Top of Page
 

CBK Suggested References

This reference list is not intended to be an all-inclusive collection representing the respective certifications Common Body of Knowledge (CBK). Its purpose is to provide candidates a starting point for their studies in domains which need supplementary learning in order to complement their associated level of work and academic experience. Candidates may also consider other references, which are not on this list but adequately cover domain content.

Note: (ISC)² does not endorse any particular text or author and does not imply that any or all references be acquired or consulted. (ISC)² does not imply nor guarantee that the study of these references will result in an examination pass.

 

  • CISSP CISSP


    • Information Security Management Handbook, Sixth Edition by Harold F. Tipton and Micki Krause. Publisher: CRC Press. (2007)

    • Building an Information Security Awareness Program: Defending Against Social Engineering and Technical Threats, First Edition by Bill Gardner and Valerie Thomas. Publisher: Syngress. (2014)

    • Information Security Handbook: Develop a Threat Model and Incident Response Strategy to Build a Strong Information Security Framework by Darren Death. Publisher: Packt Publishing. (2017)

    • Security Program and Policies: Principles and Practices, Second Edition by Sari Greene. Publisher: Pearson IT Certification. (2014)

    • Fundamentals of Information Systems Security, Third Edition by David Kim and Michael G. Solomon. Publisher:  Jones & Bartlett Learning. (2016) 

    • Threat Modeling: Designing for Security, First Edition by Adam Shostack. Publisher: Wiley (2014)            

    • NIST SP 800-88, Rev 1, Guidelines for Media Sanitization by Larry Feldman and Gregory A. Witte.  February 2015

    • NIST SP 800-122, Guide to Protecting the Confidentiality of Personally Identifiable Information (PII) by Erika McCallister, Tim Grance and Karen Scarfone. April 2010     

    • Information Security and IT Risk Management, First Edition by Manish Agrawal, Alex Campoe and Eric Pierce. Publisher: Wiley. (2014)    

    • Defensive Security Handbook, First Edition by Amanda Berlin and Lee Brotherston. Publisher: O'Reilly Media. (2017)      

    • Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance (Theory in Practice), First Edition by Tim Mather, Subra Kumaraswamy, and Shahed Latif. Publisher: O'Reilly Media, Inc. (2009)

    • NIST SP 800-37 Rev 2, Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy. Joint Task Force Transformation Initiative.  December 2018

    • Wireless and Mobile Device Security by Jim Doherty. Publisher: Jones & Bartlett Learning. (2015)           

    • Data Center Handbook, First Edition by Hwaiyu Geng. Publisher: John Wiley & Sons Inc. (2014)

    • NIST SP 800-124, Rev 1, Guidelines for Managing the Security of Mobile Devices in the Enterprise by Murugiah Souppaya and Karen Scarfone. June 2013    

    • The Complete Guide to Physical Security by Paul R. Baker and‎ Daniel J. Benny. Publisher: CRC Press. (2012)        

    • Applied Cryptography: Protocols, Algorithms and Source Code in C, 20th Anniversary Edition by Bruce Schneier. Publisher: John Wiley & Sons. (2015)           

    • NIST 800-53 Rev 4, Security and Privacy Controls for Federal Information Systems and Organizations. Joint Task Force Transformation Initiative. April 2013

    • Security in Computing, Fifth Edition by Charles Pfleeger, Shari Pfleeger, and Jonathan Margulies. Publisher: Pearson Education, Inc. (2015)

    • NIST SP 800-41, Rev 1, Guidelines on Firewalls and Firewall Policy by Karen Scarfone and Paul Hoffman. September 2009

    • NIST SP 800-153, Guidelines for Securing Wireless Local Area Networks (WLANs) by Murugiah Souppaya and Karen Scarfone. February 2012       

    • Computer and Information Security Handbook, Third Edition by John R. Vacca. Publisher: Kaufmann Publishers. (2017)

    • End-to-End Network Security: Defense-in-Depth by Omar Santos. Publisher: Cisco Press. (2007)  

    • Applied Network Security by Michael McLafferty, Warun Levesque and Arthur Salmon. Publisher: Packt Publishing. (2017)          

    • Firewall Fundamentals by Ido Dubrawsky and Wes Noonan. Publisher: Cisco Press. (2006)          

    • Network Defense and Countermeasures: Principles and Practices, Third Edition by Chuck Easttom. Publisher: Pearson IT Certification. (2018)      

    • Identity and Access Management: Business Performance Through Connected Intelligence, First Edition by Ertem Osmanoglu. Publisher: Syngress. (2013)

    • Access Control, Authentication, and Public Key Infrastructure, Second Edition by Erin Banks, Tricia Ballad, Bill Ballad and Mike Chapple. Publisher: Jones & Bartlett Learning. (2013)          

    • Federated Identity Primer, First Edition by Derrick Rountree. Publisher: Syngress. (2012)

    • Identity Management: A Primer, First Edition by Graham Williamson, David Yip, Ilan Sharoni and Kent Spaulding. Publisher: MC Press. (2009)

    • Cloud Computing by Kris Jamsa. Publisher: Jones & Bartlett Learning. (2012)      

    • ISO/IEC 27002:2013, Information technology — Security techniques — Code of practice for information security controls. ISO-IEC. (2013)

    • NIST SP 800-115, Technical Guide to Information Security Testing and Assessment by Karen Scarfone, Murugiah Souppaya, Amanda Cody and Angela Orebaugh. September 2008      

    • Security Controls Evaluation, Testing, and Assessment Handbook, First Edition by Leighton Johnson. Publisher: Syngress. (2015)

    • NIST SP 800-137, Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations by Kelley Dempsey, Nirali Shah, Chawla Arnold, Johnson Ronald Johnston, Alicia Clay Jones, Angela Orebaugh, Matthew Scholl, and Kevin Stine. September 2011   

    • NIST 800-53A Rev 4, Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans. Joint Task Force Transformation Initiative. December 2014

    • The Basics of IT Audit: Purposes, Processes, and Practical Information by Stephen D. Gantz. Publisher: Syngress. (2013)   

    • Business Continuity and Disaster Recovery Planning for IT Professionals, Second Edition by Susan Snedaker. Publisher: Syngress. (2013)

    • NIST SP 800-34 Rev 1, Contingency Planning Guide for Federal Information Systems by Marianne Swanson, Pauline Bowen, Amy Wohl Phillips, Dean Gallup, and David Lynes.  November 2010         

    • Disaster Recovery, Crisis Response, and Business Continuity: A Management Desk Reference, First Edition by Jamie Watters and Janet Watters. Publisher: Apress. (2013)

    • Disaster Recovery Planning: Preparing for the Unthinkable, Third Edition by Jon William Toigo. Publisher: Prentice Hall. (2002)    

    • The Disaster Recovery Handbook: A Step-by-Step Plan to Ensure Business Continuity and Protect Vital Operations, Facilities, and Assets, Third Edition by Michael Wallace and Lawrence Webber. Publisher: AMACOM. (2017)

    • NIST SP 800-61, Rev 2, Computer Security Incident Handling Guide by Paul Cichonski, Tom Millar, Tim Grance and Karen Scarfone. August 2012

    • Secure and Resilient Software Development, First Edition by Mark Merkow and Lakshmikanth Raghavan. Publisher: Auerbach Publications. (2010)

    • Building Secure Software: How to Avoid Security Problems the Right Way, First Edition by John Viega and Gary R. McGraw. Publisher: Addison-Wesley Professional. (2006)

    • Application Security in the ISO 27001 Environment by Anbalahan Siddharth, Pakala Sangit, Shetty Sachin, Ummer Firosh, Mangla Anoop and Vasudevan Vinod. Publisher: IT Governance Publishing. (2008)  

    • Software Security: Building Security In, First Edition by Gary McGraw. Publisher: Addison-Wesley Professional. (2006)

    • Secure Coding: Principles and Practices by Mark G. Graff and Kenneth R. van Wyk. Publisher: O'Reilly Media, Inc. (2003) 

    • Information Security: Principles and Practices, Second Edition by Mark Merkow and Jim Breithaupt. Publisher: Pearson IT Certification. (2014)
  • CAP CAP

    • NIST SP 800-37 Rev 2, Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy. Joint Task Force. December 2018

    • NIST 800-53 Rev 4, Security and Privacy Controls for Federal Information Systems and Organizations. Joint Task Force Transformation Initiative. April 2013

    • NIST SP 800-30 Rev 1, Guide for Conducting Risk Assessments. Joint Task Force Transformation Initiative. September 2012

    • NIST SP 800-39, Managing Information Security Risk: Organization, Mission, and Information System View. Joint Task Force Transformation Initiative. March 2011

    • NIST FIPS-199, Federal Information Processing Standards Publication Standards for Security Categorization of Federal Information and Information Systems. Computer Security Division.  February 2004 

    • NIST SP 800-60 Vol 1, Rev 1, Guide for Mapping Types of Information and Information Systems to Security Categories by Kevin Stine, Rich Kissel, William C. Barker, Jim Fahlsing and Jessica Gulick. August 2008

    • NIST SP 800-137, Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations by Kelley Dempsey, Nirali Shah, Chawla Arnold, Johnson Ronald Johnston, Alicia Clay Jones, Angela Orebaugh, Matthew Scholl, and Kevin Stine.  September 2011 

    • NIST SP 800-18 Rev 1, Guide for Developing Security Plans for Federal Information Systems  by Marianne Swanson, Joan Hash, Pauline Bowen.  February 2006

    • NIST SP 800-70 Rev 4, National Checklist Program for IT Products: Guidelines for Checklist Users and Developers by Stephen Quinn, Murugiah Souppaya, Melanie Cook, and Karen Scarfone.  February 2018   

    • NIST SP 800-115, Technical Guide to Information Security Testing and Assessment by Karen Scarfone, Murugiah Souppaya, Amanda Cody, and Angela Orebaugh. September 2008

    • NIST SP 800-39, Managing Information Security Risk: Organization, Mission, and Information System View. Joint Task Force Transformation Initiative. March 2011
  • CCSP CCSP


    • Architecting the Cloud: Design Decisions for Cloud Computing Service Models (SaaS, PaaS, and IaaS), First Edition by Michael J. Kavis. Publisher: Wiley Publishing, Inc. (2014)

    • Cloud Security: A Comprehensive Guide to Secure Cloud Computing, First Edition by Ronald L. Krutz and Russell Dean Vines. Publisher: Wiley Publishing, Inc. (2010)

    • ISO/IEC 17788:2014, Information technology – Cloud computing – Overview and vocabulary. Published: ISO/IEC. (2014)

    • Information Security: The Complete Reference, Second Edition by M. Rhodes-Ousley. Publisher:  McGraw-Hill Education. (2013)

    • CSA Guide to Cloud Computing: Implementing Cloud Privacy and Security, First Edition by Raj Samani, Jim Reavis, and Brian Honan. Publisher: Syngress. (2014)

    • Enterprise Security: A Data-Centric Approach to Securing the Enterprise by Aaron Woody. Publisher: Packt Publishing Ltd. (2013)


    • Business Continuity and Disaster Recovery Planning for IT Professionals, Second Edition by Susan Snedaker. Publisher: Syngress. (2013)

    • Data Center Handbook, First Edition by Hwaiyu Geng. Publisher: John Wiley & Sons Inc. (2014)

    • Security in Computing, Fifth Edition by Charles Pfleeger, Shari Pfleeger, and Jonathan Margulies. Publisher: Pearson Education, Inc. (2015)

    • Cloud Computing Design Patterns, First Edition by Thomas Erl, Robert Cope, and Amin Naserpour. Publisher: Prentice Hall. (2015)

    • Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance (Theory in Practice), First Edition by Tim Mather, Subra Kumaraswamy, and Shahed Latif. Publisher: O'Reilly Media, Inc. (2009)

    • Building the Infrastructure for Cloud Security: A Solutions View by Raghu Yeluri and Enrique Castro-Leon. Publisher: Apress. (2014)                     

    • EU General Data Protection Regulation (GDPR): An Implementation and Compliance Guide, Second Edition by IT Governance Privacy Team. Publisher: IT Governance Ltd. (2017)

    • Guide to Privacy and Security of Electronic Health Information by The Office of the National Coordinator for Health Information Technology. Publisher: Department of Health & Human Services. (2015)       

    • Cloud Computing Security: Foundations and Challenges by John R. Vacca. Publisher: CRC Press. (2016)   
  • SSCP SSCP
    • Fundamentals of Information Systems Security, Third Edition by David Kim and Michael G. Solomon. Publisher: Jones & Bartlett Learning. (2016) 


    • Defending Your Digital Assets Against Hackers, Crackers, Spies, and Thieves Paperback by Randall K. Nichols, Daniel J. Ryan, Julie J.C.H. Ryan, and Arthur W., Jr. Coviello. Publisher: McGraw-Hill Osborne Media. (2000)       

    • Identity and Access Management: Business Performance Through Connected Intelligence, First Edition by Ertem Osmanoglu. Publisher: Syngress. (2013)

    • Identity Management: A Primer, First Edition by Graham Williamson, David Yip, Ilan Sharoni and Kent Spaulding. Publisher: MC Press. (2009)


    • Computer Security Handbook, Fifth Edition by Seymour Bosworth, M. E. Kabay, and Eric Whyne. Publisher: John Wiley & Sons, Inc. (2009)

    • Information Security Management Handbook, Sixth Edition by Harold F. Tipton and Micki Krause. Publisher: CRC Press. (2007)

    • Network Security Assessment: From Vulnerability to Patch, First Edition by Steve Manzuik, Andre Gold, and Chris Gatford. Publisher: Syngress. (2006)

    • Managing Security with Snort and IDS Tools by Christopher Gerg and Kerry J. Cox. Publisher: O'Reilly Media, Inc. (2004)        

    • Managing Risk in Information Systems, Second Edition by Darril Gibson. Publisher: Jones & Bartlett Learning. (2014) 

    • NIST SP 800-86, Guide to Integrating Forensic Techniques into Incident Response by Karen Kent, Suzanne Chevalier, Tim Grance and Hung Dang. August 2006.         

    • Digital Forensics and Incident Response by Gerard Johansen. Publisher: Packt Publishing. (2017)      

    • Business Continuity and Disaster Recovery for InfoSec Managers, First Edition by John Rittinghouse and James Ransome. Publisher:  Elsevier, Digital Press. (2005)

    • NIST SP 800-61, Rev 2, Computer Security Incident Handling Guide by Paul Cichonski, Tom Millar, Tim Grance, and Karen Scarfone. August 2012

    • Applied Cryptography: Protocols, Algorithms and Source Code in C, 20th Anniversary Edition, Second Edition by Bruce Schneier. Publisher: Wiley. (2015)

    • NIST SP 800-12, Rev 1, An Introduction to Information Security by Michael Nieles, Kelley Dempsey and Victoria Yan Pillitteri.  June 2017        

    • Defending Your Digital Assets Against Hackers, Crackers, Spies, and Thieves Paperback by Randall K. Nichols, Daniel J. Ryan, Julie J.C.H. Ryan, and Arthur W., Jr. Coviello. Publisher: McGraw-Hill Osborne Media. (2000)       

    • Industrial Network Security: Securing Critical Infrastructure Networks for Smart Grid, SCADA, and Other Industrial Control Systems by Eric D. Knapp and Joel Thomas Langill. Publisher: Syngress. (2011)      

    • Practical Unix & Internet Security, Third Edition by Simson Garfinkel, Gene Spafford, and Alan Schwartz. Publisher: O'Reilly Media, Inc. (2003)

    • Malware: Fighting Malicious Code by Ed Skoudis and Lenny Zeltser. Publisher: Prentice Hall Professional. (2003) 

    • Virtualization Security: Protecting Virtualized Environments by Dave Shackleford. Publisher: Sybex. (2012)    

    • Exploiting Software: How to Break Code, First Edition by Greg Hoglund and Gary McGraw. Publisher: Addison-Wesley Professional. (2004)
  • CSSLP CSSLP

    • Building Secure Software: How to Avoid Security Problems the Right Way, First Edition by John Viega and Gary R. McGraw. Publisher: Addison-Wesley Professional. (2006)

    • Auditing IT Infrastructures for Compliance, Second Edition by Martin Weiss and Michael Solomon. Publisher: Jones & Bartlett Learning. (2015)

    • Information Security: Principles and Practices, Second Edition by Mark Merkow and Jim Breithaupt. Publisher: Pearson IT Certification. (2014)


    • Mastering the Requirements Process: Getting Requirements Right, Third Edition by Suzanne Robertson and James Robertson. Publisher: Addison-Wesley Professional. (2012)

    • The Complete Book of Data Anonymization: From Planning to Implementation, First Edition by Balaji Raghunathan. Publisher: Auerbach Publications. (2013)

    • Managing Catastrophic Loss of Sensitive Data: A Guide for IT and Security Professionals, First Edition by Constantine Photopoulos. Publisher: Syngress. (2008)

    • Software Security: Building Security In, First Edition by Gary McGraw. Publisher: Addison-Wesley Professional. (2006)

    • A Practical Guide to Trusted Computing, First Edition by David Challener, Kent Yoder, Ryan Catherman, David Safford, and Leendert Van Doorn. Publisher: IBM Press. (2008)

    • A Guide to Building Secure Web Applications: The Open Web Application Security Project  by Mark Curphey, David Endler, William Hau, Steve Taylor, Tim Smith, Alex Russell, Gene McKenna, Richard Parke, Kevin McLaughlin, Nigel Tranter, Amit Klien, Dennis Groves and Izhar By-Gad. Publisher: The Open Web Application Security Project (OWASP). (2002)           

    • SOA Security by Ramarao Kanneganti and Prasad Chodavarapu. Publisher: Manning Publications. (2008)

    • Threat Modeling, First Edition by Frank Swiderski and Window Snyder. Publisher: Microsoft Press. (2004)

    • Secure Programming with Static Analysis by Brian Chess and Jacob West. Publisher: Addison-Wesley Professional. (2007)

    • Secure and Resilient Software Development, First Edition by Mark Merkow and Lakshmikanth Raghavan. Publisher: Auerbach Publications. (2010)

    • Secure Coding in C and C++, Second Edition by Robert Seacord. Publisher: Addison-Wesley Professional. (2013)

    • 24 Deadly Sins of Software Security: Programming Flaws and How to Fix Them by John Viega, David LeBlanc and Michael Howard. Publisher: McGraw-Hill. (2009)       

    • The Art of Software Security Testing: Identifying Software Security Flaws, First Edition by Chris Wysopal, Lucas Nelson, Dino Dai Zovi and Elfriede Dustin. Publisher: Addison-Wesley Professional. (2006) 

    • Fuzzing: Brute Force Vulnerability Discovery, First Edition by Michael Sutton, Adam Greene, and Pedram Amini. Publisher: Addison-Wesley Professional. (2007)

    • Penetration Testing: A Survival Guide by Wolf Halton, Bo Weaver, Juned Ahmed Ansari, Srinivasa Rao Kotipalli, and Mohammed A. Imran. Publisher: Packt Publishing. (2017)

    • Lessons Learned in Software Testing: A Context-Driven Approach, First Edition by Cem Kaner, James Bach, and Bret Pettichord. Publisher: Wiley. (2001)

    • Core Software Security: Security at the Source, First Edition by James Ransome and Anmol Misra. Publisher: Auerbach Publications. (2013)

    • Writing Secure Code, Second Edition by Michael Howard and David LeBlanc. Publisher: Microsoft Press. (2003)

    • Information Security Management Handbook, Sixth Edition by Harold F. Tipton and Micki Krause. Publisher: CRC Press. (2007)

    • Computer Security Handbook, Fifth Edition by M.E. Kabay, Eric Whyne and Seymour Bosworth. Publisher: Wiley. (2009) 

    • NISTIR 7622, Notional Supply Chain Risk Management Practices for Federal Information Systems by Jon Boyens, Celia Paulsen, Nadya Bartol, Rama Moorthy, and Stephanie Shankles. October 2012

    • IT Security Risk Control Management: An Audit Preparation Plan, First Edition by Raymond Pompon. Publisher: Apress. (2016) 

    • Evaluating and Mitigating Software Supply Chain Security Risks by Robert J. Ellison, John B. Goodenough, Charles B. Weinstock and Carol Woody. Publisher: Software Engineering Institute (SEI). (2010)   

    • IT Security Risk Control Management: An Audit Preparation Plan, First Edition by Raymond Pompon. Publisher: Apress. (2016) 
  • HCISPP HCISPP

    • Healthcare Information Security and Privacy, First Edition by Sean P. Murphy. Publisher: McGraw-Hill Education. (2015)


    • Federal Register, Vol. 78, No. #17. Publisher: Office of the Federal Register, National Archives and Records Administration. (January 2013)

    • Health IT JumpStart: The Best First Step Toward an IT Career in Health Information Technology, First Edition by Patrick Wilson and Scott McEvoy. Publisher: Sybex. (2011)


    • Information Governance: Concepts, Strategies, and Best Practices by Robert F. Smallwood. Publisher: John Wiley & Sons. (2014)

    • Information Governance for Healthcare Professionals: A Practical Approach, First Edition by Robert F. Smallwood. Publisher: Productivity Press. (2018)

    • NIST SP 800-55 Rev 1, Performance Measurement Guide for Information Security by Elizabeth Chew, Marianne Swanson, Kevin Stine, Nadya Bartol, Anthony Brown, Will Robinson. July 2008

    • NIST SP 800-88, Rev 1, Guidelines for Media Sanitization by Larry Feldman and Gregory A. Witte.  February 2015.

    • NIST 800-53 Rev 4, Security and Privacy Controls for Federal Information Systems and Organizations. Joint Task Force Transformation Initiative. April 2013

    • NIST SP 800-47, Security Guide for Interconnecting Information Technology Systems by Tim Grance, Joan Hash, Steven Peck, Jonathan Smith and Karen Korow-Diks. August 2002    

    • EU General Data Protection Regulation (GDPR): An Implementation and Compliance Guide, Second Edition by IT Governance Privacy Team. Publisher: IT Governance Ltd. (2017)

    • Developing Cybersecurity Programs and Policies, Third Edition by Sari Greene and Omar Santos. Publisher: Pearson IT Certification. (2018)   

    • Anonymizing Health Data: Case Studies and Methods to Get You Started by Khaled El Emam and Luke Arbuckle. Publisher: O'Reilly Media, Inc. (2013)

    • NIST SP 800-37 Rev 2, Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy. Joint Task Force Transformation Initiative. December 2018

    • NIST SP 800-66, Rev. 1, An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule by Matthew Scholl, Kevin Stine, Joan Hash, Pauline Bowen, Arnold Johnson, Carla Dancy Smith, and Daniel I. Steinberg.  October 2008

    • NIST SP 800-39, Managing Information Security Risk: Organization, Mission, and Information System View. Joint Task Force Transformation Initiative. March 2011

    • Information Security Risk Assessment Toolkit: Practical Assessments through Data Collection and Data Analysis - by Mark Talabis and Jason Martin. Publisher: Syngress. (2012) 

    • Business Associates, 45 CFR 164.502(e), 164.504(e), 164.532(d) and (e) by OCR HIPAA Privacy. Publisher: U.S. Department of Health & Human Services. (2003)

    • NIST SP 800-61, Rev 2, Computer Security Incident Handling Guide by Paul Cichonski, Tom Millar, Tim Grance, and Karen Scarfone. August 2012
  • CISSP-ISSAP CISSP-ISSAP

    • Information Security Management Handbook, Sixth Edition by Harold F. Tipton and Micki Krause. Publisher: CRC Press. (2007)

    • Payment Card Industry (PCI) Data Security Standard: Qualified Security Assessors (QSA) Validation Requirements, Ver 1.2. Publisher: PCI Security Standards Council LLC. April 2008         


    • Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance (Theory in Practice), First Edition by Tim Mather, Subra Kumaraswamy, and Shahed Latif. Publisher: O'Reilly Media, Inc. (2009)

    • Enterprise Security Architecture: A Business-Driven Approach, First Edition by John Sherwood, Andrew Clark, and David Lynas. Publisher: CRC Press. (2005)

    • Hacking Exposed Industrial Control Systems: ICS and SCADA Security Secrets & Solutions, First Edition by Clint Bodungen, Bryan Singer, Aaron Shbeeb, Kyle Wilhoit, and Stephen Hilt. Publisher: McGraw-Hill Education. (2016)

    • NIST SP 800-125, Guide to Security for Full Virtualization Technologies by K. Scarfone, M. Souppaya, and P. Hoffman. January 2011

    • Introduction to Business Architecture, First Edition by Chris Reynolds. Publisher: Cengage Learning PTR. (2009)

    • Practical VoIP Security by Larry Chaffin, Jan Kanclirz, Jr., Thomas Porter, Choon Shim and Andy Zmolek. Publisher: Syngress. (2006)

    • Applied Cryptography: Protocols, Algorithms and Source Code in C, 20th Anniversary Edition, Second Edition by Bruce Schneier. Publisher: Wiley. (2015)

    • Build the Best Data Center Facility for Your Business, First Edition by Douglas Alger. Publisher: Cisco Press. (2005)

    • Network Security Architectures by Sean Convery. Publisher: Cisco Press. (2004) 

    • Identity and Access Management: Business Performance Through Connected Intelligence, First Edition by Ertem Osmanoglu. Publisher: Syngress. (2013)

    • NIST SP 800-63-3, Digital Identity Guidelines by Paul Grassi, Michael Garcia, and James Fenton.  June 2017

    • Biometrics for Network Security by Paul Reid. Publisher: Prentice Hall PTR. (2003)

    • Security Patterns in Practice: Designing Secure Architectures Using Software Patterns by Eduardo Fernandez-Buglioni. Publisher: Wiley. (2013)   

    • Agile Application Security: Enabling Security in a Continuous Delivery Pipeline, First Edition by Laura Bell, Michael Brunton-Spall, Rich Smith, and Jim Bird. Publisher: O'Reilly Media. (2017)

    • Application Security in the ISO 27001 Environment by Anbalahan Siddharth, Pakala Sangit, Shetty Sachin, Ummer Firosh, Mangla Anoop and Vasudevan Vinod. Publisher: IT Governance Publishing. (2008)  

    • The Trustworthy Computing Security Development Lifecycle by Steve Lipner. Publisher: Computer Security Application Conference. (2005)

    • CSA Security Guidance for Critical Areas of Focus in Cloud Computing v4.0. by Mogul, R., Arlen, J., Lane, A., Peterson, G., and Rothman, M. Publisher: Cloud Security Alliance. (2017) 

    • Information Security Handbook: Develop a Threat Model and Incident Response Strategy to Build a Strong Information Security Framework by Darren Death. Publisher: Packt Publishing. (2017)

    • NIST SP 800-34 Rev 1, Contingency Planning Guide for Federal Information Systems by Marianne Swanson, Pauline Bowen, Amy Wohl Phillips, Dean Gallup, and David Lynes.  November 2010         

    • NIST SP 800-61, Rev 2, Computer Security Incident Handling Guide by Paul Cichonski, Tom Millar, Tim Grance, and Karen Scarfone. August 2012

    • Disaster Recovery and Business Continuity, Third Edition by BS Thejendra. Publisher: IT Governance Publishing. (2014)

    • PCI Compliance: Understand and Implement Effective PCI Data Security Standard Compliance, Fourth Edition by Branden R. Williams and Anton Chuvakin. Publisher: Syngress. (2014)   

    • Business Continuity and Disaster Recovery Planning for IT Professionals, Second Edition by Susan Snedaker. Publisher: Syngress. (2013)
  • CISSP-ISSEP CISSP-ISSEP
    • NIST SP 800-160 Vol. 1, Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems by Ron Ross, Michael McEvilley, and Janet Oren. November 2016

    • A Guide to the Project Management Body of Knowledge (PMBOK® Guide), Sixth Edition by Project Management Institute. Publisher: Project Management Institute. (2017)

    • NIST SP 800-37 Rev 2, Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy. Joint Task Force Transformation Initiative. December 2018

    • NIST 800-53 Rev 4, Security and Privacy Controls for Federal Information Systems and Organizations. Joint Task Force Transformation Initiative. April 2013

    • NIST SP 800-161, Supply Chain Risk Management Practices for Federal Information Systems and Organizations by Jon Boyens, Celia Paulsen, Rama Moorthy, and Nadya Bartol.  April 2015

    • NIST SP 800-30 Rev 1, Guide for Conducting Risk Assessments. Joint Task Force Transformation Initiative.  September 2012

    • Information Assurance Technical Framework, Rel 3.1.  Issued by: National Security Agency Information Assurance Solutions Technical Directors.  September 2002


    • NIST SP 800-115, Technical Guide to Information Security Testing and Assessment by Karen Scarfone, Murugiah Souppaya, Amanda Cody, and Angela Orebaugh. September 2008  

    • INCOSE Systems Engineering Handbook: A Guide for System Life Cycle Processes and Activities, Fourth Edition by INCOSE. Publisher: Wiley. (2015)

    • NIST SP 800-128, Guide for Security-Focused Configuration Management of Information Systems by Arnold Johnson, Kelley Dempsey, Ron Ross, Sarbari Gupta, and Dennis Bailey.  August 2011

    • NIST SP 800-88, Rev 1, Guidelines for Media Sanitization by Larry Feldman and Gregory A. Witte.  February 2015.

    • NIST SP 800-40, Rev. 3, Guide to Enterprise Patch Management Technologies by Murugiah Souppaya and Karen Scarfone. July 2013

    • NIST SP 800-61, Rev 2, Computer Security Incident Handling Guide by Paul Cichonski, Tom Millar, Tim Grance, and Karen Scarfone. August 2012
  • CISSP-ISSMP CISSP-ISSMP
    • Information Security Management Handbook, Sixth Edition by Harold F. Tipton and Micki Krause. Publisher: CRC Press. (2007)

    • Security Policies and Implementation Issues, Second Edition by Robert Johnson. Publisher: Jones & Bartlett Learning. (2014)


    • NIST SP 800-55 Rev 1, Performance Measurement Guide for Information Security by Elizabeth Chew, Marianne Swanson, Kevin Stine, Nadya Bartol, Anthony Brown, Will Robinson. July 2008

    • NIST 800-53 Rev 4, Security and Privacy Controls for Federal Information Systems and Organizations. Joint Task Force Transformation Initiative. April 2013

    • NIST SP 800-40, Rev 3, Guide to Enterprise Patch Management Technologies by Murugiah Souppaya and Karen Scarfone. July 2013

    • NIST SP 800-160 Vol. 1, Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems by Ron Ross, Michael McEvilley, and Janet Oren. November 2016

    • NIST SP 800-30 Rev 1, Guide for Conducting Risk Assessments. Joint Task Force Transformation Initiative. September 2012

    • NIST SP 800-39, Managing Information Security Risk: Organization, Mission, and Information System View. Joint Task Force Transformation Initiative. March 2011

    • Security Risk Management: Building an Information Security Risk Management Program from the Ground Up, First Edition by Evan Wheeler. Publisher: Syngress. (2011)

    • Disaster Recovery Planning: For Computers and Communication Resources, First Edition by Jon Toigo. Publisher: Wiley. (1996)         

    • Security Operations Center: Building, Operating, and Maintaining your SOC, First Edition by Joseph Muniz, Gary McIntyre, Nadhem AlFardan. Publisher: Cisco Press. (2015)

    • NIST SP 800-61, Rev 2, Computer Security Incident Handling Guide by Paul Cichonski, Tom Millar, Tim Grance, and Karen Scarfone. August 2012

    • Threat Modeling: Designing for Security, First Edition by Adam Shostack. Publisher: Wiley (2014)      

    • Handbook of Information Security Management, 98th Edition by Harold F. Tipton and Micki Krause. Publisher: Auerbach Publications. (1997)

    • NIST SP 800-34 Rev 1, Contingency Planning Guide for Federal Information Systems by Marianne Swanson, Pauline Bowen, Amy Wohl Phillips, Dean Gallup, and David Lynes.  November 2010   

    • Business Continuity and Disaster Recovery Planning for IT Professionals, Second Edition by Susan Snedaker. Publisher: Syngress. (2013)

    • Disaster Recovery, Crisis Response, and Business Continuity: A Management Desk Reference, First Edition by Jamie Watters and Janet Watters. Publisher: Apress. (2013)

    • Disaster Recovery Planning: For Computers and Communication Resources, First Edition by Jon Toigo. Publisher: Wiley. (1996)         


    • Auditing IT Infrastructures for Compliance, Second Edition by Martin Weiss and Michael Solomon. Publisher: Jones & Bartlett Learning. (2015)
OK