See the course Syllabus for reading schedule for Principles of Information Security, (4th, 5th, or 6th editions). M. Whitman and H. Mattord. ISBN 978-1111138219.
Additional Readings by Week and Topic
Table of Contents
Week 1: Introduction to Information Security
-
- Read “Principal of Information System Security: History” Geeks for Geeks.
- Read “A History of Information Security” Dakota Muprhey. IFSEC Global.
- Read “A Brief History of Cybersecurity” Keith D. Foote. Dataversity.
- Read “Secure System Development Life Cycle Standard” New York State Office of Information Technology Services.
- Read (pp. 328-337) “Information Systems Security” NIST.
- Read “The Role of Chief Security Officer is More Vital than Ever” Jessica Mulholland. GovTech (Government Technology).
Week 1: The Need for Security
-
- Visit “The Motherlist Glossary Of Cybersecurity And Cybercrime Definitions” and read the first item under the Motherlist. Steve Morgan. Cybercrime Magazine.
- Read “Leveraging … Software Assurance Efforts for Voting…” NIST.
- Watch “Cybercrime: Online Scams” Open.Edu.
- Explore “Verizon – Data Breach Investigations Report (DBIR)” Verizon.
- Explore “Verizon Threat Research Advisory Center (VTAC) Monthly Intelligence Briefings (MIB)” Verizon.
Week 2: Legal, Ethical, and Professional Issues in Information Security
-
- Read “ITS Security Policies” New York State Office of Information Technology Services.
- Watch “You Are the Product: Targeted by Cambridge Analytica on Facebook”
- Free access to New York times.
- Read “Privacy versus Security” Brian Miller. Rice University.
- Read and try the tool of “Cover Your Tracks” Electronic Frontier Foundation (EFF).
- Watch “Cybercrime: Mass Surveillance” OpenLearn.
- Read “What Is Data Aggregation?” Andy Patrizio. Datamation.
- Read “The Consumer-Data Opportunity and the Privacy Imperative” McKinsey and Company.
- Read “The Current State of US Data Privacy Laws (April 2021)” Kendra Clark. The Drum.
Week 2: Risk Management
-
- Read “S. Government Accountability Office: “Information Security Practices of Leading Organizations” GAO.
- Read “Risk Management for Novel Coronavirus (COVID-19)” CISA.
- Read the Week 8 materials “Managing Security Risks” OpenLearn.
General Risk Management
-
- Read “Information security risk management: Understanding the components” Peter Sullivan. TechTarget. Note: the publisher asks for a corporate email address and additional information to access this article.
- Read “What is Risk? The Bald Tire Scenario” (video). Jack Jones. The FAIR Institute. Also at:
https://www.slideshare.net/pjbeyer/risk-explained-in-5-minutes-or-less.
Risk Management Methodologies, Tools and Related Standards
-
- Read “Risk Management Framework for Information Systems and Organizations: A System Life-Cycle Approach for Security and Privacy” NIST SP-800-37, Revision 2. December, 2018.
- Read “Definition: OCTAVE” Margaret Rouse. WhatIs.com.
- Read “COBRA Methodology” RiskWorld.Net.
- Read “RiskWatch“
- Read “Introduction to Factor Analysis of Information Risk (FAIR)” Jack A. Jones, CISSP, CISM, CISA. Risk Management Insight.
- Read “Cyber Risk Quantification: Understanding the FAIR Methodology” from WaveStone’s RiskInsight blog.
- Read “Measuring and Managing Information Risk: A FAIR Approach“. Jack Freund and Jack Jones. Butterworth-Heinemann. 2014. ISBN-13: 978-0124202313.
- Read “IT Security Standards and Best Practices” InfoSec.
- Read “COBIT 4.1: Framework for IT Governance and Control” ISACA.
Data-driven Security
-
- Read “September 8, 1854: Pump Shutdown Stops London Cholera Outbreak,” Randy Alfred, Wired. This article tells the story, outlined in “A Brief History of Learning from Data“
- Read “The Security Data Lake” Raffael Marty, O’Reilly Media, Inc. 2015. PixlCloud, LLC. Free downloadable eBook.
- O’Reilly Security Newsletter. Read online or subscribe.
- Read “Intelligence-Driven Security: A New Model using Big Data – Creating Cyber Ecosystems” Art Coviello, Executive Vice President, EMC, Executive Chairman, RSA. The 3rd Annual International Cyber Security Conference (22 minutes).
- Read “Mandatory Access Control vs Discretionary Access Control: Which to Choose?” Ekran System. March 11, 2020.
Week 2: Physical Security
-
- Read “The Importance of Physical Security in the Workplace” The InfoSec Institute.
- Read “Physical Security and Why It Is Important” from SANS reading room
- Read “APC Whitepaper on Uninterruptible Power Supplies (UPS)” Schneider Electric/APC.
Week 3: Cryptography
-
- Read “Introduction to Crypto-terminologies” Geeks-for-Geeks.
- Read “Substitution Cipher” Geeks-for-Geeks.
- Read “Difference between Monoalphabetic Cipher and Polyalphabetic Cipher” Geeks-for-Geeks.
- Read “Vigenère Cipher” Geeks-for-Geeks.
- Read section 1 to section 3 from Gary C. Kessler’s “An Overview of Cryptography: Public-Key Cryptography“
- Read “RSA Cryptography: The Algorithm Keeping Us Safe Online”
- Read “RSA Algorithm in Cryptography” Geeks-for-Geeks.
- Read the “Diffie-Hellman Algorithm” Wikipedia.
- Hands-on exercise with the CrypTool – CrypTool2 Dr. Skip University.
- Read “Public Key Infrastructure Explained” SecureW2.
- Read “What is PGP Encryption and How Does It Work?” Jeff Petters. 4/6/2020. Veronis.
- Read “Cloaking Malware with the Trusted Platform Module” Alan M. Dunn, Owen S. Hoffman, Brent Waters, Emmet Witchel. University of Texas at Austin.
- Download from Blackboard/Content/Readings: Diffie-Hellman_Explained slides by Dr. Yu-Wen Chen, CityTech. 2021.
- Want to practice writing/modifying a Vigenere Cypher program in Python? See: Al Sweigert’s The Big Book of Small Projects in Python – #80 Vigenere Cypher
Week 4: Planning for Security
-
- Read “NIST Cybersecurity Framework” NIST.
- Read “NIST Special Publication (SP) 800-39 / Managing Information Security Risk: Organization, Mission, and Information System View” NIST.
- Read “ISO/IEC 27002:2013 / Information technology — Security techniques — Code of practice for information security controls” The International Organization for Standardization. www.iso.org.; or,
Try “ISO 27002:2013 – Translated Into Plain English” Praxiom. - Read “ISO/IEC 27001:2013 / Information technology — Security techniques — Information security management systems — Requirements” The International Organization for Standardization. www.iso.org.; or,
Try “ISO 27001:2013 – Translated Into Plain English” Praxiom. - Review “State of North Carolina: Statewide Information Security Manual” State of North Carolina Enterprise Security and Risk Management Office. February 2016. Incorporates ISO 27000 series and NIST SPs.
- Search “SEI: Software Engineering Institute (in collaboration with CERT)” – click the search topic ‘Governance’. Carnegie Mellon University.
- Reference “SANS: Security Policy Templates” SANS Institute.
- Read “Princeton University, Office of Information Technology: Information Security Policy” Princeton OIT.
- Read “Stanford University IT: Information Security – Protecting the information assets important to Stanford” Stanford IT.
- Consider “US Department of Energy (DOE) Multiyear Plan for Cybersecurity” US-DOE. March, 2018.
Week 5: Selective Security Topics:
Selective Security Topic:
NIST Framework
-
- Read “Contingency Planning Guide for Federal Information Systems” NIST.
- Read “Special Publication 800-53, revision 5: Security and Privacy Controls for Information Systems and Organizations” NIST.
- Read “Special Publication 800-171, release 2: Computer System Controls to Store, Process, or Transmit Controlled, Unclassified Information (CUI) or Provide Security Protection for Such Systems” NIST.
- Review “National Vulnerability Database” NIST.
Selective Security Topic:
Windows Security
-
- Read “How to Enable or Disable Windows Security in Windows 10” TenForums.
- Scan known Microsoft vulnerabilities: “Microsoft: Security Vulnerabilities” CVEdetails.
-
Selective Security Topic:
Cloud Security- Read “What is Cloud Security” McAfee.
- Download “Cloud Controls Matrix (CCM) and Consensus Assessment Initiative Questionnaire (CAIQ)” Cloud Security Alliance.
Selective Security Topic:
Access Control
-
- Read “Access Control List (ACL) – What are They and How to Configure Them!” James Cox. January 15, 2020. ITT Systems.
- Read “Hackers Using Telnet to attack corporate servers” Jeremy Kirk. January 27, 2011. IDG InforWorld.
- Read “Secure Shell Protocol (SSH)” Wikipedia.
Selective Security Topic:
Planning and Business Management
-
- Orit Gadiesh, Hugh MacArthur. “Lessons from Private Equity Any Company Can Use (Memo to the CEO)” Harvard Business Press. Boston. 2008.
- Guy Kawasaki. “The Art of the Start 2.0: The Time-Tested, Battle-Hardened Guide for Anyone Starting Anything” Portfolio Penguin Publishing, London, 2015.
- Dr. Jonathan Tepper and Denise Hearn. “The Myth of Capitalism: Monopolies and the Death of Competition” John Wiley and Sons, Inc. Hoboken. 2019.
- Laurence J. Peter, Raymond Hull. “The Peter Principle” Harper Collins. New York. 1969.