controls containing 171 safeguards that provide a prioritized path to gradually improve an organization’s cybersecurity posture. They are the definition of an effective cybersecurity program. To keep current with the evolving threat landscape, CIS came up with a new prioritization scheme using Implementation Groups (IGs). An organization can determine what IG they belong to by looking at the sensitivity of the data they need to protect and the resources they can dedicate towards IT and cybersecurity.

Watkins has been an active advocate of the CIS Controls since they were the SANS 20 Top Critical Security Controls. He was a contributor to version 6.1, version 7, and version 7.1 of the CIS Controls and helped out on numerous companion guides to include the CIS Controls Teleworking and Small Businesses Network Security Guide. Additionally, he has participated in CIS Controls launches by helping to answer questions from the broader cybersecurity community.

“We’ve created a global Controls Ambassador program. Alan is one of the first three Ambassadors that we asked to join the program,” said Curtis Dukes, CIS Executive Vice President of Security Best Practices & Automation Group. “Based on his support of the CIS Controls from his time in city government, to his time as a private consultant, and now as a published author on security best practices, we genuinely appreciate Alan’s support of the CIS Controls.”

“It’s been a good experience working with the community in the Controls update process,” said Watkins. “I’ve made many connections and had many discussions on Controls, especially for small businesses.”

Released by CISO DRG Publishing, Creating a Small Business Cybersecurity Program is the second book in a three-book series created specifically for small businesses. The first book, by Gary Hayslip, addresses the reality that small businesses have many of the same cybersecurity problems as their larger counterparts but a host of additional challenges, including the maturity of the organization and the difficulty of focusing the management team on issues that aren’t immediate operational imperatives. The third book, by Bill Bonney, is designed specifically for companies with 20 employees or less to handle cybersecurity issues. This book is jargon free and assumes there is a desire to do only what is absolutely necessary and prudent to avoid fraud and steer clear of regulatory issues. Watkins’s book is available on Amazon.

About CIS

The Center for Internet Security, Inc. (CIS®) makes the connected world a safer place for people, businesses, and governments through our core competencies of collaboration and innovation. We are a community-driven nonprofit, responsible for the CIS Controls® and CIS Benchmarks™, globally recognized best practices for securing IT systems and data. We lead a global community of IT professionals to continuously evolve these standards and provide products and services to proactively safeguard against emerging threats. Our CIS Hardened Images® provide secure, on-demand, scalable computing environments in the cloud. CIS is home to the Multi-State Information Sharing and Analysis Center® (MS-ISAC®), the trusted resource for cyber threat prevention, protection, response, and recovery for U.S. State, Local, Tribal, and Territorial government entities, and the Elections Infrastructure Information Sharing and Analysis Center® (EI-ISAC®), which supports the rapidly changing cybersecurity needs of U.S. elections offices. To learn more, visit or follow us on Twitter: @CISecurity.

[email protected]



CIS Critical Security Controls Ambassadors

Our Ambassadors represent, speak for, volunteer on, and promote the CIS Critical Security Controls (CIS Controls).

Meet All Ambassadors


CIS Ambassador Badge