Saturday, September 4, 2010

IT and ITsec books I've read these last years

These last years, I've read a few interesting books about IT and IT security, so I list them down here, if you ever got a spare week-end ^^
The list starts with the language, name and author(s) of the book then, when possible, links to related blogs and newsfeeds. It's in no particular order.
  • [EN] The failure of Risk Management, Why It's Broken and How to Fix It, by D.W. Hubbard [BLOG] [RSS]
  • [EN] Applied Security Visualization, by Raffael Marty [BLOG] [RSS]
  • [EN] The Official (ISC)² Guide to the CISSP CBK, aka the CISSP CBK, by... the (ISC)²
  • [EN] Beautiful Security, by Andy Oram and John Viega
  • [FR] La fonction RSSI (The CISO position), by Bernard Foray [old BLOG] [old RSS]
  • [EN] The New School of Information Security, by Adam Shostack and Andrew Stewart [BLOG] [RSS]
  • [EN] Security Warrior, by Cyrus Peikari and Anton Chuvakin [BLOG] [RSS] [Cyrus Peikari's page, see "Articles"]
  • [EN] Security Metrics, Replacing Fear, Uncertainty and Doubt, by Andrew Jaquith [BLOG] [RSS]
  • [FR] Sécuriser ses échanges électroniques avec une PKI, Solutions techniques et aspects juridiques (Securing Electronic Flows with a PKI, Technical Solutions and Legal Matters), by Thierry Autret, Laurent Bellefin and Marie-Laure Oble-Laffaire
  • [EN] The whole ITIL v3 series
  • [EN] Geekonomics: The Real Cost of Insecure Software, by David Rice [BLOG] [RSS]
EDIT 09/06: Oh and I forgot the mythical The Mythical Man-Month, by Fred Brooks [Wikipedia]