Books
Book Topics
This list contains books that relate to the strategy, planning and deployment of IP-based security technology, including networking technology. Our objective is develop a "basic books you must have", with a leaning towards practical application over theory.
Information Security
Information security is a topic that is often hard for non-technical people to deal with, only because discussions can quickly descend into technical talk that leaves the decision-makers and other stakeholders (including physical security practitioners) in the dust. The flip side of the coin is that many computer and network security technologists don't have a firm grasp on the organizational "people and process" elements that are required for technical security to fully effective.This section is for books that help bridge the gap in both directions.
Know IT Security
by James P. Litchko
Securing computers and networks for non-technical managers: A practical case study
This book is a story for CEO's, CFO's, CIO's, CSO's, and their personnel who are looking for a basic introduction to IT security concepts, terms, and strategies. Believe it or not, you can read this book in about 2 hours. But in that short time, you will be provided a:
• low-tech introduction to IT security threats and countermeasures, firewalls, encryption, intrusion detection, backups, etc.
• business-based strategy for assessing IT system security needs
• total security approach to securing IT systems using technical, personnel, physical, and procedural security methods
After reading KNOW IT Security, you will have a basic understanding of IT security that will allow you to ask knowledgeable questions, make better decisions, and have the confidence to learn more on this complex topic.
Know Cyber Risk
by James P. Litchko
Strategies for controlling security assessments and selling security to management
This is another story-based that book you can read in just a few hours. It provides business professionals, IT managers, and IT security specialists with a quick, informal, and entertaining introduction to understanding the complex security concepts of risk assessments, plus successful strategies for :
• making IT security decisions based on business needs
• selling IT security solutions and justifications to senior management
• total security approach to securing IT systems using technical, personnel, physical, and procedural security methods
KNOW IT Security provides you with the basic understandings to apply real-world and practical business goals into security, gain managerial control of risk assessments, and develop a collaborative strategy for company wide security practices.
Networking
Networking is critical because most computers, applications and computer/telephone users depend on it. Our world runs on it. For anyone working in a technical field, having a solid grasp of networking fundamentals is important. This section is for books that contribute to that understanding.
Computer Networking: - A Top Down Approach (5th Edition)
This is an outstanding book for several reasons. It starts with the part of networking that we're all most familiar with as computer users: the Internet. Then it works its way down from application level networking all the way to bare wire. You can take multiple approaches to reading it. Each chapter starts with a plain-language introduction to the chapter's topic. Then it goes on to the detailed material, very well presented and glossing over nothing. This means that you can read the introductory level material chapter by chapter, then drill down deeper in specific chapters where you want to learn more. You can select specific chapters where you want to fill in knowledge, which is great because most on-the-job experience is narrowly focused and is optimized for what your employer needs, not what you want to learn about.
The initial material in each chapter is good even if you already have in-depth knowledge, as it will give you the concepts and verbiage you need to talk communicate with the folks who are not so technical. If you are not a network technologist but need a basic understanding of the various aspects of networking, you can take each chapter just to the depth that you need to for the level you work at.
The authors did an outstanding job with definitions and examples. Having clarity on the networking concepts is fundamental to having a solid working knowledge. This also lessns the chore of reading, as you don't have to hunt around in other places to define terms or locate examples.
There is one Amazon reviewer who stated that the book oversimplified a few of the very technical points. If you are someone who is working at that level, you will either already gotten the full scoop on the details, or will be referencing additional technical material that spells it out in a way that's not intended for this type of book.
There is also companion website material, which the publisher descirbes:
- Student Resources: Quizzes, Wireshark Labs, applets, links, additional readings, and more.
- Instructor Resources: Instructor materials are available on our Instructor Resource Center. Separate registration is required.
Note that much of the material requires a logon for which you need a registration code from the book cover.
If you want a firm grasp on networking fundamentals, or on how to explain them to less technical folks, this is the book to read.
Convergence
Security Convergence: Managing Enterprise Security Risk
by Dave Tyson
Security Convergence is the first book to cover both security technology convergence (physical security technology and information technology) and organizational security convergence (IT security management and corporate/physical security management). Traditionally these are organizational silos that rarely interact.
The book discusses security management, electronic security solutions, and network security and the manner in which all of these interact. Combining security procedures accross silos and arriving at complete security solutions improves efficiency, greatly improves security, and saves companies money.
Implementation of convergence principles has increased rapidly and the number of businesses moving to this model will continue to grow over the next few years. All security professionals, regardless of background, will find this a useful reference and a practical look at the benefits of convergence and a look to the future of how organizations and corporations will protect their assets.
• A high-level, manager's overview of the movement in corporations to combine the physical and IT Security functions
• Specific examples of the challenges and benefits of convergence with an assessment of the future outlook for this growing industry trend
• Case examples that detail how convergence can be implemented to save money and improve efficiencies
This text has a practical focus on convergence that includes a strong risk management element, as this quote from teh book illustrates:
“Convergence is about optimizing the risk profile so that all risks are identified, considered and either mitigated or accepted — ideally with some form of compensating control. I urge you to truly ponder this thought in detail: Identify and mitigate ALL RISKS in the environment. This is what the convergence security practitioner, or group of practitioners, must do. Senior management should not be accepting any more risk than they are aware of, and if all the risks are well understood in the new and increasingly complex environment, then the first part of the job is done.” -- Dave Tyson
Physical Security for IT
by Michael Erbschloe
How to establish a physical IT security function in an organization
This book is not about physical security assessments, countermeasures and technologies. It is about what is usually lacking in most organizations: a good approach to implementing a sound physical security plan for computer, network and telecom assets.
The author presents an approach that is very compatible with an ISO-style Information Security Management System (as found in ISO 27001), and is compatible with other IT security frameworks as well. But you don't have to know those frameworks at all to apply what is in this book.
After providing a good overview of physical security for information asset protection, Erbschloe covers the process of establishing a physical IT security function in an organization, including the steps to developing a physical security plan. He also explains the major elements of a physical security plan, including the overview and mission statement, assignment of organizational responsibilities, the use of duty officers, and the management of contact lists. How to develop and document appropriate methods and procedures for is followed by the importance of testing and how to test and audit procedures. Next, Erbschoe covers the steps for managing response to an incident. A model training program for physical IT security is also provided. Consideration is also given to the future of physical security for IT assets.
This book is for both IT and physical security practitioners.