Computer Security Literacy: Staying Safe in a Digital World
One of the most important papers on computer security and usability was Why Johnny Can’t Encrypt, A Usability Evaluation of PGP 5.0 by Alma Whitten and J.D. Tygar. They noted that user errors cause or...
View ArticleLow Tech Hacking: Street Smarts for Security Professionals
Security guru Bruce Schneier has observed that for those organizations that have incorrectly deployed cryptography, it is akin to putting a big flagpole in front of your facility and hoping that it...
View ArticleUsing Social Media for Global Security
Every knows that social media is an extremely powerful technology. The notion of social media analytics (SNA) which Using Social Media for Global Security deals with didn’t even exist a few years ago....
View ArticleSecurity Engineering: A Guide to Building Dependable Distributed Systems
Security Engineering: A Guide to Building Dependable Distributed Systems by Ross Anderson is one of, if not the best information security book ever written.With a list price of $80, it's worth every...
View ArticleThe Design of Rijndael: AES - The Advanced Encryption Standard
While it was printed about 11 years ago, I just got around to reading The Design of Rijndael: AES - The Advanced Encryption Standard. Appropois given that the RSA conference is next week. Many...
View ArticleTwo new security certification review guides from Microsoft Press
Last year, Microsoft Press started a series of Rapid Review certification books. With 6 currently in print; two of the titles are around security, namely CISSP Rapid Review by Darril Gibson and...
View ArticleThe Phoenix Project
While at the RSA Conference this week, the nice people at Tripwire gave me a copy of their CTO’s book The Phoenix Project: A Novel About IT, DevOps, and Helping Your Business Win. The theme of the book...
View ArticleThe Hacker's Guide to OS X: Exploiting OS X from the Root Up
The Macintosh operating system was long considered more secure than Windows. Part of the reason was that the vast majority of attackers targeted Windows given it was so ubiquitous. A lot has changed...
View ArticlePRAGMATIC Security Metrics: Applying Metametrics to Information Security
Like all books on metrics, early in the book in PRAGMATIC Security Metrics: Applying Metametrics to Information Security makes the statement that “you can't manage what you can't measure”. The authors...
View ArticleIntroduction to Computer Networks and Cybersecurity
At nearly 1,400 pages, Introduction to Computer Networks and Cybersecurity is more than just an introduction to the topic. Rather than simply an introduction, it is a comprehensive guide to the...
View ArticleThe Death of the Internet
At the beginning of The Death of the Internet, Markus Jakobsson asks the obvious question: is the title of this book a joke? It is noted that things can get worse and that is what the book is about....
View ArticleApplied Cyber Security and the Smart Grid: Implementing Security Controls...
Imagine if the smart guys from the SANS Institute came to the Federal Energy Regulatory Commission (FERC) and told them there it was impossible that the smart grid could be effectively secured. What...
View ArticleThe Death of the Internet - Markus Jakobsson
When I first heard about the book The Death of the Internet, it had all the trappings of a second-rate book; a histrionic title and the fact that it had nearly 50 contributors. I have seen far too...
View ArticleApplied Information Security: A Hands-on Approach
In Applied Information Security: A Hands-on Approach, authors David Basin, Patrick Schaller and Michael Schläpfer detail some of the labs exercises and texts that they used for courses they gave at ETH...
View ArticleLocked Down: Information Security for Lawyers
HadLocked Down: Information Security for Lawyers not been published by the American Bar Association (ABA) and 2 of its 3 authors not been attorneys; one would have thought the book is a reproach...
View Article
