Top of Page
 

CBK Suggested References

This reference list is not intended to be an all-inclusive collection representing the respective certifications Common Body of Knowledge (CBK). Its purpose is to provide candidates a starting point for their studies in domains which need supplementary learning in order to complement their associated level of work and academic experience. Candidates may also consider other references, which are not on this list but adequately cover domain content.

Note: (ISC)² does not endorse any particular text or author and does not imply that any or all references be acquired or consulted. (ISC)² does not imply nor guarantee that the study of these references will result in an examination pass.

 

  • CISSP CISSP
    • The Official (ISC)² CISSP CBK Reference, 5th Edition
      by John Warsinske, Mark Graff, Kevin Henry, Christopher Hoover, Ben Malisow, Sean Murphy, C. Paul Oakes, George Pajari, Jeff T. Parker, David Seidl, Mike Vasquez, Publisher: Sybex (2019)

    • Information Security Management Handbook, Sixth Edition, Volume 6
      by Harold F. Tipton and Micki Krause Nozaki. Publisher: Auerbach Publications. (2016)

    • Threat Modeling: Designing for Security, First Edition
      by Adam Shostack. Publisher: Wiley (2014)

    • (ISC)² Code of Ethics, (2019)

    • Building an Information Security Awareness Program: Defending Against Social Engineering and Technical Threats, First Edition
      by Bill Gardner and Valerie Thomas. Publisher: Syngress. (2014)

    • ISO/IEC 27001:2013, Information technology — Security techniques — Information securitymanagement systems — Requirements. ISO-IEC. (2013)

    • ISO/IEC 27002:2013, Information technology — Security techniques — Code of practice for information security controls. ISO-IEC. (2013)

    • The Disaster Recovery Handbook: A Step-
      by-Step Plan to Ensure Business Continuity and Protect Vital Operations, Facilities, and Assets, Third Edition
      by Michael Wallace and Lawrence Webber. Publisher: AMACOM. (2017)

    • NIST SP 800-88, Rev 1, Guidelines for Media Sanitization
      by Larry Feldman and Gregory A. Witte.February 2015.

    • NIST SP 800-122, Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)
      by Erika McCallister, Tim Grance and Karen Scarfone. April 2010.

    • NIST SP 800-53, Rev 4, Security and Privacy Controls for Federal Information Systems and Organizations
      by Joint Task Force Transformation Initiative. April 2013

    • NIST SP 800-37 Rev 2, Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy
      by Joint Task Force. December 2018

    • Data Stewardship: An Actionable Guide to Effective Data Management and Data Governance, First Edition
      by David Plotkin. Publisher: Morgan Kaufmann. (2013)

    • Information Security and IT Risk Management, First Edition
      by Manish Agrawal, Alex Campoe, and Eric Pierce. Publisher: Wiley. (2014)

    • Data Classification: Algorithms and Applications (Chapman & Hall/CRC Data Mining and Knowledge Discovery Series), First Edition
      by Charu C. Aggarwal. Publisher: CRC Press. (2014)

    • The Architecture of Privacy: On Engineering Technologies that Can Deliver Trustworthy Safeguards, First Edition
      by Courtney Bowman, Ari Gesher, John Grant and Daniel Slate. Publisher: O'Reilly Media. (2015)

    • The Complete Guide to Physical Security, First Edition
      by Paul R. Baker and Daniel J. Benny. Publisher: Auerbach Publications. (2012)

    • Applied Cryptography: Protocols, Algorithms and Source Code in C, 20th Anniversary Edition, Second Edition
      by Bruce Schneier. Publisher: Wiley. (2015)

    • Wireless and Mobile Device Security, First Edition
      by Jim Doherty. Publisher: Jones & Barlett Learning. (2015)

    • NIST SP 800-57 Part 1, Rev 4, Recommendations for Key Management
      by Elaine Barker. January 2016

    • Data Center Handbook, First Edition
      by Hwaiyu Geng. Publisher: John Wiley & Sons Inc. (2014)

    • Security in Computing, Fifth Edition
      by Charles Pfleeger, Shari Pfleeger, and Jonathan Margulies. Publisher: Prentice Hall. (2015)

    • NIST SP 800-41, Rev 4, Guidelines on Firewalls and Firewall Policy: Recommendations of the National Institute of Standards and Technology
      by Karen Scarfone and Paul Hoffman. September 2009

    • Computer and Information Security Handbook, Third Edition
      by John Vacca. Publisher: Morgan Kaufmann. (2017)

    • End-to-End Network Security: Defense-in-Depth, First Edition
      by Omar Santos. Publisher: Cisco Press. (2007)

    • NIST SP 800-153, Guidelines for Securing Wireless Local Area Networks (WLANs)
      by Murugiah Souppaya and Karen Scarfone. February 2012

    • NIST SP 800-125B, Secure Virtual Network Configuration for Virtual Machine (VM) Protection
      by Ramaswamy Chandramouli. March 2016

    • Real 802.11 Security: Wi-Fi Protected Access and 802.11i, First Edition
      by Jon Edney and William Arb. Publisher: Addison-Wesley Professional. (2003)

    • Fundamentals of Data Communication Networks, First Edition
      by Oliver C. Ibe. Publisher: Wiley. (2017)

    • Identity and Access Management: Business Performance Through Connected Intelligence, First Edition
      by Ertem Osmanoglu. Publisher: Syngress. (2013)

    • Federated Identity Primer, First Edition
      by Derrick Rountree. Publisher: Syngress. (2012)

    • Access Control, Authentication, and Public Key Infrastructure, Second Edition
      by Mike Chapple, Bill Ballad, Tricia Ballad and Erin Banks. Publisher: Jones & Bartlett Learning. (2013)

    • Cloud Computing: SaaS, PaaS, IaaS, Virtualization, Business Models, Mobile, Security and More, First Edition
      by Kris Jamsa. Publisher: Jones & Bartlett Learning. (2012)

    • NIST SP 800-63C, Digital Identity Guidelines: Federation and Assertions
      by Paul A. Grassi,
      Justin P. Richer, Sarah K. Squire, James L. Fenton, and Ellen M. Nadeau. Privacy Authors: Naomi B. Lefkovitz and Jamie M. Danker. Usability Authors: Yee-Yin Choong, Kristen K. Greene and Mary F. Theofanos. June 2017

    • Identity Management: A Primer, First Edition
      by Graham Williamson, David Yip, Ilan Sharoni and Kent Spaulding. Publisher: MC Press.

    • NIST SP 800-115, Technical Guide to Information Security Testing and Assessment
      by Karen Scarfone,
      Murugiah Souppaya, Amanda Cody and Angela Orebaugh. September 2008

    • NIST SP 800-137, Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations
      by Kelley Dempsey, Nirali Shah, Chawla Arnold, Johnson Ronald Johnston, Alicia Clay Jones, Angela Orebaugh, Matthew Scholl, and Kevin Stine.September 2011

    • IT Security Risk Control Management: An Audit Preparation Plan, First Edition
      by Raymond Pompon. Publisher: Apress. (2016)

    • Security Controls Evaluation, Testing, and Assessment Handbook, First Edition
      by Leighton Johnson. Publisher: Syngress. (2015)

    • Kali Linux: Assuring Security
      by Penetration Testing
      by Tedi Heriyanto, Lee Allen, and Shakeel Ali. Publisher: Packt Publishing. (2014)

    • Network Security Assessment: From Vulnerability to Patch, First Edition
      by Steve Manzuik, Andre Gold, and Chris Gatford. Publisher: Syngress. (2006)

    • Software Engineering, New Edition
      by Kassem A. Saleh. Publisher: J. Ross Publishing. (2009)

    • Assessing Information Security: Strategies, Tactics, Logic and Framework, Second Edition
      by A. Vladimirov, K. Gavrilenko, A. Michajlowski. Publisher: IT Governance Publishing. (2015)

    • Business Continuity and Disaster Recovery Planning for IT Professionals, Second Edition
      by Susan Snedaker. Publisher: Syngress. (2013)

    • Disaster Recovery Planning: Preparing for the Unthinkable, Third Edition
      by Jon William Toigo. Publisher:Prentice Hall. (2002)

    • NIST SP 800-61, Rev 2, Computer Security Incident Handling Guide
      by Paul Cichonski,
      Tom Millar, Tim Grance and Karen Scarfone. August 2012

    • Incident Response and Computer Forensics, Second Edition
      by Chris Prosise, Kevin Mandia, and Matt Pepe. Publisher: McGraw-Hill Osborne Media. (2003)

    • Disaster Recovery, Crisis Response, and Business Continuity: A Management Desk Reference, First Edition
      by Jamie Watters and Janet Watters. Publisher: Apress. (2013)

    • NIST 800-64 Rev 2, Security Considerations in the System Development Life Cycle
      by Richard Kissel,
      Kevin Stine, Matthew Scholl, Hart Rossman, Jim Fahlsing and Jessica Gulick. October 2008

    • Building Secure Software: How to Avoid Security Problems the Right Way, First Edition
      by John Viega and Gary R. McGraw. Publisher: Addison-Wesley Professional. (2006)

    • Core Software Security: Security at the Source, First Edition
      by James Ransome and Anmol Misra. Publisher: Auerbach Publications. (2013)

    • Exploiting Software: How to Break Code, First Edition
      by Greg Hoglund and Gary McGraw. Publisher: Addison-Wesley Professional. (2004)

    • NIST SP 800-63b, Digital Identity Guidelines: Authentication and Lifecycle Management
      by Paul A. Grassi,
      James L. Fenton, Elaine M. Newton, Ray A. Perlner, Andrew R. Regenscheid, William E. Burr and Justin P. Richer. Privacy Authors: Naomi B. Lefkovitz and Jamie M. Danker. Usability Authors: Yee-Yin Choong, Kristen K. Greene and Mary F. Theofanos. June 2017

    • Software Security: Building Security In, First Edition
      by Gary McGraw. Publisher: Addison-Wesley Professional. (2006)
  • CAP CAP
    • Official (ISC)² Guide to the CAP CBK, Second Edition
      by Patrick Howard. Publisher: Auerbach Publications. (2012)

    • NIST SP 800-39, Managing Information Security Risk
      by Joint Task Force Transformation Initiative. March 2011

    • NIST SP 800-30 Rev 1, Guide for Conducting Risk Assessments
      by Joint Task Force Transformation Initiative. September 2012

    • NIST 800-53 Rev 4, Security and Privacy Controls for Federal Information Systems and Organizations
      by Joint Task Force Transformation Initiative. April 2013

    • NIST SP 800-18 Rev 1, Guide for Developing Security Plans for Federal Information Systems
      by Marianne Swanson, Joan Hash, and Pauline Bowen. February 2006

    • NIST FIPS-199, Federal Information Processing Standards Publication Standards for Security Categorization of Federal Information and Information Systems
      by Computer Security Division.February 2004

    • NIST SP 800-60 Vol 1, Rev 1, Guide for Mapping Types of Information and Information Systems to Security Categories
      by Kevin Stine, Rich Kissel, William C. Barker, Jim Fahlsing and Jessica Gulick.August 2008

    • NIST SP 800-137, Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations
      by Kelley Dempsey, Nirali Shah, Chawla Arnold, Johnson Ronald Johnston, Alicia Clay Jones, Angela Orebaugh, Matthew Scholl, and Kevin Stine. September 2011

    • NIST SP 800-115, Technical Guide to Information Security Testing and Assessment
      by Karen Scarfone, Murugiah Souppaya, Amanda Cody, and Angela Orebaugh. September 2008

    • NIST SP 800-37 Rev 2, Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy
      by Joint Task Force. December 2018

    • NIST 800-64 Rev 2, Security Considerations in the System Development Life Cycle
      by Richard Kissel, Kevin Stine, Matthew Scholl, Hart Rossman, Jim Fahlsing, and Jessica Gulick. October 2008
  • CCSP CCSP
    • Official (ISC)² Guide to the CCSP CBK, Second Edition
      by Adam Gordon (Editor). Publisher: Sybex. (2016)

    • Security Guidance for Critical Areas of Focus in Cloud Computing, v4.0
      by Cloud Security Alliance (CSA). July 2017

    • Architecting the Cloud: Design Decisions for Cloud Computing Service Models (SaaS, PaaS, and IaaS), First Edition
      by Michael J. Kavis. Publisher: Wiley Publishing, Inc. (2014)

    • Cloud Security: A Comprehensive Guide to Secure Cloud Computing, First Edition,
      by Ronald L. Krutz and Russell Dean Vines. Publisher: Wiley Publishing, Inc. (2010)

    • ISO/IEC 17788:2014, Information technology – Cloud computing – Overview and vocabulary. Published: ISO/IEC. (2014)

    • Information Security: The Complete Reference, Second Edition
      by M. Rhodes-Ousley. Publisher:McGraw-Hill Education. (2013)

    • Enterprise Security: A Data-Centric Approach to Securing the Enterprise
      by Aaron Woody. Publisher: Packt Publishing Ltd. (2013)

    • SecaaS Category 8, Encryption Implementation Guidance. Publisher: Cloud Security Alliance (CSA). October 2017

    • Business Continuity and Disaster Recovery Planning for IT Professionals, Second Edition
      by Susan Snedaker. Publisher: Syngress. (2013)

    • NIST SP 800-34 Rev 1, Contingency Planning Guide for Federal Information Systems
      by Marianne Swanson,
      Pauline Bowen, Amy Wohl Phillips, Dean Gallup, and David Lynes. November 2010

    • Best Practices for Mitigating Risks in Virtualized Environments
      by Cloud Security Alliance (CSA). April 2015

    • Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance (Theory in Practice), First Edition
      by Tim Mather, Subra Kumaraswamy, and Shahed Latif. Publisher: O'Reilly Media, Inc.

    • Federated Identity Primer, First Edition
      by Derrick Rountree. Publisher: Syngress. (2012)

    • Security in Computing, Fifth Edition
      by Charles Pfleeger, Shari Pfleeger, and Jonathan Margulies. Publisher: Pearson Education, Inc. (2015)

    • Cloud Computing Design Patterns, First Edition
      by Thomas Erl, Robert Cope, and Amin Naserpour. Publisher: Prentice Hall. (2015)

    • Computer and Information Security Handbook, Third Edition
      by John R. Vacca. Publisher: Kaufmann. Publishers. (2017)

    • CSA Guide to Cloud Computing: Implementing Cloud Privacy and Security, First Edition
      by Raj Samani, Jim Reavis, and Brian Honan. Publisher: Syngress. (2014)
  • SSCP SSCP
    • Fundamentals of Information Systems Security, Second Edition
      by David Kim and Michael G. Solomon. Publisher:Jones & Bartlett Learning. (2013)

    • The Official (ISC)² Guide to the SSCP CBK, Fourth Edition
      by Adam Gordon and Steven Hernandez. Publisher: Sybex. (2016)

    • Defending Your Digital Assets Against Hackers, Crackers, Spies, and Thieves Paperback
      by Randall K. Nichols, Daniel J. Ryan, Julie J.C.H. Ryan, and Arthur W., Jr. Coviello. Publisher: McGraw-Hill Osborne Media. (2000)

    • Authentication: From Passwords to Public Keys, First Edition
      by Richard E. Smith. Publisher: Addison-Wesley Longman Publishing Co., Inc. (2001)

    • Network Security Essentials: Applications and Standards, Sixth Edition
      by William Stallings. Publisher: Pearson Education, Inc. (2003)

    • Computer Security Handbook, Fifth Edition
      by Seymour Bosworth, M. E. Kabay, and Eric Whyne. Publisher: John Wiley & Sons, Inc. (2009)

    • Information Security Management Handbook, Sixth Edition
      by Harold F. Tipton and Micki Krause. Publisher: CRC Press. (2007)

    • (ISC)² Code of Ethics, (2019)

    • Writing Information Security Policies, First Edition
      by Scott Barman. Publisher: New Riders Publishing. (2001)

    • Network Security Assessment: From Vulnerability to Patch, First Edition
      by Steve Manzuik, Andre Gold, and Chris Gatford. Publisher: Syngress. (2006)

    • Fundamentals of Risk and Insurance, 11th Edition
      by Emmett J. Vaughan and Therese M. Vaughan. Publisher:Wiley. (2013)

    • Disaster Recovery Planning: Preparing for the Unthinkable, Third Edition
      by Jon William Toigo. Publisher:Prentice Hall. (2002)

    • NIST SP 800-34 Rev 1, Contingency Planning Guide for Federal Information Systems
      by Marianne Swanson, Pauline Bowen, Amy Wohl Phillips, Dean Gallup, and David Lynes.November 2010

    • Business Continuity and Disaster Recovery for InfoSec Managers, First Edition
      by John Rittinghouse and James Ransome. Publisher:Elsevier, Digital Press. (2005)

    • File System Forensic Analysis, First Edition
      by Brian Carrier. Publisher:Addison-Wesley Professional. (2015)

    • Applied Cryptography: Protocols, Algorithms and Source Code in C, 20th Anniversary Edition, Second Edition
      by Bruce Schneier. Publisher: Wiley. (2015)

    • NIST SP 800-12 Rev 1, An Introduction to Information Security
      by Michael Nieles, Kelley Dempsey, and Victoria Pillitteri. June 2017

    • SSL VPN: Understanding, Evaluating and Planning Secure, Web-based Remote Access
      by Joseph Steinberg and Tim Speed. Publisher: Packt Publishing Ltd. (2005)

    • Hackproofing Your Wireless Network, First Edition
      by Eric Ouellet and Neal O'Farrell. Publisher: Syngress Publishing. (2002)

    • Practical Unix & Internet Security, Third Edition
      by Simson Garfinkel, Gene Spafford, and Alan Schwartz. Publisher: O'Reilly Media, Inc. (2003)

    • Securing VoIP: Keeping Your VoIP Network Safe, First Edition
      by Regis J. Jr (Bud) Bates. Publisher: Syngress. (2014)

    • Exploiting Software: How to Break Code, First Edition
      by Greg Hoglund and Gary McGraw. Publisher: Addison-Wesley Professional. (2004)

    • Malware: Fighting Malicious Code
      by Ed Skoudis and Lenny Zeltser. Publisher: Prentice Hall Professional. (2003)

    • Guide to Computer Viruses: How to Avoid Them, How to Get Rid of Them, and How to Get Help, Second Edition
      by Robert Slade. Publisher: Springer. (1996)

    • Viruses Revealed: Understand and Counter Malicious Software
      by David Harley and Urs E. Gattiker. Publisher: McGraw-Hill Osborne Media. (2001)
  • CSSLP CSSLP
    • Official (ISC)² Guide to the CSSLP CBK, Second Edition
      by Paul Mano. Publisher: Auerbach Publications. (2013)

    • Building Secure Software: How to Avoid Security Problems the Right Way, First Edition
      by John Viega and Gary R. McGraw. Publisher: Addison-Wesley Professional. (2006)

    • Auditing IT Infrastructures for Compliance, Second Edition
      by Martin Weiss and Michael Solomon. Publisher: Jones & Bartlett Learning. (2015)

    • Information Security: Principles and Practices, Second Edition
      by Mark Merkow and Jim Breithaupt. Publisher: Pearson IT Certification. (2014)

    • RBAC Standard Rationale: Comments on "A Critique of the ANSI Standard on Role Based Access Control"
      by David Ferraiolo, David Kuhn, and Ravi Sandhu Published in: IEEE Security & Privacy (Volume: 5, Issue: 6, Nov-Dec 2007)

    • Mastering the Requirements Process: Getting Requirements Right, Third Edition
      by Suzanne Robertson and James Robertson. Publisher: Addison-Wesley Professional. (2012)

    • The Complete Book of Data Anonymization: From Planning to Implementation, First Edition
      by Balaji Raghunathan. Publisher: Auerbach Publications. (2013)

    • Managing Catastrophic Loss of Sensitive Data: A Guide for IT and Security Professionals, First Edition
      by Constantine Photopoulos. Publisher: Syngress. (2008)

    • Enhancing the Development Life Cycle to Produce Secure Software,
      by Karen Goertzel. (November 2008)

    • The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities (Volume 1 of 2), First Edition
      by Mark Dowd, John McDonald and Justin Schuh. Publisher: Addison-Wesley Professional. (2006)

    • Threat Modeling, First Edition
      by Frank Swiderski and Window Snyder. Publisher: Microsoft Press. (2004)

    • SOA Security
      by Ramarao Kanneganti and Prasad Chodavarapu. Publisher: Manning Publications. (2008)

    • Open Web Application Security Project (OWASP): Testing Guide, 4.0. Release
      by
      Andrew Muller, Matteo Meucci, Eoin Keary, and Daniel Cuthbert. (2014)

    • Secure Programming with Static Analysis
      by Brian Chess and Jacob West. Publisher: Addison-Wesley Professional. (2007)

    • Secure and Resilient Software Development, First Edition
      by Mark Merkow and Lakshmikanth Raghavan. Publisher: Auerbach Publications. (2010)

    • Secure Coding in C and C++, Second Edition
      by Robert Seacord. Publisher: Addison-Wesley Professional. (2013)

    • The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws, Second Edition
      by Dafydd Stuttard and Marcus Pinto. Publisher:John Wiley & Sons. (2011)

    • The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities (Volume 1 of 2), First Edition
      by Mark Dowd, John McDonald and Justin Schuh. Publisher: Addison-Wesley Professional. (2006)

    • Fuzzing: Brute Force Vulnerability Discovery, First Edition
      by Michael Sutton, Adam Greene, and Pedram Amini. Publisher: Addison-Wesley Professional. (2007)

    • Penetration Testing: A Survival Guide
      by Wolf Halton, Bo Weaver, Juned Ahmed Ansari, Srinivasa Rao Kotipalli, and Mohammed A. Imran. Publisher: Packt Publishing. (2017)

    • Lessons Learned in Software Testing: A Context-Driven Approach, First Edition
      by Cem Kaner, James Bach, and Bret Pettichord. Publisher: Wiley. (2001)

    • Core Software Security: Security at the Source, First Edition
      by James Ransome and Anmol Misra. Publisher: Auerbach Publications. (2013)

    • Software Security: Building Security In, First Edition
      by Gary McGraw. Publisher: Addison-Wesley Professional. (2006)

    • The Building Security in Maturity Model (BSIMM)
      by Gary McGraw, Ph.D., Sammy Migues, and Jacob West. (2009)

    • Building Secure Software: How to Avoid Security Problems the Right Way, First Edition
      by John Viega and Gary R. McGraw. Publisher: Addison-Wesley Professional. (2006)

    • Writing Secure Code, Second Edition
      by Michael Howard and David LeBlanc. Publisher: Microsoft Press. (2003)

    • NIST SP 800-100, Information Security Handbook: A Guide for Managers
      by Pauline Bowen, Joan Hash, and Mark Wilson. October 2006

    • NIST SP 800-92, Guide to Computer Security Log Management
      by Karen Kent and Murugiah Souppaya. September 2006

    • NISTIR 7622, Notional Supply Chain Risk Management Practices for Federal Information Systems
      by Jon Boyens,
      Celia Paulsen, Nadya Bartol, Rama Moorthy, and Stephanie Shankles. October 2012

    • IT Security Risk Control Management: An Audit Preparation Plan, First Edition
      by Raymond Pompon. Publisher: Apress. (2016)

    • Foundations for Software Assurance
      by Carol Woody, Nancy Mead, and Dan Shoemaker. IEEE (2012)

    • A Practical Guide to Trusted Computing, First Edition
      by David Challener, Kent Yoder, Ryan Catherman, David Safford, and Leendert Van Doorn. Publisher: IBM Press. (2008)

    • NIST SP 800-37 Rev 2, Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy
      by the Joint Task Force. December 2018
  • HCISPP HCISPP
    • Official (ISC)² Guide to the HCISPP CBK, Second Edition
      by Steven Hernandez. Publisher: Auerbach Publications. (2014)

    • Health Insurance Portability and Accountability Act of 1996 (HIPAA) for Professionals
      by the U.S. Department of Health & Human Service. (1996)

    • Health IT JumpStart: The Best First Step Toward an IT Career in Health Information Technology, First Edition
      by Patrick Wilson and Scott McEvoy. Publisher: Sybex. (2011)

    • (ISC)² Code of Ethics, (2019)

    • NIST SP 800-37 Rev 2, Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy
      by the Joint Task Force. December 2018

    • Information Governance for Healthcare Professionals: A Practical Approach, First Edition
      by Robert F. Smallwood. Publisher: Productivity Press. (2018)

    • NIST SP 800-88, Rev 1, Guidelines for Media Sanitization
      by Larry Feldman and Gregory A. Witte.February 2015

    • Computer and Information Security Handbook, Third Edition
      by John Vacca. Publisher: Morgan Kaufmann. (2017)

    • Cybersecurity – Attack and Defense Strategies: Infrastructure security with Red Team and Blue Team tactics
      by Yuri Diogenes and Erdal Ozkaya. Publisher: Packt Publishing. (2018)

    • Health Information Privacy: Breach Notification Rule 45 CFR §§ 164.400-414
      by U.S. Department of Health and Human Services

    • EU General Data Protection Regulation (GDPR): An Implementation and Compliance Guide, Second Edition
      by IT Governance Privacy Team. Publisher: IT Governance Ltd. (2017)

    • Generally Accepted Privacy Principles: CPA and CA Practitioner Version
      by the American Institute of Certified Public Accountants, (AICPA) Inc. and Canadian Institute of Chartered Accountants (CA). (2009)

    • U.S. Department of Health and Human Services: Guidance Regarding Methods for De-identification of Protected Health Information in Accordance with the HIPAA Privacy Rule
      by the U.S. Department of Health and Human Services. June 2013

    • NIST SP 800-66, Rev. 1, An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule
      by Matthew Scholl, Kevin Stine, Joan Hash, Pauline Bowen, Arnold Johnson, Carla Dancy Smith, and Daniel I. Steinberg. October 2008

    • NIST SP 800-30 Rev 1, Guide for Conducting Risk Assessments
      by the Joint Task Force Transformation Initiative. September 2012

    • NIST 800-53 Rev 4, Security and Privacy Controls for Federal Information Systems and Organizations
      by the Joint Task Force Transformation Initiative. April 2013

    • Healthcare Information Security and Privacy, First Edition
      by Sean P. Murphy. Publisher: McGraw-Hill Education. (2015)

    • Data Protection Act 2018. (2018)

    • Federal Register, Vol. 78, No. #17
      by the Office of the Federal Register, National Archives and Records Administration. January 2013
  • CISSP-ISSAP CISSP-ISSAP
    • Biometrics for Network Security
      by Paul Reid. Publisher: Prentice Hall PTR. (2003)

    • Information Security Management Handbook, Sixth Edition
      by Harold F. Tipton and Micki Krause. Publisher: CRC Press. (2007)

    • NIST SP 800-63-3, Digital Identity Guidelines
      by Paul Grassi, Michael Garcia, and James Fenton.June 2017

    • NIST SP 800-34 Rev 1, Contingency Planning Guide for Federal Information Systems
      by Marianne Swanson, Pauline Bowen, Amy Wohl Phillips, Dean Gallup, and David Lynes.November 2010

    • Federated Identity Primer, First Edition
      by Derrick Rountree. Publisher: Syngress. (2012)

    • Build the Best Data Center Facility for Your Business, First Edition
      by Douglas Alger. Publisher: Cisco Press. (2005)

    • Disaster Recovery and Business Continuity, Third Edition
      by BS Thejendra. Publisher: IT Governance Publishing. (2014)

    • Data Center Handbook, First Edition
      by Hwaiyu Geng. Publisher: Wiley. (2014)

    • Official (ISC)² Guide to the CISSP-ISSAP CBK, Second Edition
      by Susan Hansche/. Publisher:Auerbach Publications. (2013)

    • Applied Cryptography: Protocols, Algorithms and Source Code in C, 20th Anniversary Edition, Second Edition
      by Bruce Schneier. Publisher: Wiley. (2015)

    • Inside Network Perimeter Security, Second Edition
      by Stephen Northcutt, Lenny Zeltser, Scott Winters, Karen Kent, and Ronald W. Ritchey. Publisher: Sams Publishing. (2005)

    • Access Control, Authentication, and Public Key Infrastructure, Second Edition
      by Mike Chapple, Bill Ballad, Tricia Ballad, and Erin Banks. Publisher: Jones & Bartlett Learning. (2013)

    • Critical Infrastructure Protection, Risk Management, and Resilience: A Policy Perspective, First Edition
      by Kelley Cronin and Nancy E. Marion. Publisher: CRC Press. (2016)

    • Cloud Storage Security: A Practical Guide, First Edition
      by Aaron Wheeler and Michael Winburn. Publisher: Elsevier. (2015)

    • Network Defense and Countermeasures: Principles and Practices, Third Edition.
      by William (Chuck) Easttom II. Publisher: Pearson IT Certification. (2018)

    • Common Criteria for Information Technology Security Evaluation Common Criteria for Information Technology Security Evaluation, Ver. 3.1, Rev. 5. (2017)

    • NIST SP 800-125, Guide to Security for Full Virtualization Technologies
      by K. Scarfone, M. Souppaya, and P. Hoffman. January 2011

    • Cloud Native Architectures: Design High-Availability and Cost-Effective Applications for the Cloud
      by Tom Laszewski
      by, Kamal Arora, Erik Farr, and Piyum Zonooz. Publisher: Packt Publishing. (2018)

    • Enterprise Security Architecture: A Business-Driven Approach, First Edition
      by John Sherwood, Andrew Clark, and David Lynas. Publisher: CRC Press. (2005)

    • Hacking Exposed Industrial Control Systems: ICS and SCADA Security Secrets & Solutions, First Edition
      by Clint Bodungen, Bryan Singer, Aaron Shbeeb, Kyle Wilhoit, and Stephen Hilt. Publisher: McGraw-Hill Education. (2016)

    • Information Security Handbook: Develop a Threat Model and Incident Response Strategy to Build a Strong Information Security Framework
      by Darren Death. Publisher: Packt Publishing. (2017)

    • Introduction to Business Architecture, First Edition
      by Chris Reynolds. Publisher: Cengage Learning PTR. (2009)

    • NIST 500-292, Cloud Computing Reference Architecture
      by Fang Liu, Jin Tong, Jian Mao, Robert Bohn, John Messina, Lee Badger and Dawn Leaf. September 2011.

    • Agile Application Security: Enabling Security in a Continuous Delivery Pipeline, First Edition
      by Laura Bell, Michael Brunton-Spall, Rich Smith, and Jim Bird. Publisher: O'Reilly Media. (2017)

    • Application Security in the ISO 27001:2013 Environment, Second Edition
      by Vinod Vasudevan, Anoop Mangla, Firosh Ummer, Sachin Shetty, Sangita Pakala, and Siddharth Anbalahan. Publisher: IT Governance Publishing. (2015)

    • Information Assurance and Security Technologies for Risk Assessment and Threat Management: Advances, First Edition
      by Te-Shun Chou. Publisher: IGI Global. (2011)

    • A Proxy-Based Approach to Secure Web Services
      by R. Devdass and A. Gandhirajan. QuinStreet Inc., March 3, 2004
  • CISSP-ISSEP CISSP-ISSEP
    • NIST SP 800-160 Vol. 1, Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems
      by Ron Ross, Michael McEvilley, and Janet Oren. November 2016

    • NIST 800-53 Rev 4, Security and Privacy Controls for Federal Information Systems and Organizations
      by the Joint Task Force Transformation Initiative. April 2013

    • NIST SP 800-37 Rev 2, Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy
      by the Joint Task Force. December 2018

    • NIST SP 800-39, Managing Information Security Risk
      by the Joint Task Force Transformation Initiative. March 2011

    • Introduction to Computer Security, First Edition
      by Matt Bishop. Publisher: Addison-Wesley Professional. (2004)

    • Official (ISC)² Guide to the CISSP-ISSEP CBK, First Edition
      by Susan Hansche. Publisher: Auerbach Publications. (2005)

    • NIST SP 800-30 Rev 1, Guide for Conducting Risk Assessments
      by the Joint Task Force Transformation Initiative. September 2012

    • NIST SP 800-40, Rev. 3, Guide to Enterprise Patch Management Technologies
      by Murugiah Souppaya and Karen Scarfone. July 2013

    • Information Assurance Technical Framework, Rel 3.1. Issued
      by: National Security Agency Information Assurance Solutions Technical Directors. September 2002

    • NIST SP 800-88, Rev 1, Guidelines for Media Sanitization
      by Larry Feldman and Gregory A. Witte.February 2015

    • NIST SP 800-61, Rev 2, Computer Security Incident Handling Guide
      by Paul Cichonski, Tom Millar, Tim Grance, and Karen Scarfone. August 2012

    • A Guide to the Project Management Body of Knowledge (PMBOK® Guide), Sixth Edition
      by Project Management Institute. Publisher: Project Management Institute. (2017)

    • NIST SP 800-161, Supply Chain Risk Management Practices for Federal Information Systems and Organizations
      by Jon Boyens, Celia Paulsen, Rama Moorthy, and Nadya Bartol. April 2015

    • INCOSE Systems Engineering Handbook: A Guide for System Life Cycle Processes and Activities, Fourth Edition
      by INCOSE. Publisher: Wiley. (2015)

    • ISO/IEC 21827:2008, Information technology – Security techniques – Systems Security Engineering – Capability Maturity Model® (SSE-CMM®)
      by ISO/IEC. October 2008
  • CISSP-ISSMP CISSP-ISSMP

       

      • Information Security Management Handbook, Sixth Edition
        by Harold F. Tipton and Micki Krause. Publisher: CRC Press. (2007)

      • Official (ISC)² Guide to the CISSP-ISSMP CBK, Second Edition
        by Joseph Steinber. Publisher:Auerbach Publications. (2015)

      • Building an Information Security Awareness Program: Defending Against Social Engineering and Technical Threats, First Edition
        by Bill Gardner and Valerie Thomas. Publisher: Syngress. (2014)

      • NIST SP 800-55 Rev 1, Performance Measurement Guide for Information Security
        by Elizabeth Chew. July 2008

      • A Practical Guide to Security Assessments, First Edition
        by Sudhanshu Kairab. Publisher: Auerbach Publications. (2005)

      • NIST SP 800-128, Guide for Security-Focused Configuration Management of Information Systems
        by Arnold Johnson, Kelley Dempsey, Ron Ross, Sarbari Gupta, and Dennis Bailey.August 2011

      • Application Security in the ISO 27001:2013 Environment, Second Edition
        by Vinod Vasudevan, Anoop Mangla, Firosh Ummer, Sachin Shetty, Sangita Pakala, and Siddharth Anbalahan. Publisher: IT Governance Publishing. (2015)

      • Security Operations Center: Building, Operating, and Maintaining your SOC, First Edition
        by Joseph Muniz, Gary McIntyre, Nadhem AlFardan. Publisher: Cisco Press. (2015)

      • NIST SP 800-61, Rev 2, Computer Security Incident Handling Guide
        by Paul Cichonski, Tom Millar, Tim Grance, and Karen Scarfone. August 2012

      • Asset Protection and Security Management Handbook, First Edition
        by James Walsh. Publisher: Auerbach Publications. (2002)

      • Computer and Information Security Handbook, Third Edition
        by John Vacca. Publisher: Morgan Kaufmann. (2017)

      • Disaster Recovery Planning: Preparing for the Unthinkable, Third Edition
        by Jon William Toigo. Publisher: Prentice Hall. (2002)

      • NIST SP 800-30 Rev 1, Guide for Conducting Risk Assessments
        by the Joint Task Force Transformation Initiative. September 2012

      • Security Risk Management: Building an Information Security Risk Management Program from the Ground Up, First Edition
        by Evan Wheeler. Publisher: Syngress. (2011)

      • Forensic Computer Crime Investigation (International Forensic Science and Investigation), First Edition
        by Thomas A. Johnson. Publisher: CRC Press. (2005)

      • Disaster Recovery, Crisis Response, and Business Continuity: A Management Desk Reference, First Edition
        by Jamie Watters and Janet Watters. Publisher: Apress. (2013)

      • NIST SP 800-34 Rev 1, Contingency Planning Guide for Federal Information Systems
        by Marianne Swanson, Pauline Bowen, Amy Wohl Phillips, Dean Gallup, and David Lynes.November 2010

      • Business Continuity and Disaster Recovery Planning for IT Professionals, Second Edition
        by Susan Snedaker. Publisher: Syngress. (2013)

      • Disaster Recovery Planning: Preparing for the Unthinkable, Third Edition
        by Jon William Toigo. Publisher: Prentice Hall. (2002)

      • (ISC)² Code of Ethics, (2019)

      • PCI DSS - Quick Reference Guide: Understanding the Payment Card Industry, Data Security Standard ver. 3.2.1, Quick Reference Guide
        by PCI Security Standards Council. (July 2018)
OK