Paul Walker on 8 Jun 2012 06:27:51 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] I need a book recommendation


Found a copy of Cuckoo's Egg at the thrift store last week for a dollar. A great read - reminds me of the old days.

Paul

On Mon, May 21, 2012 at 11:24 PM, <jazzman@exdomain.org> wrote:
Well the upside for me is that beyond my own curiousity on the topic, my company is willing to fund me upping my knowledge in this area (and they've gone so far as to discuss sending me back to school for a degree with a focus on security of some sort). So I'm fairly certain my manager will approve expensing the book. I'll talk to him tomorrow and give him a list of a few of the books you guys have mentioned to me and I'm 99% sure he'll be ok with just having the company cover it.

Thanks to all of you guys for the info and leads. It is greatly appreciated and hopefully I'll learn to enough to be able to contribute back to the group at some point.

Thanks again
Marc


On Mon, 21 May 2012, JP Vossen wrote:

I'm late to the party, but...

+1 _The Cuckoo's Egg_

+1 for Schneier but not _Cryptography Engineering_.  I'd favor _Practical Cryptography_ and _Secrets & Lies_ for this use case.

Also, this *sounds* perfect, but there is a catch:

http://it.slashdot.org/story/12/05/18/1321256/book-review-elementary-information-security
Book Review: Elementary Information Security
Section it Department read-all-about-it
Filed under security
Creator samzenpus

benrothke writes "Elementary Information Security, based on its title, weight and page length, I assumed was filled with mindless screen shots of elementary information security topics, written with a large font, in order to jack up the page count. Such an approach is typical of far too many security books. With that, if there ever was a misnomer of title, Elementary Information Security is it."

For anyone looking for a comprehensive information security reference guide - Elementary Information Security is it. While the title may say elementary, for the reader who spends the time and effort to complete the book, they will come out with a complete overview of every significant information security topic.

The book is in fact a textbook meant to introduce the reader to the topic of information security. But it has enough content to be of value to everyone; security notices or experienced professional.

Author Richard Smith notes that if you want to get a solid understanding of information security technology, you have to look closely at the underlying strengths and weakness of information technology itself, which requires a background in computer architecture, operating systems and computing networking.

With that, Elementary Information Security is a tour de force that covers every information security topic, large and small. The book also provides a relevant overview of the peripheral topics that are embedded into information security.

In 17 chapters covering over 800 pages, the book is well organized and progressively gets more complex.

[... lots more, go read the post on /. ]

The book is not meant as a For Dummies guide to the topic, and it assumes a college-level comprehension of relevant mathematical concepts. Note though that the requisite math is detailed in the sections on encryption and cryptography.

The book is also the first textbook certified by the NSA to comply with the NSTISSI 4011 standard, which is the federal training standard for information security professionals. The author notes on his blog that in order to gain that certification, he had to map each topic required by the standard to the information as it appears in the textbook.

Given the value of the book, (ISC) should consider using this title as a reference for their CISSP certification. With all of the CISSP preparation guides available, even the Official (ISC)2 Guide to the CISSP CBK, one is hard pressed to find a comprehensive all-embracing security reference such as this. Some may even want to simply use this book as their definitive CISSP study guide.

For those looking for a single encyclopedic reference on information security, they should look no further than Elementary Information Security. Richard Smith has written a magnum opus on the topic, which will be of value for years to come.

--- End of excerpted book review ---

Sounds perfect right?  I want one too.  The problem is, it's $130 new... Maybe you can find a library that has it?

Later,
JP
----------------------------|:::======|-------------------------------
JP Vossen, CISSP            |:::======|      http://bashcookbook.com/
My Account, My Opinions     |=========|      http://www.jpsdomain.org/
----------------------------|=========|-------------------------------
"Microsoft Tax" = the additional hardware & yearly fees for the add-on
software required to protect Windows from its own poorly designed and
implemented self, while the overhead incidentally flattens Moore's Law.
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug