Data breaches. Ransomware. These are the things that keep IT security pros up at night. When Target, Experian, the IRS, the Departments of State and Defense can be successfully targeted (not to mention US. power grids), the risk is real.
Much of what InfoSec pros are able to do, in order to monitor current systems and add proactive measures for prevention, they learn from experience on the job. But, of course, proactive security strategies involve continual updating of technology and identifying/monitoring the latest threats and operational modes of the “bad guys.”
There is no lack of resources for InfoSec pros – updates to download, security sourcebooks, guides and handbooks, e-books – and many are free. But IT security personnel need both theoretical and practical knowledge and understanding, and texts seem to do a better job of at least the theoretical aspects of cybersecurity (although very new editions have practical information and advice that is quite current).
There are some books that every InfoSec pro should have in their libraries – “old-fashioned” hardcover texts that will prove to be very valuable. Though some of them are aimed for academic use mostly, they give an in-depth description of the processes and provide enough details to shape a well-reasoned opinion. Here are just 10 of the books.
1. Security in Computing
By Charles and Shari Pfleeger
This book provides a basic primer on the multiple aspects of cybersecurity – from devices and software to users, networks, operating systems, and the law. The newest edition has added cloud computing, IoT, and lots about Cyberwarfare.
Because this is a foundational text, it is often required in IT college courses. And it is a great reference work for reminders and clarification. If you did not get this book in college, get it now.
2. Defensive Security Handbook: Best Practices for Securing Infrastructure
By Lee Brotherton and Amanda Berlin
Both authors are experts in the IT security field, and they published this book in 2017.
The focus of the work is defense. Readers will get step-by-step instructions for establishing security measures for a multitude of specific issues, including tools and processes for doing so. InfoSec workers will be able to use this as sort of a handbook – full of ideas, best practices, and the lessons that have been learned by others, as they faced security issues. Organizational IT pros will find this book a great reference tool, even though the most current hacker modalities may not be included.
3. Information Assurance Handbook: Effective Computer Security and Risk Management Strategies
By Corey Schou and Steven Hernandez
While this book was published several years ago (2014), it should not be considered outdated. It contains all of the basic AI concepts and principles as they relate to security and is a solid source for the tools and technology that can be used to prevent breaches.
This book is a good starting point for IT pros who want the basic theoretical understanding, along with some practical tools and strategies. It belongs in your library.
4. Hacking the Hacker: Learn from the Experts Who Take Down Hackers
By Roger A. Grimes
Published in 2017, this book was authored by an individual with a long history in cybersecurity and, specifically, in the prevention of malware and other hacker attacks.
The uniqueness of this work is that it begins by interviewing 26 hackers (white hat ones) and other researchers who are able to explain exactly how they hacked and what hacking really involves. It will provide a great behind-the-scenes look into the world of hacking and the strategies they use, along with the strategies that can be used to foil their efforts.
5. Cyber Security Basics: Protect Your Organization by Applying the Fundamentals
By Don Franke
This author has been in the field of IT and cybersecurity for more than 20 years. This book covers all of the fundamentals of InfoSec and their practical applications in terms of strategies and controls. It’s a short piece but is a great overview for beginners and speaks to the multiple layers of security that can be implemented, dependent upon the type of organization and the levels of security that are most appropriate.
6. Network Security Through Data Analysis: From Data to Action
By Michael Collins
Collins is the chief scientist for RedJack, a firm that focuses on assisting organizations with their network security and protection against attacks, through data analysis.
Data can provide information that traditional detections cannot offer, and this is the focus of this piece. What Collins focuses on is how InfoSec pros can use data analysis to protect against potential threats to which organizations may be vulnerable. His thesis is that traditional detection methods are no longer effective for the newest types of threats and that collecting the right data, along with analyzing it, is far better. Collins also provides the tools, methods, and sensors that will better acquire threat potentials.
7. IT Security Risk Control Management: An Audit Preparation Plan
By Raymond Pompon
This book comes from an IT security expert who has actually been in the trenches, involved in handling security breaches in a number of organizations. In this book, Pompon focuses on security audits and provides a guide for security pros to conduct that audit and build a customized security program that involves the entire organization. Obviously, this book is not for beginners.
The value of this book is its real-world, practical approach to security that will involve everyone.
8. Digital Resilience: Is Your Company Ready for the Next Cyber Threat?
By Ray Rothrock
This is one of the most current works on cyber threats, written in 2018, and only recently published. The author is currently the CEO of RedSeal, a cybersecurity consulting company.
The great thing about this book is that it is quite non-technical. It is really written for non-techie management and leadership who may not understand all of the jargon and processes.
One of the most interesting parts of the book, especially for management, are the synopses of the big recent data breaches and the WannaCry ransomware event. Rothrock details the failures that caused the breaches and what should be done to prevent them.
9. Practical Malware Analysis: A Hands-On Guide to Dissecting Malicious Software
By Michael Sikorski
Here is a seasoned practitioner who has consulted with the FBI, NSA, and the Department of Defense.
This is a technical piece, designed for IT pros, and includes the techniques, methods, tools for countering malware and provides actual “lab-type” activities for a highly practical approach. Anyone interested in data analysis and reverse engineering will find this book highly valuable.
10. Applied Network Security Monitoring: Collection, Detection, and Analysis
By Chris Sanders and Jason Smith
Here is an ultimate guide for network security monitoring (NSM) analysis, one with lots of real-world examples that takes a beginner from the ground up.
The theme of the book is that, at some point, prevention will fail. The key to the least damage is to detect it quickly and respond well. The author divides NSM into three stages – collection, detection, and analysis and provides great examples and advice.
Many More InfoSEc Books Out There
Obviously, this list of 10 is not comprehensive. In fact, there are thousands of texts on cybersecurity. But this list includes books that will serve an InfoSec pro well, as reference tools. Most of them are academic in nature and are often used as college-level texts or assigned as book reports – they are not easy books to review, because every page is critical.
About the Author: Linda Grandes
Linda Grandes is a former journalist who found her passion for blogging. She is a successful blogger at Studyton.com. Moreover, Linda is a highly-appreciated writer at WoWGrade. Linda is best-known for her marketing experiences and for the passion she puts in her writing pieces. She enjoys sharing her learnings with her readers and enjoys hearing success stories of her readers applying her tips and tricks on various areas.