Scott's Recommended Reading List for Information Security Managers
All the books on this page may be purchased from
Amazon.com.
The commission from all books bought from this list using the links on this page will be donated to cancer research!
"This is one of those books that should be in the back pocket of any manager who really wants to cover that part of their anatomy."
-Amazon.com reviewer Charles Ashbacher
Computer Security Basics by Deborah F. Russell, G.T. Gangemi
O'Reilly & Associates, February 1991
ISBN 0937175714
A classic that still contains great principles that still apply which are explained in a manner that everyone could understand.
Hackers Beware by Eric Cole
New Riders Publishing, August 2001
ISBN 0735710090
It is a good idea to understand computer security from the hacker's point of view. Hackers Beware gives the reader the big picture from all apects of computer security. A must read for everyone, including the seasoned professional.
If you are going to be an InfoSec manager, this book better be on your shelf for reference, after you memorize it! Schneier has a unique perspective on information security that every manager should pay attention to. It is based in common sense, which can be rare for an InfoSec book.
This book delves deep into the nuts and bolts of managing InfoSec and puts it clearly in context of the business process you InfoSec program should be designed to protect.
The next step to understanding information security risks to to understand security from a hacker's point of view. Sams rounded up the stories and suggestions from many hackers and put them into a book that should be required reading for everyone in this industry
What better way to learn about information security than from The CERT Coordination Center, the people who has watched and reported on Internet incidents since 1988.
Security is more than a firewall. And despite the book's title, the noted authors follow-up their breakthrough original book with a thoughtful, well written discussion on the mechanisms of Internet security.
If you have any questions about cryptography, this is the reference to use to answer them. If you buy one book on cryptography, this is the book to own.
After you finish Schneier's book, Stallings bridges the gap between what cryptography is and how it applies to network security. The updated 3rd Edition is really an improvement over previous editions.
PGP: Pretty Good Privacy by Simson Garfinkel
O'Reilly & Associates, October 1995
ISBN 1565920988
One application of cryptography is PGP. This book is an excellent reference into how to use PGP in your network environment.
CISSP Training Guide by Roberta Bragg
Que Publishing, November 2002
ISBN 078972801X
This is an excellent book. It not only covers the ten domains but contains a CD-ROM with a lot of practice questions. Scott Barman is a contributor of Chapter 3 to this book.
Eric Cole, Matthew Newfield, John M. Millican, and Stephen Northcutt
Que Publishing, October 2002
ISBN 0789727749
The Global Information Assurance Certification (GIAC) is an up and coming certification exam that many will accept as much as the CISSP. However, if you read this study guide, you will think that the GIAC is superior to all others. This book is well crafted for all levels of understanding information security.
![[In association with Amazon.com]](images/a130X60b.gif)
