Ben’s Books of the Month: A Hat Trick of Information Security Titles


Posted on by Ben Rothke

In my review last month, I showcased two excellent books about incident management. Taking the approach of the more, the better, here are three recent titles that deserve a read.
 

Consumer Identity & Access Management: Design Fundamentals

CIAM (customer identity and access management) is a relatively new set of technologies that let organizations capture and manage their customer identity and profile data. It has many other uses as well, including controlling customer access to applications, data, services and more. 

 

In the past few years, customers have increasingly demanded great user experiences while wanting advertisers and brands to protect them from fraud, data breaches, privacy violations and more—which CIAM is often used.

 

In Consumer Identity & Access Management: Design Fundamentals, author Simon Moffatt has written an excellent foundational text that provides the perfect introduction to CIAM. As a highly technical guide, this book is meant for senior information security staff, developers and system architects. 

 

Contrary to what CIAM vendors may tell you, CIAM is a massive undertaking. There are no shortcuts, and it is a project that requires an experienced team. For those looking to implement CIAM, this is an excellent reference to use in that journey.  

 

Security Yearbook 2021: A History and Directory of the IT Security Industry

Information security is an industry that is dynamic and doesn’t rest on its laurels. Last year, I reviewed Security Yearbook 2020: A History and Directory of the IT Security Industry by Richard Stiennon. 

 

Richard is back with Security Yearbook 2021: A History and Directory of the IT Security Industry (IT-Harvest Press). The 2021 version is an updated reference that has additional interviews with industry luminaries and current data.

 

The book, in part, replicates some of the information of the over 2,600 security companies listed on their Security Yearbook website—which is as close as possible to getting a complete database of all IT security vendors in the world.

 

There are countless books on security tools, technologies and concepts. But Stiennon’s book is unique in that it is about the security industry itself. For those who want to understand the massive and continuously fluctuating information security space and the history of the people and companies who comprise the IT security industry, Security Yearbook 2021 is a great introduction. 

 

(ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide, 9th Edition

 

When I was at E&Y, Mike Ressler, one of the most intelligent people I’ve had the pleasure to work with, would answer clients when asked if we were CISSP certified with the quip, “No, but focus on our experience.” After we all took the CISSP exam and passed, he updated his answer to, “Of course we’re certified—but focus on our experience.” 

 

For those who have yet to obtain the gold standard of information security certifications, the 9th edition of the (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide by Mike Chapple, James Michael Stewart, and Darril Gibson (Sybex) will certainly fit their bill.

 

The CISSP examination has been called a mile wide and an inch deep. At over 1,200 pages, the guide covers the width of the top 8 CISSP domains of security. The book also comes with online access to test prep questions, flashcards and more. 

 

For those looking for a single reference to take them from their study to the exam center to passing the CISSP exam, this Official Study Guide is their go-to guide.

Contributors
Ben Rothke

Senior Information Security Manager, Tapad

Risk Management & Governance Identity

identity management & governance access control

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment.  Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA® Conference, RSA Security LLC or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.


Share With Your Community