Twelve Books Every InfoSec Pro Should Read in 2017

books-libraryEndpoint protection solutions are an essential part of the enterprise security toolkit, but they’re quickly becoming some of the most complex products on the market.

For those information security professionals trying to push their organization into the modern era of security, it can be difficult to know where to start. IT workers and CISOs looking for a new endpoint protection solution need a comprehensive overview in order to correctly plan, assess and deploy the right endpoint protection solutions for their organization and devise a strong business case for the technology.

There are loads of free resources available online (such as Solutions Review’s best practices articles, solutions directories, and buyer’s guides), and those resources are great, but sometimes it’s best to do things the old fashioned way… there are few resources that can match the in-depth, comprehensive detail of a good book.

[Compare the capabilities of the top Endpoint Protection vendors with a free 2017 Buyer’s Guide. Get your copy here.]

With that in mind, I’ve compiled a short list of the top twelve introductory information security and endpoint protection books available today, listed in no particular order. We have also built a small book library on this site, which you can access here.

Please note that several of these books have been in print for years and will not be up-to-date on the current range of  solutions on the market. However, despite their age, these books still function well as high-altitude introductions to concepts and ideas that professionals building cybersecurity plans need to be familiar with.


Hacking Exposed 7: Network Security Secrets and Solutions

“Bolster your system’s security and defeat the tools and tactics of cyber-criminals with advice and defense strategies from the world-renowned Hacking Exposed team. Case studies expose the hacker’s latest devious methods and illustrate field-tested remedies.”

Learn More


Blue Team Handbook: Incident Response Edition

“The Blue Team Handbook is a zero fluff reference guide for cyber security incident responders and InfoSec pros alike. The book is peppered with practical real life techniques from the authors extensive career working in academia and a corporate setting.”

Learn More


The Tao of Network Security Monitoring: Beyond Intrusion Detection

“This book is not about security or network monitoring: It’s about both, and in reality these are two aspects of the same problem. You can easily find people who are security experts or network monitors, but this book explains how to master both topics.”

Learn more


The Hacker Playbook: Practical Guide To Penetration Testing

“Written by a longtime security professional and CEO of Secure Planet, LLC, this step-by-step guide to the “game” of penetration hacking features hands-on examples and helpful advice from the top of the field.”

Learn More


The Computer Incident Response Planning Handbook

“Shows you how to build and manage successful response plans for the cyber incidents that have become inevitable for organizations of any size. Find out why these plans work. Learn the step-by-step process for developing and managing plans.”

Learn More


Data-Driven Security: Analysis, Visualization and Dashboards

“Everything in this book will have practical application for information security. Helps IT and security professionals understand and use data, so they can thwart attacks and understand and visualize vulnerabilities in their networks.”

Learn More


The Practice of Network Security Monitoring

“There’s no foolproof way to keep attackers out of your network. But when they get in, you’ll be prepared. The Practice of Network Security Monitoring will show you how to build a security net to detect, contain, and control them.”

Learn More


Security Metrics – A Beginner’s Guide (1st Edition)

“This practical resource covers project management, communication, analytics tools, identifying targets, defining objectives, obtaining stakeholder buy-in, metrics automation, data quality, resourcing and cloud-based security metrics.”

Learn More


IT Auditing Using Controls to Protect Information Assets

“This comprehensive guide describes how to assemble an effective IT audit team and maximize the value of the IT audit function. In-depth details on performing specific audits are accompanied by real-world examples, checklists and valuable templates.”

Learn More


Network Security Through Data Analysis: Building Situational Awareness

“Divided into three sections, this book examines the process of collecting and organizing data, various tools for analysis, and several different analytic scenarios and techniques. Ideal for network administrators and operational security analysts.

Learn More


Applied Network Security Monitoring: Collection, Detection & Analysis

“Applied Network Security Monitoring is the essential guide to becoming an NSM analyst from the ground up. This book takes a fundamental approach, complete with real-world examples that teach you the key concepts of NSM.”

Learn More


Effective Computer Security and Risk Management Strategies

“This practical resource leads you through building an IT strategy and offers an organizational approach to identifying, implementing, and controlling information assurance initiatives for small businesses and global enterprises alike.”

Learn More


Jeff Edwards
Follow Jeff

Jeff Edwards

Jeff Edwards is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large.He holds a Bachelor of Arts Degree in Journalism from the University of Massachusetts Amherst, and previously worked as a reporter covering Boston City Hall.
Jeff Edwards
Follow Jeff

Leave a Reply

Your email address will not be published. Required fields are marked *