CBK Suggested References

This reference list is not intended to be an all-inclusive collection representing the respective certifications Common Body of Knowledge (CBK). Its purpose is to provide candidates a starting point for their studies in domains which need supplementary learning in order to complement their associated level of work and academic experience. Candidates may also consider other references, which are not on this list but adequately cover domain content.

Note: ISC2 does not endorse any particular text or author and does not imply that any or all references be acquired or consulted. ISC2 does not imply nor guarantee that the study of these references will result in an examination pass.

  • Access Control and Identity Management, 3rd Ed. by Mike Chapple. Publisher: Jones and Bartlett Learning. (Sep, 2020).

  • Building an Information Security Awareness Program, 1st Ed. by Bill Gardner and Valerie Thomas. Publisher: Syngress. (Aug, 2014).

  • Business Continuity and Disaster Recovery Planning for IT Professionals, 2nd Ed. by Susan Snedaker. Publisher: Syngress. (Sep, 2013).

  • Cybersecurity Risk Management by Cynthia Brumfield, Brian Haugli. Publisher: Wiley. (Dec, 2021).

  • Digital Forensics and Incident Response, 2nd Ed. by Gerard Johansen. Publisher: Packt Publishing. (Jan, 2020).

  • Disaster Recovery, Crisis Response, and Business Continuity: A Management Desk Reference by Jamie Watters, Janet Watters. Publisher: Apress. (Dec, 2013).

  • Distributed Denial of Service (DDoS) by Eric Chou, Rich Groves. Publisher: O’Reilly Media, Inc. (Apr, 2018).

  • Foundations of Information Security: A Straightforward Introduction by Jason Andress. Publisher: William Pollock. (Oct, 2019).

  • Fundamentals of Information Systems Security, 4th Ed. by David Kim, Michael G. Solomon. Publisher: Jones & Bartlett Publishers. (Nov, 2021).

  • Information Assurance Handbook: Effective Computer Security and Risk Management Strategies, 1st Ed. by Corey Schou and Steven Hernandez. Publisher: McGraw-Hill Education. (Sep, 2014).

  • Information Security Policies, Procedures, and Standards: A Practitioner’s Reference by Dogulas J. Landoll. Publisher: Auerbach Publications. (Mar, 2017).


  • Mastering Windows Security and Hardening by Mark Dunkerley, Matt Tumbarello. Publisher: Packt Publishing. (Aug, 2022).

  • Modern Cryptography for Security Professionals, 1st Ed. by Lisa Bock. Publisher: Packt Publishing. (Jun, 2021).

  • Network Security, Firewalls, and VPNs, 3rd Edition by J. Michael Stewart, Denise Kinsey. Publisher: Jones & Bartlett Learning. (Oct, 2020).

  • Networking Fundamentals, 1st Ed. by Gordon Davies. Publisher: Packt Publishing. (Dec, 2019).

  • Network Security Strategies by Aditya Mukherjee. Publisher: Packt Publishing. (Nov, 2020).

  • NIST SP 800-53, Rev. 5, Security and Privacy Controls for Information Systems and Organizations by Joint Task Force Transformation Initiative. (Sep, 2020).

  • NIST SP 800-61, Rev. 2, Computer Security Incident Handling Guide by Paul Cichonski, Tom Millar, Tim Grance, Karen Scarfone. (Aug, 2012).

  • Security Policies and Implementation Issues, 3rd Ed. by Robert Johnson and Chuck Easttom. Publisher: Bartlett Learning. (Oct, 2020).

  • The Complete Guide to Physical Security by Paul R. Baker and Daniel J. Benny. Publisher: Auerbach Publications. (Apr, 2016).
  • A Practical Guide to TPM 2.0: Using the New Trusted Platform Module in the New Age of Security by Will Arthur, David Challener. Publisher: Apress. (Jan, 2015).

  • Access Control and Identity Management, 3rd Ed. by Mike Chapple. Publisher: Jones and Bartlett Learning. (Sep, 2020).

  • A Technical Guide to IPSec Virtual Private Networks by James S. Tiller. Publisher: Auerbach Publications. (Jul, 2017).

  • Applied Cryptography: Protocols, Algorithms and Source Code in C, 20th Anniversary Ed. by Bruce Schneier. Publisher: Wiley. (Mar, 2015).

  • Building an Information Security Awareness Program, 1st Ed. by Bill Gardner and Valerie Thomas. Publisher: Syngress. (Aug, 2014).

  • Business Continuity and Disaster Recovery Planning for IT Professionals, 2nd Ed. by Susan Snedaker. Publisher: Syngress. (Sep, 2013).

  • Cryptography and Network Security Principles and Practice, 6th Ed. by William Stallings. Publisher: Pearson. (Mar, 2013).

  • Cybersecurity Incident Response: How to Contain, Eradicate, and Recover from Incidents by Eric C. Thompson. Publisher: Apress. (Sep, 2018).

  • Digital Forensics and Incident Response, 2nd Ed. by Gerard Johansen. Publisher: Packt Publishing. (Jan, 2020).

  • Foundations of Information Security: A Straightforward Introduction by Jason Andress. Publisher: William Pollock. (Oct, 2019).

  • Fundamentals of Information Systems Security, 4th Ed. by David Kim, Michael G. Solomon. Publisher: Jones & Bartlett Publishers. (Nov, 2021).

  • Identity Attack Vectors: Implementing an Effective Identity and Access Management Solution by Darran Rolls, Morey J. Haber. Publisher: Apress. (Dec, 2019).

  • Identity and Access Management: Business Performance Through Connected Intelligence, 1st Ed. by Ertem Osmanoglu. Publisher: Syngress. (Nov, 2013).

  • Information Risk Management: A Practitioner's Guide by David Sutton. Publisher: BCS, The Chartered Institute for IT. (Nov, 2014).

  • Introduction to Computer Networks and Cybersecurity, 1st Ed. by J. Chwan-Hwa Wu, David Irwin. Publisher: CRC Press. (Apr, 2016).


  • Logging and Log Management by A. Chuvakin, K. Schmidt. Publisher: Syngress. (Dec, 2012).

  • Network Security, Firewalls, and VPNs, 3rd Edition by J. Michael Stewart, Denise Kinsey. Publisher: Jones & Bartlett Learning. (Oct, 2020).

  • Networking Fundamentals, 1st Ed. by Gordon Davies. Publisher: Packt Publishing. (Dec, 2019).

  • NIST SP 800-61, Rev. 2, Computer Security Incident Handling Guide by Paul Cichonski, Tom Millar, Tim Grance, Karen Scarfone. (Aug, 2012).

  • Official (ISC)² SSCP CBK Reference, 5th Ed. by Mike Wills. Publisher: Sybex. (Dec, 2019).

  • Practical Cloud Security: A Guide for Secure Design and Deployment by Chris Dotson. Publisher: O'Reilly Media. (Mar, 2019).
  • A Practical Guide to TPM 2.0: Using the New Trusted Platform Module in the New Age of Security by Will Arthur, David Challener. Publisher: Apress. (Jan, 2015).

  • Access Control, Authentication, and Public Key Infrastructure (Information Systems Security & Assurance), 1st Ed. by Bill Ballad, Tricia Ballad, Erin Banks. Publisher: Jones & Bartlett Learning. (Oct, 2010).

  • Agile Application Security by Laura Bell, Rich Smith, Michael Brunton-Spall, Jim Bird. Publisher: O’Reilly Media, Inc. (Jun, 2017).

  • Architecting the Cloud: Design Decisions for Cloud Computing Service Models (SaaS, PaaS, and IaaS) by Michael Kavis. Publisher: Wiley. (Jan, 2014).

  • Asset Attack Vectors: Building Effective Vulnerability Management Strategies to Protect Organizations by Morey J. Haber, Brad Hibbert. Publisher: Apress. (Jun, 2018).

  • Business Continuity and Disaster Recovery Planning for IT Professionals, 2nd Ed. by Susan Snedaker. Publisher: Syngress. (Sep, 2013).

  • Computer and Information Security Handbook, 3rd Ed. by John Vacca. Publisher: Morgan Kaufmann. (May, 2017).

  • Computer Security: Art and Science, 2nd Ed. by Matt Bishop. Publisher: Addison-Wesley Professional. (Nov, 2018).

  • Core Software Security: Security at the Source by Anmol Misra, James F. Ransome. Publisher: Auerbach Publications. (Oct, 2018).

  • Data Center Handbook, 2nd Ed. by Hwaiyu Geng. Publisher: Wiley. (May, 2021).

  • Developing Cybersecurity Programs and Policies, 3rd Ed. by Omar Santos, Sari Greene. Publisher: Pearson IT Certification. (Aug, 2018).

  • Disaster Recovery, Crisis Response, and Business Continuity: A Management Desk Reference by Jamie Watters, Janet Watters. Publisher: Apress. (Dec, 2013).

  • Distributed Denial of Service (DDoS) by Eric Chou, Rich Groves. Publisher: O’Reilly Media, Inc. (Apr, 2018).

  • DomainKeys Identified Mail (DKIM) Signature by Murray Kucherawy, Dave Crocker, Tony Hansen. Publisher: IETF. (Sep, 2011).

  • Ethical Hacking and Penetration Testing Guide by Rafay Baloch. Publisher: Auerbach Publications. (Sep, 2017).

  • Federated Identity Primer, 1st Ed. by Derrick Rountree. Publisher: Syngress. (Dec, 2012).

  • Foundations of Information Security: A Straightforward Introduction by Jason Andress. Publisher: William Pollock. (Oct, 2019).

  • Fundamental Practices for Secure Software Development: Essential Elements of a Secure Development Lifecycle Program, 3rd Ed. by Toni Rice. Publisher: SAFECode. (Mar, 2018).

  • Fundamentals of Information Systems Security, 4th Ed. by David Kim, Michael G. Solomon. Publisher: Jones & Bartlett Publishers. (Nov, 2021).

  • EU General Data Protection Regulation (GDPR) by European Parliament. Publisher: European Parliament and Council of the European Union. (May, 2016).

  • Identity and Access Management: Business Performance Through Connected Intelligence, 1st Ed. by Ertem Osmanoglu. Publisher: Syngress. (Nov, 2013).

  • Identity Attack Vectors: Implementing an Effective Identity and Access Management Solution by Darran Rolls, Morey J. Haber. Publisher: Apress. (Dec, 2019).

  • Information Assurance Handbook: Effective Computer Security and Risk Management Strategies, 1st Ed. by Corey Schou and Steven Hernandez. Publisher: McGraw-Hill Education. (Sep, 2014).

  • Information Security Handbook by Darren Death. Publisher: Packt Publishing. (Dec, 2017).

  • Information Security Policies, Procedures, and Standards: A Practitioner’s Reference by Dogulas J. Landoll. Publisher: Auerbach Publications. (Mar, 2017).

  • Introduction to Computer Networks and Cybersecurity, 1st Ed. by J. Chwan-Hwa Wu, David Irwin. Publisher: CRC Press. (Apr, 2016).


  • IT Auditing Using Controls to Protect Information Assets, 3rd Edition by Mike Kegerreis, Mike Schiller, Chris Davis. Publisher: McGraw-Hill Education. (Oct, 2019).

  • Network Security, Firewalls, and VPNs, 3rd Edition by J. Michael Stewart, Denise Kinsey. Publisher: Jones & Bartlett Learning. (Oct, 2020).

  • Network Vulnerability Assessment: Identify Security Loopholes in Your Network's Infrastructure by Sagar Rahalkar. Publisher: Packt Publishing. (Aug, 2018).

  • Networking Fundamentals, 3rd Ed. by Chuck Easttom, Richard M. Roberts. Publisher: Goodheart-Willcox. (Sep, 2018).

  • NIST SP 800-30, Rev. 1, Guide for Conducting Risk Assessments by Joint Task Force Transformation Initiative. (Sep, 2012).

  • NIST SP 800-34 Rev. 1, Contingency Planning Guide for Federal Information Systems by Marianne Swanson, Pauline Bowen, Amy Wohl Phillips, Dean Gallup, David Lynes. (May, 2010).

  • NIST SP 800-41, Revision 1, Guidelines on Firewalls and Firewall Policy by Karen Scarfone, Paul Hoffman. (Sep, 2009).

  • NIST SP 800-53, Rev. 5, Security and Privacy Controls for Information Systems and Organizations by Joint Task Force Transformation Initiative. (Sep, 2020).

  • NIST SP 800-63-3, Digital Identity Guidelines: Enrollment and Identity Proofing by Paul A. Grassi, James L. Fenton, Naomi B. Lefkovitz, Jamie M. Danker, Yee-Yin Choong, Kristen K. Greene, Mary F. Theofanos. (Jun, 2017).

  • NIST SP 800-77, Revision 1, Guide to IPsec VPNs by Elaine Barker, Quynh Dang, Sheila Frankel, Karen Scarfone, Paul Wouters. Publisher: NIST. (Jun, 2020).

  • NIST SP 800-88, Guidelines for Media Sanitization by Richard Kissel, Andrew Regenscheid, Matthew Scholl, Kevin Stine. (Dec, 2014).

  • NIST SP 800-95, Guide to Secure Web Services by Anoop Singhal, Theodore Winograd, Karen Scarfone. (Aug, 2007).

  • NIST SP 800-115, Technical Guide to Information Security Testing and Assessment by Karen Scarfone, Murugiah Souppaya, Amanda Cody, Angela Orebaugh. (Sep, 2008).

  • NIST SP 800-122, Guide to Protecting the Confidentiality of Personally Identifiable Information (PII) by Erika McCallister, Tim Grance, Karen Scarfone. (Apr, 2010).

  • NIST SP 800-128, Guide for Security-Focused Configuration Management of Information Systems by Arnold Johnson, Kelley Dempsey, Ron Ross, Sarbari Gupta, Dennis Bailey. (Aug, 2011).

  • NIST SP 800-137, Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations by Kelley Dempsey, Nirali Shah Chawla, Arnold Johnson, Ronald Johnston, Alicia Clay Jones, Angela Orebaugh, Matthew Scholl, Kevin Stine. (Sep, 2011).

  • NIST SP 800-160, Vol. 1, Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems by Ron Ross, Michael McEvilley, Janet Carrier Oren. (Mar, 2018).

  • Official (ISC)² Guide to the CISSP CBK, 5th Ed. by John Warsinske, Mark Graff, Kevin Henry, Christopher Hoover, Ben Malisow, Sean Murphy, C. Paul Oakes, George Pajari, Jeff T. Parker, David Seidl and Mike Vasquez. Publisher: Wiley. (May, 2019).

  • OWASP Testing Guide, Release 4.0 by Matteo Meucci, Andrew Muller. Publisher: OWASP. (Dec, 2014).

  • Physical Security and Safety by Jeffrey Dingle, Bobby E. Ricks, Truett A, Ricks. Publisher: CRC Press. (Oct, 2014).

  • Practical Cloud Security: A Guide for Secure Design and Deployment by Chris Dotson. Publisher: O'Reilly Media. (Mar, 2019).

  • Practical Internet of Things Security, 2nd Ed. by Brian Russel, Drew Van Duren. Publisher: Packt Publisher. (Nov, 2018).

  • Securing Open Source Libraries by Guy Podjarny. Publisher: O’Reilly Media, Inc. (Nov, 2017).

  • Securing VoIP, 1st Ed. by Regis Bates. Publisher: Syngress. (Nov, 2014).

  • Security Policies and Implementation Issues, 3rd Ed. by Robert Johnson and Chuck Easttom. Publisher: Bartlett Learning. (Oct, 2020).

  • Security Risk Assessment: Managing Physical and Operational Security by John M. White. Publisher: Butterworth-Heinemann. (Jul, 2014).

  • Solving Identity Management in Modern Applications: Demystifying OAuth 2.0, OpenID Connect, and SAML 2.0 by Abhishek Hingnikar, Yvonne Wilson. Publisher: Apress. (Nov, 2022).

  • The Complete Guide to Physical Security by Paul R. Baker and Daniel J. Benny. Publisher: Auerbach Publications. (Apr, 2016).

  • The Disaster Recovery Handbook, 3rd Ed. by Michael Wallace, Lawrence Webber. Publisher: AMACOM. (Dec, 2017).

  • Threat Modeling: Designing for Security, 1st Ed. by Adam Shostack. Publisher: Wiley. (Feb, 2014).

  • Web Application Security: Exploitation and Countermeasures for Modern Web Applications by Andrew Hoffman. Publisher: O’Reilly Media, Inc. (Mar, 2020).

  • Zero Trust Networks: Building Secure Systems in Untrusted Networks by Evan Gilman, Doug Barth. Publisher: O'Reilly. (Jul, 2017).
  • Architecting Cloud Computing Solutions by Kevin L. Jackson and Scott Goessling. Publisher: Packt Publishing. (May, 2018).

  • Architecting the Cloud: Design Decisions for Cloud Computing Service Models (SaaS, PaaS, and IaaS) by Michael Kavis. Publisher: Wiley. (Jan, 2014).

  • Business Continuity and Disaster Recovery Planning for IT Professionals, 2nd Ed. by Susan Snedaker. Publisher: Syngress. (Sep, 2013).

  • Cloud Computing Design Patterns by Thomas Erl, Robert Cope, Amin Naserpour. Publisher: Prentice Hall. (Mar, 2017).

  • Cloud Security Handbook by Eyal Estrin. Publisher: Packt Publishing. (Apr, 2022).

  • Data Governance: The Definitive Guide by Evren Eryurek, Uri Gilad, Valliappa Lakshmanan, Anita Kibunguchy-Grant, Jessi Ashdown. Publisher: O'Reilly Media, Inc. (Mar, 2021).

  • EU General Data Protection Regulation (GDPR) by European Parliament. Publisher: European Parliament and Council of the European Union. (May, 2016).

  • Fundamental Practices for Secure Software Development. Publisher: SAFECode. (Mar, 2018).

  • Guide to Privacy and Security of Electronic Health Information. Publisher: HealthIT.gov. (Apr, 2015).

  • Incident Response in the Age of Cloud: Techniques and best practices to effectively respond to cybersecurity incidents by Erdal Ozkaya. Publisher: Packt Publishing. (Feb, 2021).

  • Information Security Handbook by Darren Death. Publisher: Packt Publishing. (Dec, 2017).

  • NIST SP 800-125, Guide to Security for Full Virtualization Technologies by Karen Scarfone, Murugiah Souppaya, Paul Hoffman. (Jan, 2011).

  • Official (ISC)² Guide to the CCSP CBK, 3rd Ed. by Leslie Fife, Aaron Kraus, Bryan Lewis. Publisher: Sybex. (July, 2021).

  • Practical Cloud Security: A Guide for Secure Design and Deployment by Chris Dotson. Publisher: O'Reilly Media. (Mar, 2019).

  • Security Guidance for Critical Areas of Focus in Cloud Computing v4.0 by Rich Mogull, James Arlen, Adrian Lane, Gunnar Peterson, Mike Rothman, David Mortman. Publisher: Cloud Security Alliance. (Jul, 2017).

  • Security, Privacy, and Digital Forensics in the Cloud by Lei Chen, Hassan Takabi, Nhien-An Le-Khac. Publisher: Wiley. (Apr, 2019).
  • Information Security Risk Management for ISO 27001/ISO 27002, 3rd Ed. by Alan Calder, Steve Watkins. Publisher: IT Governance Publishing. (Aug, 2019).

  • ISO 27001/ISO 27002, A Pocket Guide, 2nd Ed. By Alan Calder. Publisher: IT Governance Publishing. (Oct, 2013).

  • NIST FIPS-199, Standards for Security Categorization of Federal Information and Information Systems by U.S. Dept. of Commerce. (Feb, 2004).

  • NIST SP 800-18, Rev. 1, Guide for Developing Security Plans for Federal Information Systems by Marianne Swanson, Joan Hash, Pauline Bowen. (Feb, 2006).

  • NIST SP 800-30, Rev. 1, Guide for Conducting Risk Assessments by Joint Task Force Transformation Initiative. (Sep, 2012).

  • NIST SP 800-37, Rev. 2, Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy by Joint Task Force Transformation Initiative. (Dec, 2018).

  • NIST SP 800-39, Managing Information Security Risk: Organization, Mission, and Information System View by Joint Task Force Transformation Initiative. (Mar, 2011).

  • NIST SP 800-53, Rev. 5, Security and Privacy Controls for Information Systems and Organizations by Joint Task Force Transformation Initiative. (Sep, 2020).

  • NIST SP 800-53A, Rev. 5, Assessing Security and Privacy Controls in Information Systems and Organizations by Joint Task Force Transformation Initiative. (Jan, 2022).

  • NIST SP 800-53B, Control Baselines for Information Systems and Organizations by Joint Task Force Transformation Initiative. (Sep, 2020).

  • NIST SP 800-60, Vol. 1, Rev. 1, Guide for Mapping Types of Information and Information Systems to Security Categories by Kevin Stine, Rich Kissel, William C. Barker, Jim Fahlsing, Jessica Gulick. (Aug, 2008).

  • NIST SP 800-70, Rev. 4, National Checklist Program for IT Products: Guidelines for Checklist Users and Developers by Stephen D. Quinn, Murugiah Souppaya, Melanie Cook, Karen Scarfone. (Feb, 2018).

  • NIST SP 800-88, Guidelines for Media Sanitization by Richard Kissel, Andrew Regenscheid, Matthew Scholl, Kevin Stine. (Dec, 2014).

  • NIST SP 800-137, Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations by Kelley Dempsey, Nirali Shah Chawla, Arnold Johnson, Ronald Johnston, Alicia Clay Jones, Angela Orebaugh, Matthew Scholl, Kevin Stine. (Sep, 2011).
  • A Guide to Building Secure Web Applications and Web Services 2.0 Black Hat Ed. by Abraham Kang, Adrian Wiesmann, et al. Publisher: OWASP. (Jul, 2005).

  • A Practical Guide to TPM 2.0: Using the New Trusted Platform Module in the New Age of Security by Will Arthur, David Challener. Publisher: Apress. (Jan, 2015).

  • Access Control, Authentication, and Public Key Infrastructure, 2nd Ed. by Mike Chapple, Bill Ballad, Tricia Ballad, Erin Banks. Publisher: Jones & Bartlett Learning. (Jul, 2013).

  • Agile Application Security by Laura Bell, Rich Smith, Michael Brunton-Spall, Jim Bird. Publisher: O’Reilly Media, Inc. (Jun, 2017).

  • Applied Cryptography: Protocols, Algorithms and Source Code in C, 20th Anniversary Ed. by Bruce Schneier. Publisher: Wiley. (Mar, 2015).

  • CMMI for Development: Implementation Guide by Mukund Chaudhary, Abhishek Chopra. Publisher: Apress. (Dec, 2016).

  • Computer Security: Art and Science, 2nd Ed. by Matt Bishop. Publisher: Addison-Wesley Professional. (Nov, 2018).

  • Core Software Security: Security at the Source by Anmol Misra, James F. Ransome. Publisher: Auerbach Publications. (Oct, 2018).

  • Cybersecurity - Attack and Defense Strategies, 2nd Ed. by Erdal Ozkaya and Yuri Diogenes. Publisher: Packt Publishing. (Dec, 2019).

  • Enterprise Software Security: A Confluence of Disciplines by Kenneth R. van Wyk, Mark G. Graff, Dan S. Peters, Diana L. Burley. Publisher: Addison-Wesley Professional. (Dec, 2014).

  • Hacker Techniques, Tools, and Incident Handling, 2nd Ed. by Sean-Philip Oriyano. Publisher: Jones & Bartlett Learning. (Aug, 2013).

  • Hands-On Security in DevOps by Tony Hsu. Publisher: Packt Publishing. (Jul, 2018).

  • Improper Error Handling by Jeremy Ferragamo, Wichers, Jim Bird. Publisher: OWASP. (Dec, 2021).

  • Information Security: Principles and Practices, 2nd Ed. by Mark S. Merkow, Jim Breithaupt. Publisher: Pearson IT Certification. (Jun, 2014).

  • IT Release Management: A Hands-on Guide by Dave Howard. Publisher: CRC Press. (Apr, 2016).

  • IT Security Risk Control Management: An Audit Preparation Plan by Raymond Pompon. Publisher: Apress. (Sep, 2016).

  • Lessons Learned in Software Testing: A Context-Driven Approach by Bret Pettichord, Cem Kaner, James Marcus Bach. Publisher: Wiley. (Dec, 2001).

  • Logging and Log Management by A. Chuvakin, K. Schmidt. Publisher: Syngress. (Dec, 2012).

  • Mastering the Requirements Process: Getting Requirements Right v3.0 by S. Robertson, J. Robertson. Publisher: Addison-Wesley Professional. (Aug, 2012).

  • NIST SP 800-37, Rev. 2, Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy by Joint Task Force Transformation Initiative. (Dec, 2018).

  • NIST SP 800-53, Rev. 5, Security and Privacy Controls for Information Systems and Organizations by Joint Task Force Transformation Initiative. (Sep, 2020).

  • NIST SP 800-60, Vol. 1, Rev. 1, Guide for Mapping Types of Information and Information Systems to Security Categories by Kevin Stine, Rich Kissel, William C. Barker, Jim Fahlsing, Jessica Gulick. (Aug, 2008).

  • NIST SP 800-88, Guidelines for Media Sanitization by Richard Kissel, Andrew Regenscheid, Matthew Scholl, Kevin Stine. (Dec, 2014).

  • NIST IR 7622, Notional Supply Chain Risk Management Practices for Federal Information Systems by Jon Boyens, Celia Paulsen, Nadya Bartol, Stephany A. Shankles, Rama Moorthy. (Oct, 2012).

  • Official (ISC)² Guide to the CSSLP, 2nd Ed. by Mano Paul. Publisher: Auerbach Publications. (Aug, 2013).

  • OWASP Testing Guide, Release 4.0 by Matteo Meucci, Andrew Muller. Publisher: OWASP. (Dec, 2014).

  • Penetration Testing: A Survival Guide by W. Halton, B. Weaver, J. Ansari, S. Kotipalli, M. Imran. Publisher: Packt Publishing. (Jan, 2017).

  • Security Risk Management by Evan Wheeler. Publisher: Syngress. (Apr, 2011).

  • Software Testing Foundations: A Study Guide for the Certified Tester Exam, 4th Ed. by Andreas Spillner. Publisher: Rocky Nook. (Feb, 2014).

  • Web Application Firewalls by Chad Russell. Publisher: O’Reilly Media, Inc. (Apr, 2018).

  • CSA Security Guidance for Critical Areas of Focus in Cloud Computing v4.0 by Rich Mogull, James Arlen, Adrian Lane, Gunnar Peterson, Mike Rothman, David Mortman. Publisher: Cloud Security Alliance. (Jul, 2017).

  • Developing Cybersecurity Programs and Policies, 3rd Ed. by Omar Santos, Sari Greene. Publisher: Pearson IT Certification. (Aug, 2018).

  • Disclosures for Public Health Activities 45 CFR 164.512(b). by OCR HIPAA Privacy. Publisher: OCR HIPAA Privacy. (Apr, 2003).

  • EU General Data Protection Regulation (GDPR): An Implementation and Compliance Guide, 4th Ed. by IT Governance Privacy Team. Publisher: IT Governance Ltd. (Oct, 2020).

  • Federal Register / Vol. 78, No. 17 by Office of the Federal Register. Publisher: USGOV (Jan, 2013).

  • Healthcare Information Security and Privacy by Sean Murphy. Publisher: McGraw-Hill. (Jan, 2015).

  • Information Governance for Healthcare Professionals by Robert F. Smallwood. Publisher: Productivity Press. (Sep, 2018).

  • Information Governance; Concepts, Strategies, and Best Practices, 2nd Ed. by Robert F. Smallwood. Publisher: Wiley. (Dec, 2019).

  • NIST SP 800-30, Rev. 1, Guide for Conducting Risk Assessments by Joint Task Force Transformation Initiative. (Sep, 2012).

  • NIST SP 800-37, Rev. 2, Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy by Joint Task Force Transformation Initiative. (Dec, 2018).

  • NIST SP 800-39, Managing Information Security Risk: Organization, Mission, and Information System View by Joint Task Force Transformation Initiative. (Mar, 2011).

  • NIST SP 800-53, Rev. 5, Security and Privacy Controls for Information Systems and Organizations by Joint Task Force Transformation Initiative. (Sep, 2020).

  • NIST SP 800-61, Rev. 2, Computer Security Incident Handling Guide by Paul Cichonski, Tom Millar, Tim Grance, Karen Scarfone. (Aug, 2012).

  • NIST SP 800-66, Rev. 1: An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA). Security Rule by Matthew Scholl, Kevin Stine, Joan Hash, Pauline Bowen, Arnold Johnson, Carla Dancy Smith, Daniel I. Seinberg. (Oct, 2008).

  • NIST SP 800-88, Guidelines for Media Sanitization by Richard Kissel, Andrew Regenscheid, Matthew Scholl, Kevin Stine. (Dec, 2014).

  • The Official ISC2 Guide to the HCISPP CBK by Steven Hernandez. Publisher: Sybex. (Nov, 2018).
  • Agile Application Lifecycle Management: Using DevOps to Drive Process Improvement, 1st Ed. by Bob Aiello, Leslie Sachs. Publisher: Addison-Wesley Professional. (Jun, 2016).

  • Agile Application Security by Laura Bell, Rich Smith, Michael Brunton-Spall, Jim Bird. Publisher: O'Reilly Media, Inc. (Jun, 2017).

  • Architecting Secure Software Systems, 1st Ed. by Asoke Talukder, Manish Chaitanya. Publisher: Auerbach Publications. (Sep, 2019).

  • Applied Cryptography: Protocols, Algorithms and Source Code in C, 20th Anniversary Ed. by Bruce Schneier. Publisher: Wiley. (Mar, 2015).

  • Beginning Database Design Solutions by Rod Stephens. Publisher: Jossey-Bass. (Nov, 2008).

  • Business Continuity and Disaster Recovery Planning for IT Professionals, 2nd Ed. by Susan Snedaker. Publisher: Syngress. (Sep, 2013).

  • Cloud Storage Security: A Practical Guide by Aaron Wheeler, Michael Winburn. Publisher: Elsevier. (Jul, 2015).

  • Common Criteria for Information Technology Security Evaluation, Version 3.1 Rev. 5 by Mead, N. Publisher: Carnegie. (Apr, 2017).

  • Data Center Handbook, 2nd Ed. by Hwaiyu Geng. Publisher: Wiley. (May, 2021).

  • Disaster Recovery and Business Continuity, 3rd Ed. by B.S. Thejandra. Publisher: IT Governance Publishing. (Jan, 2014).

  • Enterprise Security Architecture: A Business-Driven Approach, 1st Ed. by John Sherwood. Publisher: CRC Press. (Nov, 2015).

  • Identity and Access Management: Business Performance Through Connected Intelligence, 1st Ed. by Ertem Osmanoglu. Publisher: Syngress. (Nov, 2013).

  • Information Security Management Handbook, Vol. 6, 6th Ed. by Harold F. Tipton and Micki Krause Nozaki. Publisher: Auerbach Publications. (Apr, 2016).

  • Information Security Management Handbook, Vol. 7, 6th Ed. by Richard O'Hanley, James Tiller. Publisher: Auerbach Publications. (Aug, 2013).

  • NIST SP 800-34 Rev. 1, Contingency Planning Guide for Federal Information Systems by Marianne Swanson, Pauline Bowen, Amy Wohl Phillips, Dean Gallup, David Lynes. (May, 2010).

  • NIST SP 800-57, Rev. 5, Recommendation for Key Management: Part 1 – General by Elaine Barker. Publisher: NIST. (May, 2020) .

  • NIST SP 800-61, Rev. 2, Computer Security Incident Handling Guide by Paul Cichonski, Tom Millar, Tim Grance, Karen Scarfone. (Aug, 2012).

  • NIST SP 800-63-3, Digital Identity Guidelines: Enrollment and Identity Proofing by Paul A. Grassi, James L. Fenton, Naomi B. Lefkovitz, Jamie M. Danker, Yee-Yin Choong, Kristen K. Greene, Mary F. Theofanos. (Jun, 2017).

  • NIST SP 800-115, Technical Guide to Information Security Testing and Assessment by Karen Scarfone, Murugiah Souppaya, Amanda Cody, Angela Orebaugh. (Sep, 2008).

  • ]NIST SP 800-125, Guide to Security for Full Virtualization Technologies by Karen Scarfone, Murugiah Souppaya, Paul Hoffman. (Jan, 2011).

  • NIST SP 800-162, Guide to Attribute Based Access Control (ABAC) Definition and Considerations by Vincent Hu, David Ferraiolo, Rick Kuhn, Adam Schnitzer, Kenneth Sandlin, Robert Miller, Karen Scarfone. (Jan, 2014).

  • Official (ISC)² Guide to the ISSAP CBK, 2nd Ed. by Adam Gordon. Publisher: Auerbach Publications. (Jan, 2017).

  • Payment Card Industry Data Security Standards, Requirements and Security Assessment Procedures, Version 3.2.1 by PCI Security Standards Council. Publisher: PCI Security Standards Council, LLC. (May, 2018).

  • Practical Internet of Things Security, 2nd Ed. by Brian Russel, Drew Van Duren. Publisher: Packt Publisher. (Nov, 2018).

  • SABSA Executive Summary by SABSA. Publisher: The SABSA Institute. (Dec, 2021).

  • Secure Coding in C and C++, 2nd Ed. by Robert Seacord. Publisher: Addison-Wesley Professional. (Apr, 2013).

  • Security Patterns in Practice: Designing Secure Architectures Using Software Patterns by Eduardo Fernandez-Buglioni. Publisher: Wiley. (May, 2013).

  • Security Guidance for Critical Areas of Focus in Cloud Computing v4.0 by Rich Mogull, James Arlen, Adrian Lane, Gunnar Peterson, Mike Rothman, David Mortman. Publisher: Cloud Security Alliance. (Jul, 2017).
  • A Guide to the Project Management Body of Knowledge (PMBOK Guide), 7th Ed. by Project Management Institute. Publisher: Project Management Institute. (Aug, 2021).

  • INCOSE Systems Engineering Handbook by Walden. Publisher: Wiley. (Jul, 2015).

  • Information Assurance Technical Framework 3.1 by National Security Agency Information Assurance Solutions Technical Directors. (Sep, 2002).

  • ISO/IEC 15408 Common Criteria for Information Technology Security Evaluation by ISO/IEC. Publisher: National Information Assurance Partnership. (Dec, 2017).

  • NIST SP 800-30, Rev. 1, Guide for Conducting Risk Assessments by Joint Task Force Transformation Initiative. (Sep, 2012).

  • NIST SP 800-37, Rev. 2, Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy by Joint Task Force Transformation Initiative. (Dec, 2018).

  • NIST SP 800-39, Managing Information Security Risk: Organization, Mission, and Information System View by Joint Task Force Transformation Initiative. (Mar, 2011).

  • NIST SP 800-40, Rev. 3, Guide to Enterprise Patch Management Technologies Murugiah Souppaya, Karen Scarfone. (Jul, 2013).

  • NIST SP 800-53, Rev. 5, Security and Privacy Controls for Information Systems and Organizations by Joint Task Force Transformation Initiative. (Sep, 2020).

  • NIST SP 800-88, Guidelines for Media Sanitization by Richard Kissel, Andrew Regenscheid, Matthew Scholl, Kevin Stine. (Dec, 2014).

  • NIST SP 800-115, Technical Guide to Information Security Testing and Assessment by Karen Scarfone, Murugiah Souppaya, Amanda Cody, Angela Orebaugh. (Sep, 2008).

  • NIST SP 800-160, Vol. 1, Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems by Ron Ross, Michael McEvilley, Janet Carrier Oren. (Mar, 2018).

  • NIST SP 800-161, Supply Chain Risk Management Practices for Federal Information System and Organizations by Jon Boyens, Celia Paulsen, Rama Moorthy, Nadya Bartol. (Apr, 2015).
  • A Guide to the Project Management Body of Knowledge (PMBOK Guide), 7th Ed. by Project Management Institute. Publisher: Project Management Institute. (Aug, 2021).

  • Auditing IT Infrastructures for Compliance, 2nd Ed. by Martin Weiss. Publisher: Jones & Bartlett Publishers. (Jul, 2015).

  • Business Continuity and Disaster Recovery Planning for IT Professionals, 2nd Ed. by Susan Snedaker. Publisher: Syngress. (Sep, 2013).

  • Digital Forensics and Incident Response, 2nd Ed. by Gerard Johansen. Publisher: Packt Publishing. (Jan, 2020).

  • Disaster Recovery, Crisis Response, and Business Continuity: A Management Desk Reference by Jamie Watters, Janet Watters. Publisher: Apress. (Dec, 2013).

  • Disaster Recovery Planning: For Computers and Communication Resources by Jon Toigo. Publisher: Wiley. (Jan, 1996).

  • Information Security Management Handbook, Vol. 6, 6th Ed. by Harold F. Tipton and Micki Krause Nozaki. Publisher: Auerbach Publications. (Apr, 2016).


  • Incident Response & Computer Forensics, 3rd Ed. by Jason Luttgens, Matthew Pepe, Kevin Mandia. Publisher: McGraw-Hill Osborne Media. (Aug, 2014).

  • IT Auditing Using Controls to Protect Information Assets, 3rd Edition by Mike Kegerreis, Mike Schiller, Chris Davis. Publisher: McGraw-Hill Education. (Oct, 2019).

  • NIST SP 800-30, Rev. 1, Guide for Conducting Risk Assessments by Joint Task Force Transformation Initiative. (Sep, 2012).

  • NIST SP 800-34 Rev. 1, Contingency Planning Guide for Federal Information Systems by Marianne Swanson, Pauline Bowen, Amy Wohl Phillips, Dean Gallup, David Lynes. (May, 2010).

  • NIST SP 800-37, Rev. 2, Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy by Joint Task Force Transformation Initiative. (Dec, 2018).

  • NIST SP 800-39, Managing Information Security Risk: Organization, Mission, and Information System View by Joint Task Force Transformation Initiative. (Mar, 2011).

  • NIST SP 800-53, Rev. 5, Security and Privacy Controls for Information Systems and Organizations by Joint Task Force Transformation Initiative. (Sep, 2020).

  • NIST SP 800-55, Rev. 1, Performance Measurement Guide for Information Security by Elizabeth Chew, Marianne Swanson, Kevin Stine, Nadya Bartol, Anthony Brown, Will Robinson. (Jul, 2008).

  • NIST SP 800-61, Rev. 2, Computer Security Incident Handling Guide by Paul Cichonski, Tom Millar, Tim Grance, Karen Scarfone. (Aug, 2012).

  • NIST SP 800-128, Guide for Security-Focused Configuration Management of Information Systems by Arnold Johnson, Kelley Dempsey, Ron Ross, Sarbari Gupta, Dennis Bailey. (Aug, 2011).

  • NIST SP 800-160, Vol. 1, Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems by Ron Ross, Michael McEvilley, Janet Carrier Oren. (Mar, 2018).

  • Official (ISC)² Guide to the ISSMP CBK by Joseph Steinberg and Harold F. Tipton. Publisher: Auerbach Publications. (Apr, 2016).

  • Security Operations Center: Building, Operating, and Maintaining your SOC by Gary McIntyre, Joseph Muniz, Nadhem AlFardan. Publisher: Cisco Press. (Nov, 2015).

  • The Disaster Recovery Handbook, 3rd Ed. by Michael Wallace, Lawrence Webber. Publisher: AMACOM. (Dec, 2017).

  • Threat Modeling: Designing for Security, 1st Ed. by Adam Shostack. Publisher: Wiley. (Feb, 2014).