As a bookworm, these are my top ten information security books:
- The Cuckoo’s Egg by Clifford Stoll – the whodunnit that first got me seriously interested in hacking and IT security. A gripping story of intrigue and perseverance.
- Codebreakers by Hinsley & Stripp – the extraordinary tale of WWII cryptanalysis at Bletchley Park, and ultra-secrets.
- Secrets and Lies by Bruce Schneier – Bruce’s writing is always stimulating, thought-provoking. S&L was the first I read, and would remind me of the ones that followed.
- The Art of Intrusion by Kevin Mitnick – as with Bruce, the first book reminds me of the series. More social engineering than hacking, but ingenious nevertheless. The hacker mindset sings out.
- Information Paradox by John Thorp – the book that changed my way of thinking, treating IT and information as business tools. Underpins ISACA’s ValIT method.
- Managing an Information Security and Privacy Awareness and Training Program by Rebecca Herold – the book I wish I had written (and retitled!). Full to the brim with bright ideas.
- How to Measure Anything by Doug Hubbard – creative approaches to measure and analyse situations that seem unmeasurable.
- Security Engineering by Ross Anderson – my infosec textbook of choice, if a bit outdated now (a 3rd edition is long overdue!). Emphasizes a systematic, engineering approach to infosec.
- DTI Code of Practice for Information Security (BSI DIC PD003), or the Shell corporate infosec manual before that – the precursors to BS7799 and ISO27k. A chance to think about how far we’ve come and where we are, or rather should be, heading next with security standards.
What would you suggest for my Amazon wish-list?