Excellent book about InfoSec that has everything you need to know and nothing you don't.
A Data-Driven Computer Security Defense: THE Computer Security Defense You Should Be Using by Roger A. Grimes, available on Amazon in print and Kindle editions.
Roger is one of the IT Security Pros that I know and have admired for years. He has a no-nonsense approach to InfoSec and his years of experience are captured in this very valuable book. I strongly recommend you read it!
https://www.amazon.com/Data-Driven-Computer-Security-Defense-Should/dp/1549836536/
Foreword by Dr. Dorothy E. Denning, Emeritus Distinguished Professor, Department of Defense Analysis, Naval Postgraduate School
Today, most companies are either completely hacked or could easily be hacked. Things are so bad that most organizations are operating under an assumption of “Assume Breach”, and need to.
The truth is that most companies are not doing the right defenses in the right places and amounts against their biggest threats, making it far easier for hackers and malware than it needs to be.
Most organizations are highly inefficient at defending their computers, wasting resources (e.g. people, money, and time) solving the wrong problems. It doesn’t have to be this way.
A Data-Driven Computer Security Defense describes what’s wrong with most traditional computer defenses, how they got that way, and how to fix it. It tells how to put the right remediations in the right places in the right amounts against the right things.
The theory is backed up by real life examples of what other companies have done to significantly strengthen their defenses. It is guaranteed that after you read A Data-Driven Computer Security Defense you’ll never think about computer defense the same way again.
Table of Contents
Part I – Bad Defenses
Chapter 1 - Introduction
Chapter 2 – How and Why Hackers Hack
Chapter 3 – Broken Defenses
Part II – A Better Data-Driven Defense
Chapter 4 – How to Fix a Broken Defense
Chapter 5 – Getting Better Data
Chapter 6 – Benefits of a Data-Driven Defense
Chapter 7 – Data-Driven Computer Security Defense Cycle
Part III – Implementing a Data-Driven Defense
Chapter 8 – Implementation Examples
Chapter 9 – How to Get From Here To There
Chapter 10 – Answers to Common Questions
Roger A. Grimes, CPA, CISSP, CEH, CISA, MCSE, yada, yada is a 30-year computer security professional and he has written 10 books and over 1000 national magazine articles on computer security. He is a frequent security conference speaker and is often interviewed by national magazines, news, radio, and television shows. He has been the InfoWorld/CSOOnline security columnist since 2005.
He has worked for or consulted with many of the world’s largest companies, utilities, and armed forces. He specializes in host security and preventing malware and hacker attacks.
