Top Information Security Books

Here’s a short list of books which everyone interested in information security/assurance should read when they have time (all links go to Amazon’s listing of that book).  Beyond Fear and the two that were written, in part, by Kevin Mitnick are good to read even for those who aren’t interested in IA as a career because of their valuable insight into the human elements of security.  Organizations can benefit from knowing how a hacker thinks and ways they can use humans – the weakest element of security – to get what they want.

1. The Cuckoo’s Egg by Cliff Stoll
2. The Art of Intrusion by Kevin Mitnick and William Simon
3. Beyond Fear by Bruce Schneier
4. The Art of Deception by 
5. Secrets and Lies by Bruce Schneier

As you develop policies for handling information and how procedures are carried out, you should read over a few of these books.  They point out some very interesting factors of human nature which haunt security experts everywhere.  One of the biggest problems: people have a tendency to be helpful – often, too helpful.

Enjoy reading.  I am confident you will learn from them, as they are real eye openers!