Recommended Books
Information Security Policies, Procedures, and Standards: Guidelines for Effective Information Security Management
by Thomas R. Peltier
Information Security Policies, Procedures, and Standards: Guidelines for Effective Information Security Management provides the tools you need to select, develop, and apply a security program that will be seen not as a nuisance but as a means to meeting your organization's goals.Divided into three major sections, the book covers: writing policies, writing procedures, and writing standards. Each section begins with a definition of terminology and concepts and a presentation of document structures. You can apply each section separately as needed, or you can use the entire text as a whole to form a comprehensive set of documents. The book contains checklists, sample policies, procedures, standards, guidelines, and a synopsis of British Standard 7799 and ISO 17799. Order through Amazon.com
Information Security Architecture: An Integrated Approach to Security in the Organization
by Jan Killmeyer Tudor
An information security architecture is made up of several components. Each component in the architecture focuses on establishing acceptable levels of control. These controls are then applied to the operating environment of an organization. Functionally, information security architecture combines technical, practical, and cost-effective solutions to provide an adequate and appropriate level of security.Information Security Architecture: An Integrated Approach to Security in the Organization details the five key components of an information security architecture. It provides C-level executives with an understanding of the requirements for a strategic plan for security within the organization.Order through Amazon.com
Information Security Management Handbook on CD-ROM, 2002 Edition
by Harold F. Tipton (Editor), Micki Krause (Editor)
The four volumes of the Information Security Management Handbook are now available on CD-ROM. Containing the complete contents of the books, readers get a resource that is lightweight and portable, linked and searchable by keyword, organized under the CBK domains, and with exportable text or hard copy available at the click of a mouse. In addition, it provides an extra volume's worth of information that readers will find nowhere else. Order through Amazon.com
The Information Systems Security Officer's Guide: Establishing and Managing an Information Protection Program
by Gerald L. Kovacich
This book presents a total systems approach to the all the topics needed for the infosec professional, beginning with defining the position of the information systems security officer (ISSO), to establishing and managing an infosec program. It is based on a business approach, not a technical approach. The author writes from over 14 years of research and experience. Each chapter ends with thought-provoking questions for use by the instructor. Order through Amazon.com
The CERT Guide to System and Network Security Practices
by Julia H. Allen
The CERT© Guide to System and Network Security Practices is a practical, stepwise approach to protecting systems and networks against malicious and inadvertent compromise. The practices are primarily written for mid level system and network administrators--the people whose day-to-day activities include installation, configuration, operation, and maintenance of systems and networks. The practices offer easy-to-implement guidance that enables administrators to protect and securely operate the systems, networks, hardware, software, and data that comprise their information technology infrastructure. Managers of administrators are intended as a secondary audience; many practices cannot be implemented without active management involvement and sponsorship. Order through Amazon.com
Hacking Exposed: Network Security Secrets & Solutions, Third Edition
by Stuart McClure, Joel Scambray, George Kurtz
The new edition of this powerful best-seller contains a CD-ROM with links to security tools mentioned in the book, key security tools for download from the CD, and a password database. Inside the book, you'll also get all-new security information on 802.11 (Wireless) hacking, Windows XP, Windows.NET Server (code named Whistler), and IIS 5--plus a whole lot more! Order through Amazon.com
Secrets and Lies: Digital Security in a Networked World
by Bruce Schneier
Internationally recognized computer security expert Bruce Schneier offers a practical, straightforward guide to achieving security throughout computer networks. Schneier uses his extensive field experience with his own clients to dispel the myths that often mislead IT managers as they try to build secure systems. This practical guide provides readers with a better understanding of why protecting information is harder in the digital world, what they need to know to protect digital information, how to assess business and corporate security needs, and much more. Order through Amazon.com
Network Intrusion Detection: An Analyst's Handbook (2nd Edition)
by Stephen Northcutt, Donald McLachlan, Judy
Novak
Intrusion detection is one of the hottest growing areas of network security. As the number of corporate, government, and educational networks grow and as they become more and more interconnected through the Internet, there is a correlating increase in the types and numbers of attacks to penetrate those networks. Intrusion Detection, Second Edition is a training aid and reference for intrusion detection analysts. This book is meant to be practical. The authors are literally the most recognized names in this specialized field, with unparalleled experience in defending our country's government and military computer networks. People travel from all over the world to hear them speak, and this book will be a distillation of that experience. The book's approach is to introduce and ground topics through actual traffic patterns. The authors have been through the trenches and give you access to unusual and unique data. Order through Amazon.com
Incident Response: Investigating Computer Crime
by Chris Prosise, Kevin Mandia
This is one of the first books available that explains what to do after you've been hacked. Written by FBI insiders, this book reveals the computer forensics process and offers authoritative solutions designed to counteract and conquer hacker attacks. Order through Amazon.com
Computer Forensics : Incident Response Essentials
by Warren G. Kruse II, Jay G. Heiser
Computer forensics, the newest branch of computer security, focuses on the aftermath of a computer security incident. The goal of computer forensics is to conduct a structured investigation to determine exactly what happened, who was responsible, and to perform the investigation in such a way that the results are useful in a criminal proceeding. Written by two experts in digital investigation, Computer Forensics provides extensive information on how to handle the computer as evidence. Kruse and Heiser walk the reader through the complete forensics process-from the initial collection of evidence through the final report. Topics include an overview of the forensic relevance of encryption, the examination of digital evidence for clues, and the most effective way to present your evidence and conclusions in court. Unique forensic issues associated with both the Unix and the Windows NT/2000 operating systems are thoroughly covered. Order through Amazon.com
Writing Information Security Policies
by Scott Barman
Finally, someone decides it is time to write a security policy. Management is told of the necessity of the policy document, and they support its development. A manager or administrator is assigned to the task and told to come up with something, and fast! Once security policies are written, they must be treated as living documents. As technology and business requirements change, the policy must be updated to reflect the new environment--at least one review per year. Additionally, policies must include provisions for security awareness and enforcement while not impeding corporate goals. This book serves as a guide to writing and maintaining these all-important security policies. Order through Amazon.com
E-Policy: How to Develop Computer, E-Policy, and Internet Guidelines to Protect Your Company and Its Assets
by Michael R. Overly
How to Develop Computer, E-mail, and Internet Guidelines to Protect Your Company and Its Assets It's fast, it's easy, and it's dirt cheap. But for all the advantages of e-mail and the Internet, it's a form of communication that comes at a cost: ** small fortunes are being spent in litigation because of employee abuse of e-mail ** trade secrets stored on computers are routinely stolen or compromised by employees ** productivity is dropping and costs skyrocketing as employees squander hours online. To radically reduce legal liability, theft, and wasted resources, companies need clear, legally sound policies that explicitly define the rights and obligations of employees. They need policies that are as up to date as their technology. Now there's a comprehensive computer/e-mail policy writing kit to help them. This one-stop resource supplies background information, step-by-step guidelines, and pre-written policies. And it includes real-life nightmare stories that drive home how explosive the problems can be-and how crucial the solution. MICHAEL R. OVERLY (Long Beach, CA) is special counsel to the Information Technology Department at the law firm of Foley & Lardner in Los Angeles. He counsels clients on software licensing, copyright, electronic commerce, and Internet and multimedia law. Order through Amazon.com
