Top of Page
 

CBK Suggested References

This reference list is not intended to be an all-inclusive collection representing the respective certifications Common Body of Knowledge (CBK). Its purpose is to provide candidates a starting point for their studies in domains which need supplementary learning in order to complement their associated level of work and academic experience. Candidates may also consider other references, which are not on this list but adequately cover domain content.

Note: (ISC)² does not endorse any particular text or author and does not imply that any or all references be acquired or consulted. (ISC)² does not imply nor guarantee that the study of these references will result in an examination pass.

 

  • CISSP CISSP

    • A Practical Guide to TPM 2.0: Using the New Trusted Platform Module in the New Age of Security by Will Arthur, David Challener. Publisher: Apress. (Jan, 2015).

    • Access Control, Authentication, and Public Key Infrastructure, 2nd Ed. by Mike Chapple, Bill Ballad, Tricia Ballad and Erin Banks. Publisher: Jones and Bartlett Learning. (Jul, 2013).

    • Advanced Persistent Training: Take Your Security Awareness Program to the Next Level by Jordan Schroeder. Publisher: Apress. (Jun, 2017).

    • Agile Development in the Real World by Alan Cline. Publisher: Apress. (Dec, 2015).

    • Applied Cryptography: Protocols, Algorithms and Source Code in C, 20th Anniversary Ed. by Bruce Schneier. Publisher: Wiley. (Mar, 2015).

    • Applied Network Security by Arthur Salmon, Warun Levesque, Michael McLafferty. Publisher: Packt Publishing. (Apr, 2017).

    • Asset Attack Vectors: Building Effective Vulnerability Management Strategies to Protect Organizations by Morey J. Haber, Brad Hibbert. Publisher: Apress. (Jun, 2018).

    • Building Secure Software: How to Avoid Security Problems the Right Way, 1st Ed. by John Viega. Publisher: Addison-Wesley Professional. (Oct, 2001).

    • Business Continuity and Disaster Recovery Planning for IT Professionals, 2nd Ed. by Susan Snedaker. Publisher: Syngress. (Sep, 2013).

    • Cloud Computing: SaaS, PaaS, IaaS, Virtualization, Business Models, Mobile, Security and More by Kris Jamsa. Publisher: Jones & Bartlett Publishers. (April, 2012).

    • CMMI for Development: Guidelines for Process Integration and Product Improvement, 3rd Ed. by Sandra Shrum, Mary Beth Chrissis and Mike Konrad. Publisher: Apress. (Mar, 2011).

    • Computer and Information Security Handbook, 3rd Ed. by John Vacca. Publisher: Morgan Kaufmann. (May, 2017).

    • Computer Security Handbook, 6th Ed. by Seymour Bosworth, Eric Whyne, M.E. Kabay. Publisher: Wiley. (Mar, 2014).

    • Defensive Security Handbook by Lee Brotherston, Amanda Berlin. Publisher: O'Reilly Media, Inc. (Apr, 2017).

    • Developing Cybersecurity Programs and Policies, 3rd Ed. by Omar Santos, Sari Greene. Publisher: Pearson IT Certification. (Aug, 2018).

    • Disaster Recovery, Crisis Response, and Business Continuity: A Management Desk Reference by Jamie Watters, Janet Watters. Publisher: Apress. (Dec, 2013).

    • Embedded Systems Security: Practical Methods for Safe and Secure Software and Systems Development, 1st Edition by David Kleidermacher, Mike Kleidermacher. Publisher: Newnes. (Mar, 2012).

    • Ethical Hacking and Penetration Testing Guide by Rafay Baloch. Publisher: Auerbach Publications. (Sep, 2017).

    • EU General Data Protection Regulation (GDPR): An Implementation and Compliance Guide, 4th Ed. by IT Governance Privacy Team. Publisher: IT Governance Ltd. (Oct, 2020).

    • Federated Identity Primer, 1st Ed. by Derrick Rountree. Publisher: Syngress. (Dec, 2012).

    • Foundations of Information Security: A Straightforward Introduction by Jason Andress. Publisher: William Pollock. (Oct, 2019).

    • Fundamentals of Information Systems Security, 4th Ed. by David Kim, Michael G. Solomon. Publisher: Jones & Bartlett Publishers. (Nov, 2021).

    • Identity and Access Management: Business Performance Through Connected Intelligence, 1st Ed. by Ertem Osmanoglu. Publisher: Syngress. (Nov, 2013).

    • Identity Attack Vectors: Implementing an Effective Identity and Access Management Solution by Darran Rolls, Morey J. Haber. Publisher: Apress. (Dec, 2019).

    • Information Assurance Handbook: Effective Computer Security and Risk Management Strategies, 1st Ed. by Corey Schou and Steven Hernandez. Publisher: McGraw-Hill Education. (Sep, 2014).

    • Information Security Management Handbook, Vol. 6, 6th Ed. by Harold F. Tipton and Micki Krause Nozaki. Publisher: Auerbach Publications. (Apr, 2016).

    • ISO/IEC 27001:2013 Information Technology — Security Techniques — Information Security Management Systems — Requirements by ISO/IEC. (Oct, 2013).

    • Introduction to Computer Networks and Cybersecurity, 1st Edition  by J. Chwan-Hwa Wu, David Irwin. Publisher: CRC Press. (Apr, 2016).

    • IT Auditing Using Controls to Protect Information Assets, 3rd Edition by Mike Kegerreis, Mike Schiller, Chris Davis. Publisher: McGraw-Hill Education. (Oct, 2019).

    • Linux Hardening in Hostile Networks: Server Security from TLS to Tor by Kyle Rankin. Publisher: Addison-Wesley Professional. (July, 2017).

    • Network Security, Firewalls, and VPNs, 3rd Edition by J. Michael Stewart, Denise Kinsey. Publisher: Jones & Bartlett Learning. (Oct, 2020).

    • Network Vulnerability Assessment: Identify Security Loopholes in Your Network's Infrastructure by Sagar Rahalkar. Publisher: Packt Publishing. (Aug, 2018).

    • NIST SP 800-53, Rev. 5, Security and Privacy Controls for Information Systems and Organizations by Joint Task Force Transformation Initiative. (Sep, 2020).

    • NIST FIPS-199, Standards for Security Categorization of Federal Information and Information Systems by U.S. Dept. of Commerce. (Feb, 2004).

    • NIST SP 800-115, Technical Guide to Information Security Testing and Assessment by Karen Scarfone, Murugiah Souppaya, Amanda Cody, Angela Orebaugh. (Sep, 2008).

    • NIST SP 800-122, Guide to Protecting the Confidentiality of Personally Identifiable Information (PII) by Erika McCallister, Tim Grance, Karen Scarfone. (Apr, 2010).

    • NIST SP 800-137, Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations by Kelley Dempsey, Nirali Shah Chawla, Arnold Johnson, Ronald Johnston, Alicia Clay Jones, Angela Orebaugh, Matthew Scholl, Kevin Stine. (Sep, 2011).

    • NIST SP 800-153, Guidelines for Securing Wireless Local Area Networks (WLANS) by Murugiah Souppaya, Karen Scarefone. (Feb, 2012).

    • NIST SP 800-160, Vol. 1, Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems by Ron Ross, Michael McEvilley, Janet Carrier Oren. (Mar, 2018).

    • NIST SP 800-162, Guide to Attribute Based Access Control (ABAC) Definition and Considerations by Vincent Hu, David Ferraiolo, Rick Kuhn, Adam Schnitzer, Kenneth Sandlin, Robert Miller, Karen Scarfone. (Jan, 2014).

    • NIST SP 800-34 Rev. 1, Contingency Planning Guide for Federal Information Systems by Marianne Swanson, Pauline Bowen, Amy Wohl Phillips, Dean Gallup, David Lynes. (May, 2010).

    • NIST SP 800-37, Rev. 2, Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy by Joint Task Force Transformation Initiative. (Dec, 2018).

    • NIST SP 800-41, Revision 1, Guidelines on Firewalls and Firewall Policy by Karen Scarfone, Paul Hoffman. (Sep, 2009).

    • NIST SP 800-61, Rev. 2, Computer Security Incident Handling Guide by Paul Cichonski, Tom Millar, Tim Grance, Karen Scarfone. (Aug, 2012).

    • NIST SP 800-63-3, Digital Identity Guidelines: Enrollment and Identity Proofing by Paul A. Grassi, James L. Fenton, Naomi B. Lefkovitz, Jamie M. Danker, Yee-Yin Choong, Kristen K. Greene, Mary F. Theofanos. (Jun, 2017).

    • NIST SP 800-82, Rev. 2, Guide to Industrial Control Systems (ICS) Security by Keith Stouffer, Victoria Pillitteri, Suzanne Lightman, Marshall Abrams, Adam Hahn. (May, 2015).

    • NIST SP 800-88, Guidelines for Media Sanitization by Richard Kissel, Andrew Regenscheid, Matthew Scholl, Kevin Stine. (Dec, 2014).

    • NIST SP 800-95, Guide to Secure Web Services by Anoop Singhal, Theodore Winograd, Karen Scarfone. (Aug, 2007).


    • Payment Card Industry Data Security Standards, Requirements and Security Assessment Procedures, Version 3.2.1 by PCI Security Standards Council. Publisher: PCI Security Standards Council, LLC. (May, 2018).

    • Security Controls Evaluation, Testing, and Assessment Handbook by Leighton Johnson. Publisher: Syngress. (Dec, 2015).

    • CSA Security Guidance for Critical Areas of Focus in Cloud Computing v4.0 by Rich Mogull, James Arlen, Adrian Lane, Gunnar Peterson, Mike Rothman, David Mortman. Publisher: Cloud Security Alliance. (Jul, 2017).

    • Security in Computing, 5.0 by Charles Pfleeger, Shari Pfleeger, Jonathan Margulies. Publisher: Pearson.  (Jan, 2015).

    • Security Program and Policies: Principles and Practices, 2nd Ed. by Sari Greene. Publisher: Pearson IT Certification. (Mar, 2014).

    • Security Risk Assessment: Managing Physical and Operational Security by John M. White. Publisher: Butterworth-Heinemann. (Jul, 2014).

    • Supply Chain Risk Management: An Emerging Discipline by Gregory L. Schlegel, Robert J. Trent. Publisher: CRC Press. (Apr, 2016).

    • The Basics of Digital Forensics: The Primer for Getting Started in Digital Forensics, 2nd Ed. by John Sammons. Publisher: Syngress. (Dec, 2014).

    • The Complete Guide to Physical Security by Paul R. Baker and Daniel J. Benny. Publisher: Auerbach Publications. (April 2016).

    • The Disaster Recovery Handbook, 3rd Ed. by Michael Wallace, Lawrence Webber. Publisher: AMACOM. (Dec, 2017).

    • Threat Modeling: Designing for Security, 1st Ed. by Adam Shostack. Publisher: Wiley. (Feb, 2014).

    • Validating Your Business Continuity Plan: Ensuring your BCP actually works by Robert Clark. Publisher: IT Governance Publishing. (Nov, 2015).

    • Zero Trust Networks: Building Secure Systems in Untrusted Networks by Evan Gilman, Doug Barth. Publisher: O'Reilly. (Jul, 2017).
  • CAP CAP
    • NIST FIPS-199, Standards for Security Categorization of Federal Information and Information Systems by U.S. Dept. of Commerce. (Feb, 2004).

    • NIST SP 800-115, Technical Guide to Information Security Testing and Assessment by Karen Scarfone, Murugiah Souppaya, Amanda Cody, Angela Orebaugh. (Sep, 2008).

    • NIST SP 800-137, Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations by Kelley Dempsey, Nirali Shah Chawla, Arnold Johnson, Ronald Johnston, Alicia Clay Jones, Angela Orebaugh, Matthew Scholl, Kevin Stine. (Sep, 2011).

    • NIST SP 800-160, Vol. 1, Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems by Ron Ross, Michael McEvilley, Janet Carrier Oren. (Mar, 2018).

    • NIST SP 800-18, Rev. 1, Guide for Developing Security Plans for Federal Information Systems by Marianne Swanson, Joan Hash, Pauline Bowen. (Feb, 2006).

    • NIST SP 800-30, Rev. 1, Guide for Conducting Risk Assessments by Joint Task Force Transformation Initiative. (Sep, 2012).

    • NIST SP 800-37, Rev. 2, Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy by Joint Task Force Transformation Initiative. (Dec, 2018).

    • NIST SP 800-39, Managing Information Security Risk: Organization, Mission, and Information System View by Joint Task Force Transformation Initiative (Mar, 2011).

    • NIST SP 800-53, Rev. 5, Security and Privacy Controls for Information Systems and Organizations by Joint Task Force Transformation Initiative. (Sep, 2020).

    • NIST SP 800-53B, Control Baselines for Information Systems and Organizations by Joint Task Force Transformation Initiative (Oct, 2020).

    • NIST SP 800-60, Vol. 1, Rev. 1, Guide for Mapping Types of Information and Information Systems to Security Categories by Kevin Stine, Rich Kissel, William C. Barker, Jim Fahlsing, Jessica Gulick. (Aug, 2008).

    • NIST SP 800-70, Rev. 4, National Checklist Program for IT Products: Guidelines for Checklist Users and Developers by Stephen D. Quinn, Murugiah Souppaya, Melanie Cook, Karen Scarfone. (Feb, 2018).

    • NIST SP 800-88, Guidelines for Media Sanitization by Richard Kissel, Andrew Regenscheid, Matthew Scholl, Kevin Stine. (Dec, 2014).

  • CCSP CCSP
    • Architecting Cloud Computing Solutions by Kevin L. Jackson and Scott Goessling. Publisher: Packt Publishing. (May, 2018).

    • Architecting the Cloud: Design Decisions for Cloud Computing Service Models (SaaS, PaaS, and IaaS) by Michael Kavis. Publisher: Wiley. (Jan, 2014).

    • Best Practices for Mitigating Risks in Virtualized Environments by Abhik Chaudhuri, Heberto Ferrer, Hemma Prafullchandra, J.D. Sherry, Kelvin Ng, Xiaoyu, Ge, Yao Sing, Tao, Yiak Por, Heng. Publisher: Cloud Security Alliance. (Apr, 2015).

    • Business Continuity and Disaster Recovery Planning for IT Professionals, 2nd Ed. by Susan Snedaker. Publisher: Syngress. (Sep, 2013).

    • Cloud Computing: Concepts, Technology & Architecture by Zaigham Mahmood, Ricardo Puttini, Thomas Erl. Publisher: Pearson. (May, 2013).

    • CSA Guide to Cloud Computing: Implementing Cloud Privacy and Security by Brian Honan, Jim Reavis, Raj Samani. Publisher: Syngress. (Sep, 2014).

    • CSA Security Guidance for Critical Areas of Focus in Cloud Computing v4.0 by Rich Mogull, James Arlen, Adrian Lane, Gunnar Peterson, Mike Rothman, David Mortman. Publisher: Cloud Security Alliance. (Jul, 2017).

    • Data Governance: The Definitive Guide by Evren Eryurek, Uri Gilad, Valliappa Lakshmanan, Anita Kibunguchy-Grant, Jessi Ashdown. Publisher: O'Reilly Media, Inc. (Mar, 2021).

    • EU General Data Protection Regulation (GDPR): An Implementation and Compliance Guide, 4th Ed. by IT Governance Privacy Team. Publisher: IT Governance Ltd. (Oct, 2020).

    • Fundamentals of Information Systems Security, 4th Ed. by David Kim, Michael G. Solomon. Publisher: Jones & Bartlett Publishers. (Nov, 2021).

    • Incident Response in the Age of Cloud: Techniques and best practices to effectively respond to cybersecurity incidents by Erdal Ozkaya. Publisher: Packt Publishing. (Feb, 2021).

    • Information Security: The Complete Reference, 2.0 by Mark Rhodes-Ousley. Publisher: McGraw-Hill Education. (Apr, 2013).

    • Practical Cloud Security: A Guide for Secure Design and Deployment by Chris Dotson. Publisher: O'Reilly Media. (Mar, 2019).

    • Securing Web Applications by Stephen Gates, Allan Liska. Publisher: O'Reilly Media, Inc. (Jul, 2018).

    • Security in Computing, 5.0 by Charles Pfleeger, Shari Pfleeger, Jonathan Margulies. Publisher: Pearson.  (Jan, 2015).

    • Security, Privacy, and Digital Forensics in the Cloud by Lei Chen, Hassan Takabi, Nhien-An Le-Khac. Publisher: Wiley. (Apr, 2019).

    • Official (ISC)² Guide to the CCSP CBK, 3rd Ed. by Leslie Fife, Aaron Kraus, Bryan Lewis. Publisher: Sybex. (July, 2021).
  • SSCP SSCP

    • Access Control and Identity Management, 3rd Ed. by Mike Chapple. Publisher: Jones and Bartlett Learning. (Sep, 2020).

    • Access Control, Authentication, and Public Key Infrastructure, 2nd Ed. by Mike Chapple, Bill Ballad, Tricia Ballad and Erin Banks. Publisher: Jones and Bartlett Learning. (Jul, 2013).

    • Applied Cryptography: Protocols, Algorithms and Source Code in C, 20th Anniversary Ed. by Bruce Schneier. Publisher: Wiley. (Mar, 2015).

    • Building an Information Security Awareness Program, 1st Ed. by Bill Gardner and Valerie Thomas. Publisher: Syngress. (Aug, 2014).

    • Business Continuity and Disaster Recovery Planning for IT Professionals, 2nd Ed. by Susan Snedaker. Publisher: Syngress. (Sep, 2013).

    • Cisco ASA: All-in-One Next Generation Firewall, IPS, and VPN Services 3rd Ed. by Jazib Frahim and Omar Santos. Publisher: Cisco Press. (Apr, 2014).

    • Computer and Information Security Handbook, 3rd Ed. by John Vacca. Publisher: Morgan Kaufmann. (May, 2017).

    • Computer Security Fundamentals, 4th Ed. by Chuck Easttom. Publisher: Pearson IT Certification. (Oct, 2019).

    • Cryptography and Network Security Principles and Practice, 6th Ed. by William Stallings. Publisher: Pearson. (Mar, 2013).

    • Cryptography InfoSec Pro Guide by Sean-Philip Oriyano. Publisher McGraw-Hill. (Aug, 2013).

    • Cybersecurity - Attack and Defense Strategies, 2nd Ed. by Erdal Ozkaya and Yuri Diogenes. Publisher: Packt Publishing. (Dec, 2019).

    • Cybersecurity Incident Response: How to Contain, Eradicate, and Recover from Incidents by Eric C. Thompson. Publisher: Apress. (Sep, 2018).

    • Digital Forensics and Incident Response, 2nd Ed. by Gerard Johansen. Publisher: Packt Publishing. (Jan, 2020).

    • Fundamentals of Information Systems Security, 4th Ed. by David Kim, Michael G. Solomon. Publisher: Jones & Bartlett Publishers. (Nov, 2021).

    • Identity and Access Management: Business Performance Through Connected Intelligence, 1st Ed. by Ertem Osmanoglu. Publisher: Syngress. (Nov, 2013).

    • Network Defense and Countermeasures: Principles and Practices, 3rd Ed. by Chuck Easttom. Publisher: Pearson IT Certification (Apr, 2018).

    • NIST SP 800-61, Rev. 2, Computer Security Incident Handling Guide by Paul Cichonski, Tom Millar, Tim Grance, Karen Scarfone. (Aug, 2012).

    • Securing VoIP, 1st Ed. by Regis Bates. Publisher: Syngress. (Nov, 2014).

    • Security Controls Evaluation, Testing, and Assessment Handbook by Leighton Johnson. Publisher: Syngress. (Dec, 2015).

    • Official (ISC)² SSCP CBK Reference, 5th Ed. by Mike Wills. Publisher: Sybex. (Dec, 2019).
  • CSSLP CSSLP
    • 9 Software Security Design Principles by Todd Merritt. (Jan, 2013).

    • A Guide to Building Secure Web Applications and Web Services 2.0 Black Hat Ed. by Abraham Kang, Adrian Wiesmann, Alex Russell, Amit Klein, Andrew van der Stock, Brian Greidanus, Christopher Todd, Darrel Grundy, David Endler, Denis Piliptchouk, Dennis Groves, Derek Browne, Eoin Keary, Ernesto Arroyo, Frank Lemmon, Gene McKenna, Hal Lockhart, Izhar By-Gad, Jeremy Poteet, José Pedro Arroyo, K.K. Mookhey, Kevin McLaughlin, Mark Curphey, Martin Eizner, Michael Howard, Mikael Simonsson, Neal Krawetz, Nigel Tranter, Raoul Endres, Ray Stirbei, Richard Parke, Robert Hansen, Roy McNamara, Steve Taylor, Sverre Huseby, Tim Smith, William Hau. Publisher: OWASP. (Jul, 2005).

    • A Practical Guide to TPM 2.0: Using the New Trusted Platform Module in the New Age of Security by Will Arthur, David Challener. Publisher: Apress. (Jan, 2015).

    • A Structured Analysis of SQL Injection Runtime Mitigation Techniques by Stu Steiner, Daniel Conte de Leon, Jim Alves-Foss. Publisher: Proceedings of the 50th Hawaii International Conference on System Sciences. (Sep, 2017).

    • Agile Application Security by Laura Bell, Rich Smith, Michael Brunton-Spall, Jim Bird. Publisher: O’Reilly Media, Inc. (Jun, 2017).

    • Application Security in the ISO 27001:2013 Environment by Vinod Vasudevan. Publisher: IT Governance Publishing. (Oct, 2015).

    • Auditing IT Infrastructures for Compliance, 2nd Ed. by Martin Weiss. Publisher: Jones & Bartlett Publishers. (Jul, 2015).

    • Building Secure Software: How to Avoid Security Problems the Right Way, 1st Ed. by John Viega. Publisher: Addison-Wesley Professional. (Oct, 2001).

    • Business Continuity and Disaster Recovery Planning for IT Professionals, 2nd Ed. by Susan Snedaker. Publisher: Syngress. (Sep, 2013).

    • Computer and Information Security Handbook, 3rd Ed. by John Vacca. Publisher: Morgan Kaufmann. (May, 2017).

    • Core Software Security: Security at the Source by Anmol Misra, James F. Ransome. Publisher: CRC Press. (Oct, 2018).

    • Enterprise Software Security: A Confluence of Disciplines by Kenneth R. van Wyk, Mark G. Graff, Dan S. Peters, Diana L. Burley. Publisher: Addison-Wesley Professional. (Dec, 2014).

    • Implementing Database Security and Auditing by Ron Ben-Natan. Publisher: Elsevier Digital Press. (May, 2005).

    • IT Security Risk Control Management: An Audit Preparation Plan by Raymond Pompon. Publisher: Apress. (Sep, 2016).

    • Lessons Learned in Software Testing: A Context-Driven Approach by Bret Pettichord, Cem Kaner, James Marcus Bach. Publisher: Wiley. (Dec, 2001).

    • Logging and Log Management by A. Chuvakin, K. Schmidt. Publisher: Syngress. (Dec, 2012).

    • Mastering the Requirements Process: Getting Requirements Right v3.0 by S. Robertson, J. Robertson. Publisher: Addison-Wesley Professional. (Aug, 2012).

    • NIST SP 800-60, Vol. 1, Rev. 1, Guide for Mapping Types of Information and Information Systems to Security Categories by Kevin Stine, Rich Kissel, William C. Barker, Jim Fahlsing, Jessica Gulick. (Aug, 2008).

    • NIST IR 7622, Notional Supply Chain Risk Management Practices for Federal Information Systems by Jon Boyens, Celia Paulsen, Nadya Bartol, Stephany A. Shankles, Rama Moorthy. (Oct, 2012).


    • Penetration Testing: A Survival Guide by W. Halton, B. Weaver, J. Ansari, S. Kotipalli, M. Imran. Publisher: Packt Publishing. (Jan, 2017).
  • HCISPP HCISPP

    • CSA Security Guidance for Critical Areas of Focus in Cloud Computing v4.0 by Rich Mogull, James Arlen, Adrian Lane, Gunnar Peterson, Mike Rothman, David Mortman. Publisher: Cloud Security Alliance. (Jul, 2017).

    • Developing Cybersecurity Programs and Policies, 3rd Ed. by Omar Santos, Sari Greene. Publisher: Pearson IT Certification. (Aug, 2018).

    • Disclosures for Public Health Activities 45 CFR 164.512(b). by OCR HIPAA Privacy. (Apr, 2003).

    • EU General Data Protection Regulation (GDPR): An Implementation and Compliance Guide, 4th Ed. by IT Governance Privacy Team. Publisher: IT Governance Ltd. (Oct, 2020).

    • Federal Register / Vol. 78, No. 17 by Office of the Federal Register. (Jan, 2013).

    • Health IT JumpStart by Patrick Wilson and Scott McEvoy. Publisher: Sybex. (Nov, 2011).

    • Healthcare Information Security and Privacy by Sean Murphy. Publisher: McGraw-Hill. (Jan, 2015).

    • Information Governance for Healthcare Professionals by Robert F. Smallwood. Publisher: Productivity Press. (Sep, 2018).

    • Information Governance; Concepts, Strategies, and Best Practices, 2nd Ed. by Robert F. Smallwood. Publisher: Wiley. (Dec, 2019).

    • NIST SP 800-30, Rev. 1, Guide for Conducting Risk Assessments by Joint Task Force Transformation Initiative. (Sep, 2012).

    • NIST SP 800-37, Rev. 2, Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy by Joint Task Force Transformation Initiative. (Dec, 2018).

    • NIST SP 800-39, Managing Information Security Risk: Organization, Mission, and Information System View by Joint Task Force Transformation Initiative (Mar, 2011).

    • NIST SP 800-53, Rev. 5, Security and Privacy Controls for Information Systems and Organizations by Joint Task Force Transformation Initiative. (Sep, 2020).

    • NIST SP 800-61, Rev. 2, Computer Security Incident Handling Guide by Paul Cichonski, Tom Millar, Tim Grance, Karen Scarfone. (Aug, 2012).

    • NIST SP 800-66, Rev. 1: An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA). Security Rule by Matthew Scholl, Kevin Stine, Joan Hash, Pauline Bowen, Arnold Johnson, Carla Dancy Smith, Daniel I. Seinberg. (Oct, 2008).

    • NIST SP 800-88, Guidelines for Media Sanitization by Richard Kissel, Andrew Regenscheid, Matthew Scholl, Kevin Stine. (Dec, 2014).

  • CISSP-ISSAP CISSP-ISSAP
    • Agile Application Security by Laura Bell, Rich Smith, Michael Brunton-Spall, Jim Bird. Publisher: O'Reilly Media, Inc. (Jun, 2017).

    • Application Security in the ISO 27001:2013 Environment by Vinod Vasudevan. Publisher: IT Governance Publishing. (Oct, 2015).

    • Applied Cryptography: Protocols, Algorithms and Source Code in C, 20th Anniversary Ed. by Bruce Schneier. Publisher: Wiley. (Mar, 2015).

    • Business Continuity and Disaster Recovery Planning for IT Professionals, 2nd Ed. by Susan Snedaker. Publisher: Syngress. (Sep, 2013).

    • Common Criteria for Information Technology Security Evaluation, Version 3.1 Rev. 5 by Mead, N. Publisher: Carnegie. (Apr, 2017).

    • CSA Security Guidance for Critical Areas of Focus in Cloud Computing v4.0 by Rich Mogull, James Arlen, Adrian Lane, Gunnar Peterson, Mike Rothman, David Mortman. Publisher: Cloud Security Alliance. (Jul, 2017).

    • Disaster Recovery and Business Continuity, 3rd Ed. by B.S. Thejandra. Publisher: IT Governance Publishing. (Jan, 2014).

    • Hacking Exposed Industrial Control Systems: ICS and SCADA Security Secrets & Solutions by Aaron Shbeeb, Clint Bodungen, Bryan Singer, Kyle Wilhoit, Stephen Hilt. Publisher: McGraw-Hill Education. (Sep, 2016).

    • Identity and Access Management: Business Performance Through Connected Intelligence, 1st Ed. by Ertem Osmanoglu. Publisher: Syngress. (Nov, 2013).

    • Information Security Handbook by Darren Death. Publisher: Packt Publishing. (Dec, 2017).

    • Information Security Management Handbook, Vol. 6, 6th Ed. by Harold F. Tipton and Micki Krause Nozaki. Publisher: Auerbach Publications. (Apr, 2016).

    • NIST SP 800-125, Guide to Security for Full Virtualization Technologies by Karen Scarfone, Murugiah Souppaya, Paul Hoffman. (Jan, 2011).

    • NIST SP 800-34 Rev. 1, Contingency Planning Guide for Federal Information Systems by Marianne Swanson, Pauline Bowen, Amy Wohl Phillips, Dean Gallup, David Lynes. (May, 2010).

    • NIST SP 800-61, Rev. 2, Computer Security Incident Handling Guide by Paul Cichonski, Tom Millar, Tim Grance, Karen Scarfone. (Aug, 2012).

    • NIST SP 800-63-3, Digital Identity Guidelines: Enrollment and Identity Proofing by Paul A. Grassi, James L. Fenton, Naomi B. Lefkovitz, Jamie M. Danker, Yee-Yin Choong, Kristen K. Greene, Mary F. Theofanos. (Jun, 2017).


    • Payment Card Industry (PCI) Data Security Standard Validation Requirements: For Qualified Security Assessors (QSA), Version 1.2 by PCI Standards Council. (Oct, 2008).

    • PCI Compliance: Understand and Implement Effective PCI Data Security Standard Compliance, 4th Ed. by Branden R. Williams, Anton Chuvakin. Publisher: Syngress. (Nov, 2014).

    • Security Patterns in Practice: Designing Secure Architectures Using Software Patterns by Eduardo Fernandez-Buglioni. Publisher: Wiley. (May, 2013).
  • CISSP-ISSEP CISSP-ISSEP
    • A Guide to the Project Management Body of Knowledge (PMBOK Guide), 7th Ed. by Project Management Institute. Publisher: Project Management Institute. (Aug, 2021).

    • Information Assurance Technical Framework 3.1 by National Security Agency Information Assurance Solutions Technical Directors. (Sep, 2002).

    • NIST SP 800-115, Technical Guide to Information Security Testing and Assessment by Karen Scarfone, Murugiah Souppaya, Amanda Cody, Angela Orebaugh. (Sep, 2008).

    • NIST SP 800-128, Guide for Security-Focused Configuration Management of Information Systems by Arnold Johnson, Kelley Dempsey, Ron Ross, Sarbari Gupta, Dennis Bailey. (Aug, 2011).

    • NIST SP 800-160, Vol. 1, Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems by Ron Ross, Michael McEvilley, Janet Carrier Oren. (Mar, 2018).

    • NIST SP 800-161, Supply Chain Risk Management Practices for Federal Information System and Organizations by Jon Boyens, Celia Paulsen, Rama Moorthy, Nadya Bartol. (Apr, 2015).

    • NIST SP 800-30, Rev. 1, Guide for Conducting Risk Assessments by Joint Task Force Transformation Initiative. (Sep, 2012).

    • NIST SP 800-37, Rev. 2, Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy by Joint Task Force Transformation Initiative. (Dec, 2018).

    • NIST SP 800-39, Managing Information Security Risk: Organization, Mission, and Information System View by Joint Task Force Transformation Initiative (Mar, 2011).

    • NIST SP 800-40, Rev. 3, Guide to Enterprise Patch Management Technologies Murugiah Souppaya, Karen Scarfone. (Jul, 2013).

    • NIST SP 800-53, Rev. 5, Security and Privacy Controls for Information Systems and Organizations by Joint Task Force Transformation Initiative. (Sep, 2020).

    • NIST SP 800-61, Rev. 2, Computer Security Incident Handling Guide by Paul Cichonski, Tom Millar, Tim Grance, Karen Scarfone. (Aug, 2012).

    • NIST SP 800-88, Guidelines for Media Sanitization by Richard Kissel, Andrew Regenscheid, Matthew Scholl, Kevin Stine. (Dec, 2014).

  • CISSP-ISSMP CISSP-ISSMP

    • Auditing IT Infrastructures for Compliance, 2nd Ed. by Martin Weiss. Publisher: Jones & Bartlett Publishers. (Jul, 2015).

    • Business Continuity and Disaster Recovery Planning for IT Professionals, 2nd Ed. by Susan Snedaker. Publisher: Syngress. (Sep, 2013).

    • Disaster Recovery, Crisis Response, and Business Continuity: A Management Desk Reference by Jamie Watters, Janet Watters. Publisher: Apress. (Dec, 2013).

    • Information Security Management Handbook, Vol. 6, 6th Ed. by Harold F. Tipton and Micki Krause Nozaki. Publisher: Auerbach Publications. (Apr, 2016).

    • NIST SP 800-160, Vol. 1, Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems by Ron Ross, Michael McEvilley, Janet Carrier Oren. (Mar, 2018).

    • NIST SP 800-30, Rev. 1, Guide for Conducting Risk Assessments by Joint Task Force Transformation Initiative. (Sep, 2012).

    • NIST SP 800-34 Rev. 1, Contingency Planning Guide for Federal Information Systems by Marianne Swanson, Pauline Bowen, Amy Wohl Phillips, Dean Gallup, David Lynes. (May, 2010).

    • NIST SP 800-39, Managing Information Security Risk: Organization, Mission, and Information System View by Joint Task Force Transformation Initiative (Mar, 2011).

    • NIST SP 800-40, Rev. 3, Guide to Enterprise Patch Management Technologies Murugiah Souppaya, Karen Scarfone. (Jul, 2013).

    • NIST SP 800-53, Rev. 5, Security and Privacy Controls for Information Systems and Organizations by Joint Task Force Transformation Initiative. (Sep, 2020).

    • NIST SP 800-55, Rev. 1, Performance Measurement Guide for Information Security by Elizabeth Chew, Marianne Swanson, Kevin Stine, Nadya Bartol, Anthony Brown, Will Robinson. (Jul, 2008).

    • NIST SP 800-61, Rev. 2, Computer Security Incident Handling Guide by Paul Cichonski, Tom Millar, Tim Grance, Karen Scarfone. (Aug, 2012).

    • Official (ISC)² Guide to the ISSMP CBK by Joseph Steinberg and Harold F. Tipton. Publisher: Auerbach Publications. (Apr, 2016).

    • Security Operations Center: Building, Operating, and Maintaining your SOC by Gary McIntyre, Joseph Muniz, Nadhem AlFardan. Publisher: Cisco Press. (Nov, 2015).

    • Security Policies and Implementation Issues, 2nd Ed. by Robert Johnson and Chuck Easttom. Publisher: Bartlett Learning. (Aug, 2014).

    • Security Risk Management: Building an Information Security Risk Management Program from the Ground Up by Evan Wheeler. Publisher: Syngress. (Apr, 2011).

    • Threat Modeling: Designing for Security, 1st Ed. by Adam Shostack. Publisher: Wiley. (Feb, 2014).
Ok