I get asked this question fairly frequently and I usually do have a security book in my “Currently Reading” stack….along with a fair amount of books on World War II (I’m a big military history buff), books on Christianity (The Bible being the most prominent, but also some books on systematic theology), and of course my beloved Green Bay Packers. Feel free to email me for those lists.
So I figured I might add a new feature to my blog, since I am always being asked, “What are some good security books out there?” 4 years ago, you’d go into Barnes & Noble and you might find one hidden in the bowels of other networking and dev books. Now they seem to have hundreds.
The Book I’m Currently Reading:
Effective Security Management, 4th Edition. Sennewald, Charles A., 2003. Butterworth-Heinemann. ISBN 0750674547
One of the things I’m most interested in, just happens to be security management. What most IT folks don’t realize is that in most circles, the concept of “security management” eclipses the singular notion of “information security”. Security management in most businesses is far more comprehensive than firewalls and password policies. Security managers often deal with things like loss prevention, executive prevention, and building security in addition to the stuff we’re all familiar with like regulatory compliance, secure application development, etc. This book has been amazing thus far and it is really opening my eyes to the big picture that many CSOs deal with on a daily basis. It is really helping me understand the breadth of knowledge required for my career goal of becoming a CSO.
It is also a great prep book for anyone who is considering investing the time and energy to sit for the ASIS International Certified Protection Professional (CPP) examination. I’m seriously considering this, although I might be missing a few of the requirements. Trust me, this organization is top-notch! They’ve been doing security since before security was on the radar for most people. As their website states, ASIS “…is the largest organization advancing the security profession worldwide.”
If you liked this book, you might also like to try the following:
Information Security Management Handbook by Harold F. Tipton and Micki Krause
A Practical Guide to Managing Information Security (Artech House Technology Management Library) by Steve Purser
Information Security Policies and Procedures: Guidelines for Effective Information Security Management by Thomas R. Peltier
Information Security Risk Management for ISO27001/ISO17799 (Implementing ISO27001) by Alan Calder and Steve Watkins.