Dismiss Notice
Join Physics Forums Today!
The friendliest, high quality science and math community on the planet! Everyone who loves science is here!

Introductory books on computer security

  1. May 7, 2016 #1
    Would somebody like to adivse me simple introductory books on computer security. I know I could make a Google search but I hope advises are better and there is no previous thread about introductory books on related topic.

    Thank you.
  2. jcsd
  3. May 8, 2016 #2


    Staff: Mentor

    I would do your google search and ask about some of the books you find interesting.

    In general Oreilly publications are good books to consider. Also you could try Amazon and look at the book reviews and whether you'd want to buy the book of interest.
  4. May 9, 2016 #3


    User Avatar
    Science Advisor
    Gold Member

    Although I studied the subject formally in some semester many years ago, I was always interested in this subject and I found very helpful to develop a mindset on what constitutes computer security and defense at various levels and sizes from a personal machine to a corporate network early on, using various books besides my notes. I found interesting, books like "Maximum Security" by Anonymous, that is mostly a practical guide of tools and techniques for protecting a network, the series of "Hacking Exposed" by McClure - Scambray - Kurtz - a fairly recent edition here https://www.amazon.com/Hacking-Exposed-Network-Security-Solutions/dp/0071780289, that is about practical advice, techniques and tools of defense and Matt Bishop's "Computer Security: Art and Science".
    A good modern formal text at the introductory level is Goodrich - Tamassia "Introduction to Computer Security" https://www.amazon.com/Introduction-Computer-Security-Michael-Goodrich/dp/0321512944that does not assume extensive knowledge in CS or math and Matt Bishop's "Introduction to Computer Security" https://www.amazon.com/Introduction-Computer-Security-Matt-Bishop/dp/0321247442. Of course, as jedishrfu points out, google is your friend and there is plenty of useful information you can find out, according to your goals. I'll stress out that good knowledge about computer networks, some decent coding skills and good skills of using probing / testing tools and suites both command - line oriented as well as GUI oriented, are required in order to pursue the subject beyond the introductory level.
    Last edited by a moderator: May 7, 2017
  5. May 9, 2016 #4
    I wouldn't start with a book. Large organisations that need to take security seriously benchmark themselves against other organisations in the same sector - no one wants to be bottom of the league for fairly obvious reasons, and interestingly you don't particularly want to be at the very top, as the cost of getting there will be eye-wateringly high, and for most industry sectors simply not worth the additional cost it takes to be "mid to top table".

    Why am I boring you with this? Because the need to benchmark drives organisations to adopt industry standard security frameworks. Plural yes, because there's never going to be complete agreement which frameworks best; however if you're looking for an introduction, then the differences between the frameworks are probably not that important - they're all after the same macro outcomes.

    I would recommend starting with the SANS framework. It is by far the simplest framework and easiest to understand framework that is adopted across a large number of industries:

    It's not as widely adopted as the NIST Cyber framework (particularly in the US) - but the principles and coverage of the two frameworks probably have a 95% plus commonality, although their approach and structure differ quite substantially in places. NIST is definitely a very good second read; it's had NSA oversight and let's face it... no one really does security any better than the NSA :-)

    Someone may well reply to this and give you a other framework suggestions - different industries do have their favourites; but I can pretty much guarantee that if you can understand the SANS basics, then 90% of whatever you're pointed towards will be familiar to you when you read it.

  6. May 9, 2016 #5
    I'm making an assumption here mech-eng, given the recent computer infection you had, you are looking for books that outline exactly how a system is compromised and what happens after that. Most of the books out there are fairly technical, one of my favorites is Hacking, 2nd Edition: The Art of Exploitation. The author goes over all the steps involved, finding a vulnerability in a piece of software, the programming involving in building an exploit that attacks the vulnerability with the goal of running some piece of code, generally shellcode and finally what preventative steps we can take. The idea is to learn how to attack a system in order to know where you should focus your defence.
    But, as I said, this is a fairly technical book and you need to have a background already in programming to get anything significant out of it.

    At what level do you wish you study the subject?
    Last edited: May 9, 2016
  7. May 12, 2016 #6
    I have to learn it from zero level. This is the reason why I am interested in introductory ones. And should I try to learn a programming language for a better security learning?

    Thank you.
  8. May 15, 2016 #7
    Look at Kimberly Grave. (2010). CEH Study Guide.

    Google Books has some sections of the book available

    This was one of my resources in a course I did a couple years back.

    After that look at Hacking, 2nd Edition: The Art of Exploitation
    Google Books

    You can look at introduction to Assembly and C if you want to learn about the details of exploit discovery and development but this might be too far out of scope for you. I suggest you skim those parts so you understand whats involved without worrying about the specific details.

    Books on this subject unfortunately get dated quickly. If you want the most up to date information, then mgkii's suggestion of SANS is the way to go. But their material is expensive. You're better off using older books and then reading up security blogs to see what's new.
  9. May 16, 2016 #8
    I would only like to add that programming languages you may want to learn are not really relevant to writing hacking software or malicious code, any of which is stemmed from hackers's intents, to be more exact. So even scripting languages can also be used to carry out their attacks toward a specific target. Anything that can be viewed or run on your computer can be viruses or injected with malicious code to exploit your system security holes.
Share this great discussion with others via Reddit, Google+, Twitter, or Facebook

Have something to add?
Draft saved Draft deleted