Introductory books on computer security

As Jedishrfu said, if you're looking for introductory material, you're going to be disappointed - the field is extremely complex and there's no one book that covers everything. You're going to need to do some reading, talking to people who work in the field, and testing your knowledge against what you read.
  • #1

mech-eng

828
13
Would somebody like to adivse me simple introductory books on computer security. I know I could make a Google search but I hope advises are better and there is no previous thread about introductory books on related topic.

Thank you.
 
Computer science news on Phys.org
  • #2
I would do your google search and ask about some of the books you find interesting.

In general Oreilly publications are good books to consider. Also you could try Amazon and look at the book reviews and whether you'd want to buy the book of interest.
 
  • #3
Although I studied the subject formally in some semester many years ago, I was always interested in this subject and I found very helpful to develop a mindset on what constitutes computer security and defense at various levels and sizes from a personal machine to a corporate network early on, using various books besides my notes. I found interesting, books like "Maximum Security" by Anonymous, that is mostly a practical guide of tools and techniques for protecting a network, the series of "Hacking Exposed" by McClure - Scambray - Kurtz - a fairly recent edition here https://www.amazon.com/dp/0071780289/?tag=pfamazon01-20, that is about practical advice, techniques and tools of defense and Matt Bishop's "Computer Security: Art and Science".
A good modern formal text at the introductory level is Goodrich - Tamassia "Introduction to Computer Security" https://www.amazon.com/dp/0321512944/?tag=pfamazon01-20that does not assume extensive knowledge in CS or math and Matt Bishop's "Introduction to Computer Security" https://www.amazon.com/dp/0321247442/?tag=pfamazon01-20. Of course, as jedishrfu points out, google is your friend and there is plenty of useful information you can find out, according to your goals. I'll stress out that good knowledge about computer networks, some decent coding skills and good skills of using probing / testing tools and suites both command - line oriented as well as GUI oriented, are required in order to pursue the subject beyond the introductory level.
 
Last edited by a moderator:
  • #4
I wouldn't start with a book. Large organisations that need to take security seriously benchmark themselves against other organisations in the same sector - no one wants to be bottom of the league for fairly obvious reasons, and interestingly you don't particularly want to be at the very top, as the cost of getting there will be eye-wateringly high, and for most industry sectors simply not worth the additional cost it takes to be "mid to top table".

Why am I boring you with this? Because the need to benchmark drives organisations to adopt industry standard security frameworks. Plural yes, because there's never going to be complete agreement which frameworks best; however if you're looking for an introduction, then the differences between the frameworks are probably not that important - they're all after the same macro outcomes.

I would recommend starting with the SANS framework. It is by far the simplest framework and easiest to understand framework that is adopted across a large number of industries:
https://www.cisecurity.org/critical-controls/

It's not as widely adopted as the NIST Cyber framework (particularly in the US) - but the principles and coverage of the two frameworks probably have a 95% plus commonality, although their approach and structure differ quite substantially in places. NIST is definitely a very good second read; it's had NSA oversight and let's face it... no one really does security any better than the NSA :-)
http://www.nist.gov/cyberframework/

Someone may well reply to this and give you a other framework suggestions - different industries do have their favourites; but I can pretty much guarantee that if you can understand the SANS basics, then 90% of whatever you're pointed towards will be familiar to you when you read it.

Regards
Matt
 
  • Like
Likes nrqed
  • #5
mech-eng said:
Would somebody like to adivse me simple introductory books on computer security. I know I could make a Google search but I hope advises are better and there is no previous thread about introductory books on related topic.

Thank you.
I'm making an assumption here mech-eng, given the recent computer infection you had, you are looking for books that outline exactly how a system is compromised and what happens after that. Most of the books out there are fairly technical, one of my favorites is Hacking, 2nd Edition: The Art of Exploitation. The author goes over all the steps involved, finding a vulnerability in a piece of software, the programming involving in building an exploit that attacks the vulnerability with the goal of running some piece of code, generally shellcode and finally what preventative steps we can take. The idea is to learn how to attack a system in order to know where you should focus your defence.
But, as I said, this is a fairly technical book and you need to have a background already in programming to get anything significant out of it.

At what level do you wish you study the subject?
 
Last edited:
  • Like
Likes Pepper Mint
  • #6
Routaran said:
At what level do you wish you study the subject?

I have to learn it from zero level. This is the reason why I am interested in introductory ones. And should I try to learn a programming language for a better security learning?

Thank you.
 
  • #7
Look at Kimberly Grave. (2010). CEH Study Guide.
https://www.amazon.com/dp/0470525207/?tag=pfamazon01-20

Google Books has some sections of the book available
https://books.google.ca/books?isbn=0470642882

This was one of my resources in a course I did a couple years back.

After that look at Hacking, 2nd Edition: The Art of Exploitation
https://www.amazon.com/dp/1593271441/?tag=pfamazon01-20
Google Books
https://books.google.ca/books?isbn=1593271441

You can look at introduction to Assembly and C if you want to learn about the details of exploit discovery and development but this might be too far out of scope for you. I suggest you skim those parts so you understand what's involved without worrying about the specific details.


Books on this subject unfortunately get dated quickly. If you want the most up to date information, then mgkii's suggestion of SANS is the way to go. But their material is expensive. You're better off using older books and then reading up security blogs to see what's new.
 
  • Like
Likes Pepper Mint
  • #8
I would only like to add that programming languages you may want to learn are not really relevant to writing hacking software or malicious code, any of which is stemmed from hackers's intents, to be more exact. So even scripting languages can also be used to carry out their attacks toward a specific target. Anything that can be viewed or run on your computer can be viruses or injected with malicious code to exploit your system security holes.
 

Suggested for: Introductory books on computer security

Quick tour of Google's Quantum Computer
Replies
1
Views
976
Quantum Computer Security
Replies
1
Views
3K
Computer powered off, despite being plugged in. Battery wasn't charging...
Replies
2
Views
1K
Quantum computer storage capacity
Replies
12
Views
1K
My Avast Premium Security Gives Me This Scary Message
Replies
7
Views
872
Screen flickering with Windows 11 Home on new computer
Replies
10
Views
1K
Wiping files from an old Windows computer
Replies
14
Views
1K
Wikipedia Not Loading: Chrome Security Issue
Replies
24
Views
2K
Best practice for using GIT on a shared lab computer?
Replies
20
Views
2K
What are underlying "system hardware devices" in computer systems?
Replies
8
Views
2K

Hot Threads

Recent Insights

Back
Top