Compliance, Cyber Security

7 Books Every CISO Bookshelf Should Have

The role of Chief Information Security Officer (CISO) is a relatively new and started getting organizational level recognition from the CxO community and board of directors.  To establish and prove the importance of this position CISO has to shoulder multiple tasks. While sailing through this role CISO’s are facing many challenges, including scarcity of skilled resources, getting the budget approved for the security initiatives, getting involved in early stages of new business initiatives etc.

Fortunately, multiple resources are available for CISO to update and upgrade their knowledge and skills, which includes blogs, online webinar, conferences, training, multimedia like podcasts, white papers, and technology vendor documents.

If we encounter a man of rare intellect, we should ask him what books he reads.

–Ralph Waldo Emerson

The old proverb says books are your best friends. You can visit them now and again and they will never shy away from helping you with the information. There is no alternative to read books and refer them whenever required, that way you can outsource the remembering things you do not need often to the books and save your precious memory.

We have selected the following books from the coverage of the CISO role and information he needs to have handy. We hope that these books will be able to provide information about:

  • How to work collaboratively with other CxO
  • Get involved and make a decision on strategic initiatives
  • Providing inputs on what is happening larger context of hacking, threat intelligence
  • Managing the day to day security operations efficiently

We hope this will be crown jewels in your bookshelf and will help to you as and when required.

1. CISO Desk Reference Guide

An easy to use guide written by experienced practitioners for recently hired or promoted Chief Information Security Officers (CISOs), individuals aspiring to become a CISO, as well as business and technical professionals interested in the topic of cyber security, including Chief Technology Officers (CTOs), Chief Information Officers (CIOs), Boards of Directors, Chief Privacy Officers, and other executives responsible for information protection

The book covers the excellent discussion of the evolving CISO role and how best to embed it in the organization, fundamentals like data classification and controls, advice on tools and techniques.

The book delivers multiple perspectives on the foundations of organizational cyber security. This is essential reading for both aspiring and incumbent Chief Information Security Officers.

The book also helps fill a critical gap in the ever-evolving information security common body of knowledge.

2. Hacking Exposed – Network Security Solutions

Today, more than ever, security professionals need to get into the hacker’s mind, methods, and toolbox to successfully deter such relentless assaults. This edition brings readers abreast with the latest attack vectors and arms them for these continually evolving threats.” –Brett Wahlin, CSO, Sony Network Entertainment



3. The Computer Incident REspone Planning Handbook

It is good at explaining things about an Incident Response Plan that you might overlook (i.e. having executive buy-in). It approaches things realistically without getting bogged down with a bunch of fluff or anecdotal knowledge that does not serve a purpose. Short and to the point! I highly recommend this to anyone starting a security program.


4. Threat Modeling Designing Security

The book is chock-full of specific and actionable advice, without being tied to specific software, operating systems or languages. For security professionals, the book provides the easiest way to adopt a structured approach to threat modeling. This approach is being promoted by Microsoft and the book provides the easiest way to understand the changing threats and threat landscape.

This book provides the most practical approaches to look at security with the threat context which should be the most worrying part for any security officers. This book provides the much-needed guidance in designing a practical information security policy for the organization rather than concentrating on compliance requirements. Awesome and recommended for all security officers

5. Cyber Breach Designing Exercise

Businesses and organizations of all stripes defend against unending attempts to steal their computer data or damage their systems. They pour billions of dollars into those digital defenses. Few, however, have serious plans for how they will respond to the impact of an actual breach. And few stress-test those plans.Such “exercises” force real-time decision-making and actions the same way a fire drill in a large complex might not go well the first time. The problem is that cyber incidents are infinitely more complicated.

This book shows Business Continuity Planners, Crisis Managers and their IT counterparts how to stage a cyber incident exercise that will test preparedness, surface unconsidered circumstances, and sharpen the responsiveness of everyone from top executives to line technologists.It focuses on Advanced Tabletop, Functional, and Full-scale exercises. And it covers everything from broad strategies to minute-to-minute decision-making in a “safe” process that brings experience and insight to everyone. It provides very specific step-by-step instructions – starting from the earliest planning to after-action reports.Such “exercises” force real-time decision-making and actions the same way a fire drill in a large complex might not go well the first time. The problem is that cyber incidents are infinitely more complicated.

This book provides the insight on this much-needed topic “Exercises”

6. Data Driven Security Analysis Visualisation

Data Driven Security is a first of its kind book that aims to achieve the impossible; To be a book that integrates all 3 dimensions of ‘Data Science’, a) Math and Statistical Knowledge, b) Coding/Hacking skills, and c) Domain Knowledge. Domain, in this case, being the Information Security Domain. If these 3 dimensions are unknown to you, look at the figure on the right. This book is unique in that regard as it tackles all 3 dimensions. This is worth mentioning especially when you consider that concepts like statistical and machine learning are not part of traditional InfoSec tools. Traditional InfoSec tools are based around the concept of signature matching, i.e. determining if a threat matches from a set of already known badness such as a virus, malware, network activity, ip address, domain name. This approach is always playing catch up and the good guys are always one step (in fact several steps) behind the bad guys. This is where data-driven security comes in.

7. Cyber Security Everything Executive Needs to know

A cyber-breach could literally bring a healthy organization to its knees.  Even if it recovers, the damage done is potentially irreversible.  Armed with the knowledge that cyber-threats are now more common than ever, there are meaningful steps you and your organization can take to ensure you are not victimized by a hacker.  In the modern world of business, executives now face an enormous challenge: understanding cyber security business risks, the full financial and business impact of a breach, evaluating the right level of investment to protect against these threats, and how cyber security should be managed within the organization. This book will help you understand each of these significant areas while learning exactly what steps you, as a leader, can take to properly prepare your organization to face today’s constantly evolving threat landscape.

A great book should leave you with many experiences, and slightly exhausted at the end. You live several lives while reading.

–William Styron

What are you waiting for log into your Amazon account and order the books your bookshelf is missing.  We hope these books will help you with the required knowledge.

Enjoy reading.


Print Friendly, PDF & Email
Tagged ,

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.