The Security Reading Room: The Best Information Security Books of 2016

Posted on by Ben Rothke

There were a lot of good information security books that came out in 2016, and many that were not worth reading.

With that, here’s my list of the information security books stand out as the best, listed in no particular order:

The Car Hacker's Handbook: A Guide for the Penetration Tester - plus ça change, plus c’est la même chose. Lots of features combined with poor security make cars the next big avenue for hacking. Craig Smith shows everything the car manufacturers have done wrong, and what they need to do to make it right. But is Detroit listening?

Pinpoint: How GPS Is Changing Technology, Culture, and Our Minds – GPS is an absolute marvel, but it comes at a cost. Both from a cognitive and security perspective. People are driving into lakes and into snowdrifts, blindly trusting GPS. One of the shortest books around is that on GPS security. It simply does not exist. The Iranians for example have capitalized on this on numerous occasions and have launched GPS spoofing attacks against the US military.

Infrastructure as Code: Managing Servers in the Cloud - infrastructure as code (IaC) is the process of managing and provisioning servers and their configuration via definition files, rather than physical hardware configuration or the use of configuration management tools. The rise of IaaS has led to the widespread use of IaC. With that, if one does not built in security, the entire infrastructure is at risk.

Bitcoin and Cryptocurrency Technologies: A Comprehensive Introduction – there are many new cryptocurrencies, of which Bitcoin is the largest. Just regular banking, cryptocurrencies also need good security.

The War on Leakers: National Security and American Democracy, from Eugene V. Debs to Edward Snowden - When it comes to Edward Snowden, the question has often been posed as: is he a patriot or a traitor?  This book shows that the question of leakers and whistleblowers is rarely so binary or simple.







Image from:

Ben Rothke

Senior Information Security Manager, Tapad

blockchain & distributed ledger cloud security hackers & threats

Blogs posted to the website are intended for educational purposes only and do not replace independent professional judgment.  Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA® Conference, RSA Security LLC or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.

Share With Your Community