The role of Chief Information Security Officer (CISO) is a relatively new and started getting organizational level recognition from the CxO community and board of directors. To establish and prove the importance of this position CISO has to shoulder multiple tasks. While sailing through this role CISO’s are facing many challenges, including scarcity of skilled resources, getting the budget approved for the security initiatives, getting involved in early stages of new business initiatives etc.
Fortunately, multiple resources are available for CISO to update and upgrade their knowledge and skills, which includes blogs, online webinar, conferences, training, multimedia like podcasts, white papers, and technology vendor documents.
If we encounter a man of rare intellect, we should ask him what books he reads.
–Ralph Waldo Emerson
The old proverb says books are your best friends. You can visit them now and again and they will never shy away from helping you with the information. There is no alternative to read books and refer them whenever required, that way you can outsource the remembering things you do not need often to the books and save your precious memory.
We have selected the following books from the coverage of the CISO role and information he needs to have handy. We hope that these books will be able to provide information about:
- How to work collaboratively with other CxO
- Get involved and make a decision on strategic initiatives
- Providing inputs on what is happening larger context of hacking, threat intelligence
- Managing the day to day security operations efficiently
We hope this will be crown jewels in your bookshelf and will help to you as and when required.
1. CISO Desk Reference Guide
An easy to use guide written by experienced practitioners for recently hired or promoted Chief Information Security Officers (CISOs), individuals aspiring to become a CISO, as well as business and technical professionals interested in the topic of cyber security, including Chief Technology Officers (CTOs), Chief Information Officers (CIOs), Boards of Directors, Chief Privacy Officers, and other executives responsible for information protection
The book covers the excellent discussion of the evolving CISO role and how best to embed it in the organization, fundamentals like data classification and controls, advice on tools and techniques.
The book delivers multiple perspectives on the foundations of organizational cyber security. This is essential reading for both aspiring and incumbent Chief Information Security Officers.
The book also helps fill a critical gap in the ever-evolving information security common body of knowledge.
2. Hacking Exposed – Network Security Solutions
3. The Computer Incident REspone Planning Handbook
It is good at explaining things about an Incident Response Plan that you might overlook (i.e. having executive buy-in). It approaches things realistically without getting bogged down with a bunch of fluff or anecdotal knowledge that does not serve a purpose. Short and to the point! I highly recommend this to anyone starting a security program.
4. Threat Modeling Designing Security
The book is chock-full of specific and actionable advice, without being tied to specific software, operating systems or languages. For security professionals, the book provides the easiest way to adopt a structured approach to threat modeling. This approach is being promoted by Microsoft and the book provides the easiest way to understand the changing threats and threat landscape.
This book provides the most practical approaches to look at security with the threat context which should be the most worrying part for any security officers. This book provides the much-needed guidance in designing a practical information security policy for the organization rather than concentrating on compliance requirements. Awesome and recommended for all security officers
5. Cyber Breach Designing Exercise
This book provides the insight on this much-needed topic “Exercises”
6. Data Driven Security Analysis Visualisation
Data Driven Security is a first of its kind book that aims to achieve the impossible; To be a book that integrates all 3 dimensions of ‘Data Science’, a) Math and Statistical Knowledge, b) Coding/Hacking skills, and c) Domain Knowledge. Domain, in this case, being the Information Security Domain. If these 3 dimensions are unknown to you, look at the figure on the right. This book is unique in that regard as it tackles all 3 dimensions. This is worth mentioning especially when you consider that concepts like statistical and machine learning are not part of traditional InfoSec tools. Traditional InfoSec tools are based around the concept of signature matching, i.e. determining if a threat matches from a set of already known badness such as a virus, malware, network activity, ip address, domain name. This approach is always playing catch up and the good guys are always one step (in fact several steps) behind the bad guys. This is where data-driven security comes in.
7. Cyber Security Everything Executive Needs to know
A great book should leave you with many experiences, and slightly exhausted at the end. You live several lives while reading.
–William Styron
What are you waiting for log into your Amazon account and order the books your bookshelf is missing. We hope these books will help you with the required knowledge.
Enjoy reading.