Introductory books on computer security

In summary: As Jedishrfu said, if you're looking for introductory material, you're going to be disappointed - the field is extremely complex and there's no one book that covers everything. You're going to need to do some reading, talking to people who work in the field, and testing your knowledge against what you read.
  • #1
mech-eng
828
13
Would somebody like to adivse me simple introductory books on computer security. I know I could make a Google search but I hope advises are better and there is no previous thread about introductory books on related topic.

Thank you.
 
Computer science news on Phys.org
  • #2
I would do your google search and ask about some of the books you find interesting.

In general Oreilly publications are good books to consider. Also you could try Amazon and look at the book reviews and whether you'd want to buy the book of interest.
 
  • #3
Although I studied the subject formally in some semester many years ago, I was always interested in this subject and I found very helpful to develop a mindset on what constitutes computer security and defense at various levels and sizes from a personal machine to a corporate network early on, using various books besides my notes. I found interesting, books like "Maximum Security" by Anonymous, that is mostly a practical guide of tools and techniques for protecting a network, the series of "Hacking Exposed" by McClure - Scambray - Kurtz - a fairly recent edition here https://www.amazon.com/dp/0071780289/?tag=pfamazon01-20, that is about practical advice, techniques and tools of defense and Matt Bishop's "Computer Security: Art and Science".
A good modern formal text at the introductory level is Goodrich - Tamassia "Introduction to Computer Security" https://www.amazon.com/dp/0321512944/?tag=pfamazon01-20that does not assume extensive knowledge in CS or math and Matt Bishop's "Introduction to Computer Security" https://www.amazon.com/dp/0321247442/?tag=pfamazon01-20. Of course, as jedishrfu points out, google is your friend and there is plenty of useful information you can find out, according to your goals. I'll stress out that good knowledge about computer networks, some decent coding skills and good skills of using probing / testing tools and suites both command - line oriented as well as GUI oriented, are required in order to pursue the subject beyond the introductory level.
 
Last edited by a moderator:
  • #4
I wouldn't start with a book. Large organisations that need to take security seriously benchmark themselves against other organisations in the same sector - no one wants to be bottom of the league for fairly obvious reasons, and interestingly you don't particularly want to be at the very top, as the cost of getting there will be eye-wateringly high, and for most industry sectors simply not worth the additional cost it takes to be "mid to top table".

Why am I boring you with this? Because the need to benchmark drives organisations to adopt industry standard security frameworks. Plural yes, because there's never going to be complete agreement which frameworks best; however if you're looking for an introduction, then the differences between the frameworks are probably not that important - they're all after the same macro outcomes.

I would recommend starting with the SANS framework. It is by far the simplest framework and easiest to understand framework that is adopted across a large number of industries:
https://www.cisecurity.org/critical-controls/

It's not as widely adopted as the NIST Cyber framework (particularly in the US) - but the principles and coverage of the two frameworks probably have a 95% plus commonality, although their approach and structure differ quite substantially in places. NIST is definitely a very good second read; it's had NSA oversight and let's face it... no one really does security any better than the NSA :-)
http://www.nist.gov/cyberframework/

Someone may well reply to this and give you a other framework suggestions - different industries do have their favourites; but I can pretty much guarantee that if you can understand the SANS basics, then 90% of whatever you're pointed towards will be familiar to you when you read it.

Regards
Matt
 
  • Like
Likes nrqed
  • #5
mech-eng said:
Would somebody like to adivse me simple introductory books on computer security. I know I could make a Google search but I hope advises are better and there is no previous thread about introductory books on related topic.

Thank you.
I'm making an assumption here mech-eng, given the recent computer infection you had, you are looking for books that outline exactly how a system is compromised and what happens after that. Most of the books out there are fairly technical, one of my favorites is Hacking, 2nd Edition: The Art of Exploitation. The author goes over all the steps involved, finding a vulnerability in a piece of software, the programming involving in building an exploit that attacks the vulnerability with the goal of running some piece of code, generally shellcode and finally what preventative steps we can take. The idea is to learn how to attack a system in order to know where you should focus your defence.
But, as I said, this is a fairly technical book and you need to have a background already in programming to get anything significant out of it.

At what level do you wish you study the subject?
 
Last edited:
  • Like
Likes Pepper Mint
  • #6
Routaran said:
At what level do you wish you study the subject?

I have to learn it from zero level. This is the reason why I am interested in introductory ones. And should I try to learn a programming language for a better security learning?

Thank you.
 
  • #7
Look at Kimberly Grave. (2010). CEH Study Guide.
https://www.amazon.com/dp/0470525207/?tag=pfamazon01-20

Google Books has some sections of the book available
https://books.google.ca/books?isbn=0470642882

This was one of my resources in a course I did a couple years back.

After that look at Hacking, 2nd Edition: The Art of Exploitation
https://www.amazon.com/dp/1593271441/?tag=pfamazon01-20
Google Books
https://books.google.ca/books?isbn=1593271441

You can look at introduction to Assembly and C if you want to learn about the details of exploit discovery and development but this might be too far out of scope for you. I suggest you skim those parts so you understand what's involved without worrying about the specific details.Books on this subject unfortunately get dated quickly. If you want the most up to date information, then mgkii's suggestion of SANS is the way to go. But their material is expensive. You're better off using older books and then reading up security blogs to see what's new.
 
  • Like
Likes Pepper Mint
  • #8
I would only like to add that programming languages you may want to learn are not really relevant to writing hacking software or malicious code, any of which is stemmed from hackers's intents, to be more exact. So even scripting languages can also be used to carry out their attacks toward a specific target. Anything that can be viewed or run on your computer can be viruses or injected with malicious code to exploit your system security holes.
 

Related to Introductory books on computer security

1. What is computer security?

Computer security refers to the protection of computer systems, networks, and data from unauthorized access, theft, damage, or disruption. It involves implementing various measures and protocols to ensure the confidentiality, integrity, and availability of information.

2. Why is computer security important?

Computer security is important because it helps safeguard sensitive information and prevents cyber attacks that can lead to financial losses, reputational damage, and legal consequences. It also ensures the smooth functioning of computer systems and protects individuals and organizations from potential threats.

3. What are some common threats to computer security?

Common threats to computer security include malware (malicious software), phishing scams, hacking attempts, insider attacks, and social engineering. These threats can compromise the security of a computer system and put sensitive information at risk.

4. What are some basic principles of computer security?

The basic principles of computer security include confidentiality, integrity, and availability. Confidentiality ensures that only authorized individuals have access to sensitive information. Integrity ensures that data has not been tampered with or altered. Availability ensures that information and systems are accessible when needed.

5. How can I improve my computer security?

There are several ways to improve computer security, such as using strong and unique passwords, keeping software and operating systems up to date, implementing firewalls and antivirus software, regularly backing up important data, and being cautious of suspicious emails or links. It is also important to educate oneself on safe browsing habits and to be aware of potential security risks.

Similar threads

Can Glass Registers Enhance Quantum Computer Security?
    • Computing and Technology
Replies
1
Views
4K
Ratio of Computation power over time: Consumer PCs vs. Supercomputers?
    • Computing and Technology
Replies
8
Views
1K
Enforce the use of different sets of characters for passwords?
    • Computing and Technology
Replies
12
Views
681
My Avast Premium Security Gives Me This Scary Message
    • Computing and Technology
Replies
7
Views
1K
Good introductory book on statistical/data analysis?
    • Science and Math Textbooks
Replies
6
Views
1K
I Good introductory book for chaos theory?
    • General Math
Replies
10
Views
4K
Initial Academic Exposure by means of books for a curious layperson
    • General Discussion
Replies
3
Views
416
Looking for a good introductory book on thermodynamics
    • Thermodynamics
Replies
3
Views
721
Relativity Suggestions for graduate studies in General Relativity
    • Science and Math Textbooks
Replies
18
Views
2K
ChatGPT: Jailbreaking AI Chatbot Safeguards
    • Computing and Technology
Replies
8
Views
2K

Hot Threads

Recent Insights

Back
Top