Introductory books on computer security

Click For Summary

Discussion Overview

The discussion centers around recommendations for introductory books on computer security. Participants explore various resources, including practical guides, theoretical texts, and frameworks, while addressing the level of technical knowledge required for effective learning in the field.

Discussion Character

  • Exploratory
  • Technical explanation
  • Debate/contested
  • Homework-related

Main Points Raised

  • One participant suggests starting with a Google search for books, emphasizing that personal recommendations may be more valuable.
  • Another participant recommends O'Reilly publications and suggests checking Amazon for book reviews.
  • A participant shares their experience with books like "Maximum Security," "Hacking Exposed," and "Computer Security: Art and Science," highlighting their practical and theoretical contributions to understanding computer security.
  • One participant argues against starting with a book, advocating for understanding industry-standard security frameworks like SANS and NIST, which provide a foundational understanding of security practices.
  • Another participant mentions "Hacking, 2nd Edition: The Art of Exploitation," noting its technical nature and the necessity of prior programming knowledge to fully grasp its content.
  • A participant inquires about the level of study desired, emphasizing the importance of introductory resources for beginners.
  • One suggestion includes "CEH Study Guide" by Kimberly Grave, along with a recommendation to explore programming languages relevant to security.
  • Another participant comments that programming languages are not strictly necessary for understanding hacking techniques, as various languages can be used for malicious purposes.

Areas of Agreement / Disagreement

Participants express a range of opinions on the best approach to learning computer security, with some advocating for books and others for frameworks. There is no consensus on a single best resource or method for beginners.

Contextual Notes

Participants note that many recommended books may become outdated quickly, suggesting a need to supplement reading with current security blogs and resources. The discussion also highlights varying levels of technical knowledge among participants, influencing their recommendations.

Who May Find This Useful

This discussion may be useful for individuals seeking introductory resources in computer security, particularly those with varying levels of prior knowledge and interest in practical versus theoretical approaches.

mech-eng
Messages
826
Reaction score
13
Would somebody like to adivse me simple introductory books on computer security. I know I could make a Google search but I hope advises are better and there is no previous thread about introductory books on related topic.

Thank you.
 
Computer science news on Phys.org
I would do your google search and ask about some of the books you find interesting.

In general Oreilly publications are good books to consider. Also you could try Amazon and look at the book reviews and whether you'd want to buy the book of interest.
 
Although I studied the subject formally in some semester many years ago, I was always interested in this subject and I found very helpful to develop a mindset on what constitutes computer security and defense at various levels and sizes from a personal machine to a corporate network early on, using various books besides my notes. I found interesting, books like "Maximum Security" by Anonymous, that is mostly a practical guide of tools and techniques for protecting a network, the series of "Hacking Exposed" by McClure - Scambray - Kurtz - a fairly recent edition here https://www.amazon.com/dp/0071780289/?tag=pfamazon01-20, that is about practical advice, techniques and tools of defense and Matt Bishop's "Computer Security: Art and Science".
A good modern formal text at the introductory level is Goodrich - Tamassia "Introduction to Computer Security" https://www.amazon.com/dp/0321512944/?tag=pfamazon01-20that does not assume extensive knowledge in CS or math and Matt Bishop's "Introduction to Computer Security" https://www.amazon.com/dp/0321247442/?tag=pfamazon01-20. Of course, as jedishrfu points out, google is your friend and there is plenty of useful information you can find out, according to your goals. I'll stress out that good knowledge about computer networks, some decent coding skills and good skills of using probing / testing tools and suites both command - line oriented as well as GUI oriented, are required in order to pursue the subject beyond the introductory level.
 
Last edited by a moderator:
I wouldn't start with a book. Large organisations that need to take security seriously benchmark themselves against other organisations in the same sector - no one wants to be bottom of the league for fairly obvious reasons, and interestingly you don't particularly want to be at the very top, as the cost of getting there will be eye-wateringly high, and for most industry sectors simply not worth the additional cost it takes to be "mid to top table".

Why am I boring you with this? Because the need to benchmark drives organisations to adopt industry standard security frameworks. Plural yes, because there's never going to be complete agreement which frameworks best; however if you're looking for an introduction, then the differences between the frameworks are probably not that important - they're all after the same macro outcomes.

I would recommend starting with the SANS framework. It is by far the simplest framework and easiest to understand framework that is adopted across a large number of industries:
https://www.cisecurity.org/critical-controls/

It's not as widely adopted as the NIST Cyber framework (particularly in the US) - but the principles and coverage of the two frameworks probably have a 95% plus commonality, although their approach and structure differ quite substantially in places. NIST is definitely a very good second read; it's had NSA oversight and let's face it... no one really does security any better than the NSA :-)
http://www.nist.gov/cyberframework/

Someone may well reply to this and give you a other framework suggestions - different industries do have their favourites; but I can pretty much guarantee that if you can understand the SANS basics, then 90% of whatever you're pointed towards will be familiar to you when you read it.

Regards
Matt
 
  • Like
Likes   Reactions: nrqed
mech-eng said:
Would somebody like to adivse me simple introductory books on computer security. I know I could make a Google search but I hope advises are better and there is no previous thread about introductory books on related topic.

Thank you.
I'm making an assumption here mech-eng, given the recent computer infection you had, you are looking for books that outline exactly how a system is compromised and what happens after that. Most of the books out there are fairly technical, one of my favorites is Hacking, 2nd Edition: The Art of Exploitation. The author goes over all the steps involved, finding a vulnerability in a piece of software, the programming involving in building an exploit that attacks the vulnerability with the goal of running some piece of code, generally shellcode and finally what preventative steps we can take. The idea is to learn how to attack a system in order to know where you should focus your defence.
But, as I said, this is a fairly technical book and you need to have a background already in programming to get anything significant out of it.

At what level do you wish you study the subject?
 
Last edited:
  • Like
Likes   Reactions: Pepper Mint
Routaran said:
At what level do you wish you study the subject?

I have to learn it from zero level. This is the reason why I am interested in introductory ones. And should I try to learn a programming language for a better security learning?

Thank you.
 
Look at Kimberly Grave. (2010). CEH Study Guide.
https://www.amazon.com/dp/0470525207/?tag=pfamazon01-20

Google Books has some sections of the book available
https://books.google.ca/books?isbn=0470642882

This was one of my resources in a course I did a couple years back.

After that look at Hacking, 2nd Edition: The Art of Exploitation
https://www.amazon.com/dp/1593271441/?tag=pfamazon01-20
Google Books
https://books.google.ca/books?isbn=1593271441

You can look at introduction to Assembly and C if you want to learn about the details of exploit discovery and development but this might be too far out of scope for you. I suggest you skim those parts so you understand what's involved without worrying about the specific details.Books on this subject unfortunately get dated quickly. If you want the most up to date information, then mgkii's suggestion of SANS is the way to go. But their material is expensive. You're better off using older books and then reading up security blogs to see what's new.
 
  • Like
Likes   Reactions: Pepper Mint
I would only like to add that programming languages you may want to learn are not really relevant to writing hacking software or malicious code, any of which is stemmed from hackers's intents, to be more exact. So even scripting languages can also be used to carry out their attacks toward a specific target. Anything that can be viewed or run on your computer can be viruses or injected with malicious code to exploit your system security holes.
 

Similar threads

Can Glass Registers Enhance Quantum Computer Security?
  • · Replies 1 ·
Replies
1
Views
5K
Question on Android phone system: Moving files & the Gallery
  • · Replies 16 ·
Replies
16
Views
5K
My Avast Premium Security Gives Me This Scary Message
  • · Replies 7 ·
Replies
7
Views
2K
Ratio of Computation power over time: Consumer PCs vs. Supercomputers?
  • · Replies 8 ·
Replies
8
Views
4K
Enforce the use of different sets of characters for passwords?
  • · Replies 12 ·
Replies
12
Views
2K
How can a quantum computer be faster than a classic computer?
  • · Replies 29 ·
Replies
29
Views
4K
Good introductory book on statistical/data analysis?
  • · Replies 6 ·
Replies
6
Views
3K
Undergrad Good introductory book for chaos theory?
  • · Replies 10 ·
Replies
10
Views
8K
Ubuntu slow for compute-intensive applications?
  • · Replies 14 ·
Replies
14
Views
2K
High School Looking for a good introductory book on thermodynamics
  • · Replies 3 ·
Replies
3
Views
2K