Readings

See the course Syllabus for reading schedule for  Principles of Information Security, (4th, 5th, or 6th editions). M. Whitman and H. Mattord. ISBN 978-1111138219.

Additional Readings by Week and Topic

Week 1: Introduction to Information Security

1. 1. Read “Principal of Information System Security: History”  Geeks for Geeks.
   2. Read “A History of Information Security”  Dakota Muprhey.  IFSEC Global.
   3. Read “A Brief History of Cybersecurity”  Keith D. Foote. Dataversity.
   4. Read “Secure System Development Life Cycle Standard”  New York State Office of Information Technology Services.
   5. Read (pp. 328-337) “Information Systems Security”  NIST.
   6. Read “The Role of Chief Security Officer is More Vital than Ever”  Jessica Mulholland. GovTech (Government Technology).

Week 1: The Need for Security

1. 1.  Visit “The Motherlist Glossary Of Cybersecurity And Cybercrime Definitions” and read the first item under the Motherlist. Steve Morgan.  Cybercrime Magazine.
   2. Read  “Leveraging … Software Assurance Efforts for Voting…” NIST.
   3. Watch “Cybercrime: Online Scams”  Open.Edu.
   4. Explore “Verizon – Data Breach Investigations Report (DBIR)” Verizon. 
   5. Explore “Verizon Threat Research Advisory Center (VTAC) Monthly Intelligence Briefings (MIB)”  Verizon. 

Week 2: Legal, Ethical, and Professional Issues in Information Security

1. 1. Read “ITS Security Policies”  New York State Office of Information Technology Services. 
   2. Watch “You Are the Product: Targeted by Cambridge Analytica on Facebook”
      • Free access to New York times.
   3. Read “Privacy versus Security”  Brian Miller. Rice University.
   4. Read and try the tool of “Cover Your Tracks”  Electronic Frontier Foundation (EFF).
   5. Watch “Cybercrime: Mass Surveillance”  OpenLearn.
   6. Read  “What Is Data Aggregation?”  Andy Patrizio.  Datamation. 
   7. Read  “The Consumer-Data Opportunity and the Privacy Imperative”  McKinsey and Company. 
   8. Read  “The Current State of US Data Privacy Laws (April 2021)”  Kendra Clark.  The Drum.

Week 2: Risk Management

1. 1. Read “S. Government Accountability Office: “Information Security Practices of Leading Organizations” GAO.
   2. Read “Risk Management for Novel Coronavirus (COVID-19)”  CISA.
   3. Read the Week 8 materials  “Managing Security Risks”  OpenLearn.
      

General Risk Management

1. 1. Read “Information security risk management: Understanding the components” Peter Sullivan. TechTarget. Note: the publisher asks for a corporate email address and additional information to access this article.
   2. Read “What is Risk? The Bald Tire Scenario” (video).  Jack Jones. The FAIR Institute.  Also at: 
      https://www.slideshare.net/pjbeyer/risk-explained-in-5-minutes-or-less.

Risk Management Methodologies, Tools and Related Standards

1. 1. Read “Risk Management Framework for Information Systems and Organizations: A System Life-Cycle Approach for Security and Privacy”  NIST SP-800-37, Revision 2.  December, 2018. 
   2. Read “Definition: OCTAVE” Margaret Rouse. WhatIs.com.
   3. Read “COBRA Methodology” RiskWorld.Net.
   4. Read “RiskWatch“
   5. Read “Introduction to Factor Analysis of Information Risk (FAIR)” Jack A. Jones, CISSP, CISM, CISA. Risk Management Insight.
   6. Read “Cyber Risk Quantification: Understanding the FAIR Methodology” from WaveStone’s RiskInsight blog.
   7. Read “Measuring and Managing Information Risk: A FAIR Approach“. Jack Freund and Jack Jones. Butterworth-Heinemann. 2014. ISBN-13: 978-0124202313.
   8. Read “IT Security Standards and Best Practices” InfoSec.
   9. Read “COBIT 4.1: Framework for IT Governance and Control” ISACA.

Data-driven Security

1. 1. Read “September 8, 1854: Pump Shutdown Stops London Cholera Outbreak,” Randy Alfred, Wired. This article tells the story, outlined in “A Brief History of Learning from Data“
   2. Read “The Security Data Lake” Raffael Marty, O’Reilly Media, Inc. 2015. PixlCloud, LLC.  Free downloadable eBook.
   3. O’Reilly Security Newsletter. Read online or subscribe.
   4. Read “Intelligence-Driven Security: A New Model using Big Data – Creating Cyber Ecosystems” Art Coviello, Executive Vice President, EMC, Executive Chairman, RSA. The 3rd Annual International Cyber Security Conference (22 minutes).
   5. Read “Mandatory Access Control vs Discretionary Access Control: Which to Choose?” Ekran System.  March 11, 2020.

Week 2: Physical Security

1. 1. Read “The Importance of Physical Security in the Workplace” The InfoSec Institute.
   2. Read “Physical Security and Why It Is Important” from SANS reading room
   3. Read “APC Whitepaper on Uninterruptible Power Supplies (UPS)” Schneider Electric/APC.

Week 3: Cryptography 

1. 1. Read “Introduction to Crypto-terminologies” Geeks-for-Geeks.
   2. Read “Substitution Cipher” Geeks-for-Geeks.
   3. Read “Difference between Monoalphabetic Cipher and Polyalphabetic Cipher” Geeks-for-Geeks.
   4. Read “Vigenère Cipher” Geeks-for-Geeks.
   5. Read section 1 to section 3 from Gary C. Kessler’s “An Overview of Cryptography: Public-Key Cryptography“
   6. Read “RSA Cryptography: The Algorithm Keeping Us Safe Online”
   7. Read “RSA Algorithm in Cryptography” Geeks-for-Geeks.
   8. Read the “Diffie-Hellman Algorithm” Wikipedia. 
   9. Watch “How HTTP, HTTPS, SSL, and TLS Work” by SkillsBuild on YouTube. 
   10. Hands-on exercise with the CrypTool – CrypTool2  Dr.  Skip University.
   11. Read “Public Key Infrastructure Explained” SecureW2.
   12. Read “What is PGP Encryption and How Does It Work?”  Jeff Petters.  4/6/2020. Veronis. 
   13. Read “Cloaking Malware with the Trusted Platform Module”  Alan M. Dunn, Owen S. Hoffman, Brent Waters, Emmet Witchel.  University of Texas at Austin.  
   14. Download from Blackboard/Content/Readings: Diffie-Hellman_Explained slides by Dr. Yu-Wen Chen, CityTech. 2021.
   15. Want to practice writing/modifying a Vigenere Cypher program in Python?  See: Al Sweigert’s The Big Book of Small Projects in Python – #80 Vigenere Cypher 

Week 4: Planning for Security

1. 1. Read “NIST Cybersecurity Framework” NIST.
   2. Read “Initial Summary Analysis of Responses to the Request for Information (RFI)  Evaluating and Improving Cybersecurity Resources: The Cybersecurity Framework and Cybersecurity Supply Chain Risk Management” by NIST, 03-Jun-2022
   3. Read “NIST Special Publication (SP) 800-39 / Managing Information Security Risk: Organization, Mission, and Information System View”  NIST.
   4. Read “ISO/IEC 27002:2013 / Information technology — Security techniques — Code of practice for information security controls”  The International Organization for Standardization.  www.iso.org.; or,
      Try “ISO 27002:2013 – Translated Into Plain English”  Praxiom. 
   5. Read “ISO/IEC 27001:2013 / Information technology — Security techniques — Information security management systems — Requirements”  The International Organization for Standardization.  www.iso.org.; or,
      Try “ISO 27001:2013 – Translated Into Plain English”  Praxiom. 
   6. Review “State of North Carolina: Statewide Information Security Manual”  State of North Carolina Enterprise Security and Risk Management Office. February 2016.  Incorporates ISO 27000 series and NIST SPs.
   7. Search “SEI: Software Engineering Institute (in collaboration with CERT)” – click the search topic ‘Governance’.  Carnegie Mellon University. 
   8. Reference “SANS: Security Policy Templates”  SANS Institute.
   9. Read “Princeton University, Office of Information Technology: Information Security Policy”  Princeton OIT.
   10. Read “Stanford University IT: Information Security – Protecting the information assets important to Stanford”  Stanford IT.
   11. Consider “US Department of Energy (DOE) Multiyear Plan for Cybersecurity” US-DOE.  March, 2018. 

Week 5: Selective Security Topics:

Selective Security Topic:
NIST Framework

1. 1. Read “Contingency Planning Guide for Federal Information Systems” NIST.
   2. Read “Special Publication 800-53, revision 5: Security and Privacy Controls for Information Systems and Organizations” NIST.
   3. Read “Special Publication 800-171, release 2:  Computer System Controls to Store, Process, or Transmit Controlled, Unclassified Information (CUI) or Provide Security Protection for Such Systems” NIST.
   4. Review “National Vulnerability Database”  NIST.

Selective Security Topic:
Windows Security

1. 1. Read “How to Enable or Disable Windows Security in Windows 10” TenForums.
   2. Scan known Microsoft vulnerabilities: “Microsoft: Security Vulnerabilities” CVEdetails.

1.  

2. Selective Security Topic:
   Cloud Security

   1. Read “What is Cloud Security”  McAfee.
   2. Download “Cloud Controls Matrix (CCM) and Consensus Assessment Initiative Questionnaire (CAIQ)” Cloud Security Alliance.  

Selective Security Topic:
Access Control

1. 1. Read “Access Control List (ACL) – What are They and How to Configure Them!”  James Cox.  January 15, 2020. ITT Systems. 
   2. Read “Hackers Using Telnet to attack corporate servers”  Jeremy Kirk.  January 27, 2011.  IDG InforWorld. 
   3. Read “Secure Shell Protocol (SSH)”  Wikipedia. 

Selective Security Topic:
Planning and Business Management

1. 1. Orit Gadiesh, Hugh MacArthur.  “Lessons from Private Equity Any Company Can Use (Memo to the CEO)”  Harvard Business Press.  Boston.  2008.
   2. Guy Kawasaki.  “The Art of the Start 2.0: The Time-Tested, Battle-Hardened Guide for Anyone Starting Anything”  Portfolio Penguin Publishing, London, 2015.
   3. Dr. Jonathan Tepper and Denise Hearn.   “The Myth of Capitalism: Monopolies and the Death of Competition”   John Wiley and Sons, Inc.  Hoboken. 2019.
   4. Laurence J. Peter, Raymond Hull.  “The Peter Principle”  Harper Collins. New York. 1969.