Resources for a More Secure 2015
With 2015 on the horizon, you may be thinking about and making plans for improving the effectiveness of your security operations in the coming year. Whether you consider these changes "resolutions" or not, what’s most important – other than actually following through – is focusing your efforts on people and process improvements first, before implementing new technologies.
So, while we strongly encourage you to evaluate and buy SecurityCenter Continuous View™, Nessus® Enterprise or Nessus, our fundamental mission is to defend cyberspace from the activities of hackers, thieves and spies – and thus, help ensure the integrity of your business. With that in mind, we’ve put together a list of resources to help get your 2015 resolutions on the right track.
We hope this collection spurs ideas, discussion and greater security for your organization in 2015. Enjoy the holidays!
Look Back, and Smile on Perils Past... Hosted by Jack Daniel and Gavin Millard – 2pm ET, December 11, 2014. There’s no predicting the next major vulnerability. When it happens, you need a well-conceived, fully operationalized vulnerability management practice.
- Threat Modeling: Designing for Security, by Adam Shostock – With pages of specific actionable advice, Shostock details how to build better security into the design of systems, software, or services from the outset.
- Into the Breach: Protect Your Business by Managing People, Information, and Risk, by Michael Santarcangelo II – Into the Breach answers the question, “What happens when breach is only a symptom?” Santarcangelo offers a bold and refreshing look at addressing the challenges of protecting information to reveal the real challenge as a human paradox.
- The Phoenix Project: A Novel about IT, DevOps, and Helping Your Business Win, by Gene Kim, Kevin Behr and George Spafford – In a fast-paced and entertaining style, three luminaries of the DevOps movement deliver a story that anyone who works in IT will recognize. Readers will not only learn how to improve their own IT organizations, they'll never view IT the same way again.
- PCI Compliance, Fourth Edition: Understand and Implement Effective PCI Data Security Standard Compliance, by Branden Williams and Anton Chuvakin - The new Fourth Edition has been revised to follow the new PCI DSS standard version 3.0.
- The Practice of Network Security Monitoring: Understanding Incident Detection and Response, by Richard Bejtlich – The most effective computer security strategies integrate network security monitoring (NSM): the collection and analysis of data to help you detect and respond to intrusions.
- Normal Accidents, by Charles Perrow – Analyzes the social side of technological risk and argues that the conventional engineering approach to ensuring safety – building in more warnings and safeguards – fails because systems complexity makes failures inevitable.
- Systemantics: How Systems Work and Especially How They Fail, by John Gail with drawings by R.O. Blechman – On a more humorous note, this out of print classic is highly giftable and often relevant to security, as well. Did you think "Dilbert" was the first humor casualty of the internet age? Far from it!
- Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon, by Kim Zetter – Tells the story behind the virus that sabotaged Iran’s nuclear efforts and shows how its existence has ushered in a new age of warfare...
- Security Controls for Computer Systems (The Ware Report) – Report of Defense Science Board Task Force on Computer Security, by Willis Ware, 1970
- Records, Computers, and The Rights Of Citizens by Willis Ware, US Department of Health, Education and Welfare, July 1973
Personal Observations on the Reliability of the Shuttle – Report of the Presidential Commission on the Space Shuttle Challenger Accident, by R.P. Feynman, 1986
Note: Links to Amazon.com provided for your convenience only.