7 Books on Information Assurance & Cyber Security
With business sectors relying more heavily upon keeping information secure, the information assurance (IA) industry has vastly expanded in order to deal with the growing number of cyber threats posed against companies and organizations around the world. The information assurance industry has grown to surpass $75 billion, and by 2020 is projected to reach $170 billion. Given the industry’s progressive growth and advances in technology, those looking for a career within this industry should continually expand their understanding and awareness of IA strategies and protocols. The following seven books on cyber security offer a diverse range of insights that can help information assurance students and professionals develop a more expansive understanding of the past, current and future of the information assurance industry.
Practical Reverse Engineering by Bruce Dang
Drawing on his background as the senior software security officer at Microsoft, Bruce Dang provides a unique look at reverse engineering in Practical Reverse Engineering. Dang considers reverse engineering as the process of analyzing a piece of hardware or software and developing an understanding of how it functions without having any access to the source code or any of the design documents. In Practical Reverse Engineering, Dang highlights how software security researchers can apply reverse engineering to thwart the threats of aggressive hackers, who utilize this process to capitalize on system flaws of organizations. Though this subject matter is extremely complex, Dang’s publication compiles real-life scenarios, realistic examples and engaging exercises to solidify an information assurance professional’s understanding of how reverse engineering can be used to complement a cyber security strategy.
Cybersecurity & Cyberwar by Allan Friedman
Within the last few decades, there has been an enormous migration of knowledge and information to the seemingly infinite space of the web. With this, there’s also been a transfer of warfare and conflict to the online space. As most aspects of modern life – ranging from commerce to communication – involve some connection to the internet, information assurance professionals must understand the threats that are spreading rampantly across the internet. Allan Friedman uses Cybersecurity & Cyberwar to answer many of the most important questions relating to our society’s universal dependence on the internet. Friedman’s open tone and use of real world examples builds an engaging argument for those hoping to understand exactly how cyber warfare works, why it matters, and what can be done to make a positive impact to combat and ultimately prevent future cyber warfare.
The Practice of Network Security Monitoring: Understanding Incident Detection &
Response by Richard Bejtlich
Richard Bejtlich served as a captain of an Air Force Computer Emergency Response Team prior to bringing his expertise into the commercial sector. Bejtlich flourished in the information assurance industry, helping a multitude of cyber security experts develop more effective ways to find intruders within their private networks. The Practice of Network Security Monitoring is designed for those hoping to learn more about how they can use information derived from within the network to detect and respond to intruder threats. The foundation for this can be attributed to the understanding that network security is not primarily based on building walls that attackers will be unable to penetrate, but instead that attackers can defeat any traditional defense. With this in mind, Bejtlich suggests that network security specialists constantly measure and analyze data collected using strategies based on network security monitoring. The Practice of Network Security Monitoring provides step-by-step instructions on how an organization can deploy, build, and run their own network security monitoring operation using only open source software and tools. Employing Bejtlich’s methods can prepare IA professionals to effectively defend sensitive data from the progressing number of cyber attacks and threats.
The Art of Computer Virus Research & Defense by Peter Szor
Peter Szor has been a contributor to the information assurance industry for several decades, designing antivirus technologies for Norton AntiVirus, Symantec Security Response, and even maintaining his own antivirus software for several years. Szor’s experience with computer virus research has placed him high in the hierarchy of computer security researchers. In The Art of Computer Virus Research & Defense, Szor highlights the basics of anti-virus research, including how viruses are analyzed, how they spread, and how cyber security specialists can defend against the threats they bring with them. He also notes the origins of viruses and offers in-depth insight on how to effectively identify and conduct research on a mechanism that is often designed to go undetected, making The Art of Computer Virus Research & Defense great for information assurance professionals looking to expand their understanding of the history of computer viruses, as well as develop insight on new strategies that can be leveraged to identify viruses before they infiltrate networks.
Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software by Michael Sikorski
Malware analysis is one of the front-running operations contributing to the massive growth of the information assurance industry. Companies hoping to defend their software and data from the threats of malware often need an analyst to find a cure for the infection that is plaguing their networks. Practical Malware Analysis is designed to help cyber security professionals understand how to stay ahead of the latest and most common malware. Michael Sikorski engages readers by introducing tested methods of safely analyzing, debugging and deconstructing intrusive malware. Industry professionals seeking to prepare themselves for the threats of malware will need to be aware of how to dive into malware, such as learning how it works, assessing the damage, and purging it from the network so that the attacker loses all access to important data. Though these steps are all important, Sikorski focuses on defining them in a way that will allow readers to synthesize strategies that assure the highest probability of malware never returning to the network again.
The Art of Software Security Assessment by Mark Dowd
Within The Art of Software Security Assessment, Mark Dowd includes the writings of many security consultants who are frontrunners in the industry to help offer a deepened understanding of the best methods for deconstructing applications with hopes of uncovering their most understated and well-hidden security flaws. The Art of Software Security Assessment serves as a definitive guide to software security assessment which can be used to audit the effectiveness of security in applications developed for UNIX/Linux and Windows-based environments. This assessment is detailed, demonstrating procedures for applications of various shapes, sizes and intended functionality. Incorporating the teachings contained in The Art of Software Security Assessment can strengthen an information assurance professional’s ability to deliver secure software that safely addresses vulnerabilities that have potential to be exploited.
The Art of Memory Forensics by Michael Hale Ligh
The Art of Memory Forensics expands on an interesting and cutting-edge process that is focused upon using state-of-the-art technology to analyze computer memory (RAM) to aid in solving digital crimes. Because of its effectiveness, memory forensics has recently become a skill that is in incredibly high demand. As an innovator in threat intelligence and incident response solutions, Michael Hale Ligh uses his expertise to write a publication that can assist in preparing the next generation of information assurance professionals for solving cyber crimes, which have the potential to occur at an increasingly higher rate as the digital revolution continues to rapidly develop.
Through their knowledge and diverse range of experiences in the information assurance industry, the above professionals provide valuable insights that can help current and future information assurance professionals, especially those that are looking to prepare an advanced security strategy that can fend off the growing threats being placed against governmental infrastructure, business information, and individual privacy.
As the nation’s oldest private military college, Norwich University has been a leader in innovative education since 1819. Through its online programs, Norwich delivers relevant and applicable curricula that allow its students to make a positive impact on their places of work and their communities.
At Norwich University, we extend a tradition of values-based education, where structured, disciplined, and rigorous studies create a challenging and rewarding experience. Online programs, such as the Master of Science in Information Security & Assurance, have made our comprehensive curriculum available to more students than ever before.
Norwich University has been designated as a Center for Academic Excellence in Cyber Defense Education by the National Security Agency and Department of Homeland Security. Through the program, you can choose from the five unique concentrations that are designed to provide an in-depth examination of policies, procedures, and overall structure of an information assurance program.