Appendix D. Recommended Reading

There are a wide variety of information security books on the market. Many of these books cover a specific technology in information security, while others address enterprise security, general vulnerabilities, and general countermeasures. Most of these books cover the same type of information through different styles of presentation. The following are humble notes on some books that I believe to be extremely useful to information security professionals. Each covers key concepts that, in my opinion, every security professional should understand.

Incident Response, by Kevin Mandia and Chris Prosise

This is a great guide for creating and maintaining good incident response practices. It is extremely thorough and practical for medium and large organizations. This book is about 50% technical.

Secrets and Lies, by Bruce Schneier

This book provides a great explanation of security and its impacts on the business world. It is focused mostly on concepts and historical facts surrounding the world of information security. This book is not technical and could be read by anyone.

Practical UNIX and Internet Security, by Simson Garfinkel and Gene Spafford

This is a great security book focused on networking and system-based security practices. It covers both security theory and hands on implementation for UNIX and the Internet. This book is about 75% technical.