Despite recent scandals, RSA is still considered the biggest event in the security industry. It attracts the best brains, the best managers and the best influencers (although Security Analysts Summit is now considered the best event in the industry from an applied security stand point – remark by auth.) The best way to connect to the closed and very private community of security experts and feel part of it – is to keep up with the recent trends… by doing research and reading. And I mean – loooots of reading. Last year we did an overview of the best-selling books of RSA 2013. We’ll continue this tradition this year. Here’s a list of the books that the best minds of security industry dig in 2014:
1. Googling Security: How Much Does Google Know About You?
This year’s scary book:) When you use Google’s “free” services, you pay, big time–with personal information about yourself. Google is making a fortune on what it knows about you…and you may be shocked by just how much Google does know. Googling Security is the first book to reveal how Google’s vast information stockpiles could be used against you or your business–and what you can do to protect yourself.
Unlike other books on Google hacking, this book covers information you disclose when using all of Google’s top applications, not just what savvy users can retrieve via Google’s search results. West Point computer science professor Greg Conti reveals the privacy implications of Gmail, Google Maps, Google Talk, Google Groups, Google Alerts, Google’s new mobile applications and more. Drawing on his own advanced security research, Conti shows how Google’s databases can be used by others with bad intent, even if Google succeeds in its pledge of “do no evil.”
Uncover the trail of informational “bread crumbs” you leave when you use Google search:
- How Gmail could be used to track your personal network of friends, family, and acquaintances
- How Google’s map and location tools could disclose the locations of your home, employer, family and friends, travel plans and intentions
- How the information stockpiles of Google and other online companies may be spilled, lost, taken, shared or subpoenaed and later used for identity theft or even blackmail
- How the Google AdSense and DoubleClick advertising services could track you around the Web
- How to systematically reduce the personal information you expose or give away
This book is a wake-up call and a “how-to” self-defense manual: an indispensable resource for everyone, from private citizens to security professionals, who relies on Google.
2. Hacking Exposed 7: Network Security Secrets & Solutions
Professionals learn by studying the mistakes made by others. The fact that the SCO of Sony team and the former EAD of the FBI recommend this book means something:
“Our new reality is zero-day, APT and state-sponsored attacks. Today, more than ever, security professionals need to get into the hacker’s mind, methods and toolbox to successfully deter such relentless assaults. This edition brings readers abreast with the latest attack vectors and arms them for these continually evolving threats.” –Brett Wahlin, CSO, Sony Network Entertainment
“Stop taking punches–let’s change the game; it’s time for a paradigm shift in the way we secure our networks, and Hacking Exposed 7 is the playbook for bringing pain to our adversaries.” –Shawn Henry, former Executive Assistant Director, FBI
Bolster your system’s security and defeat the tools and tactics of cyber-criminals with expert advice and defense strategies from the world-renowned Hacking Exposed team. Case studies expose the hacker’s latest devious methods and illustrate field-tested remedies. Find out how to block infrastructure hacks, minimize advanced persistent threats, neutralize malicious code, secure web and database applications and fortify UNIX networks. Hacking Exposed 7: Network Security Secrets & Solutions contains all-new visual maps and a comprehensive “countermeasures cookbook”.
- Obstruct APTs and web-based meta-exploits
- Defend against UNIX-based root access and buffer overflow hacks
- Block SQL injection, spear phishing and embedded-code attacks
- Detect and terminate rootkits, Trojans, bots, worms and malware
- Lock down remote access using smartcards and hardware tokens
- Protect 802.11 WLANs with multilayered encryption and gateways
- Plug holes in VoIP, social networking, cloud, and Web 2.0 services
- Learn about the latest iPhone and Android attacks and how to protect yourself
3. Big Data For Dummies
We are living the era of the cloud – it means that in order to understand and plan the future of your business you have to learn how to manage and analyze gazillions of gigabytes of data and use it to your brand’s benefit. Big data management is one of the major challenges facing business, industry and not-for-profit organizations – as it is well… brand new. But if you need to develop or manage big data solutions effectively, you’ll appreciate how these four experts define, explain and guide you through this new and often confusing concept. You’ll learn what it is, why it matters and how to choose and implement solutions that work.
- Effectively managing big data is an issue of growing importance to businesses, not-for-profit organizations, government and IT professionals
- Authors are experts in information management, big data and a variety of solutions
- Explains big data in detail and discusses how to select and implement a solution, addresses security concerns, data storage and presentation issues, analytics and much more
- Provides essential information in a no-nonsense, easy-to-understand style that is empowering
4. Unmasking the Social Engineer: The Human Element of Security
It is obvious that social engineering is one of the hot topics in the bookstores of RSA2014. The community is trying to drag business into learning to identify the social engineer by non-verbal behavior.
Unmasking the Social Engineer: The Human Element of Security focuses on combining the science of understanding non-verbal communications with the knowledge of how social engineers, scam artists and con men use these skills to build feelings of trust and rapport in their targets. The author helps readers understand how to identify and detect social engineers and scammers by analyzing their non-verbal behavior. Unmasking the Social Engineer shows how attacks work, explains nonverbal communications and demonstrates with visuals the connection of non-verbal behavior to social engineering and scamming.
- Clearly combines both the practical and technical aspects of social engineering security
- Reveals the various dirty tricks that scammers use
- Pinpoints what to look for on the nonverbal side to detect the social engineer
- Sharing proven scientific methodology for reading, understanding, and deciphering non-verbal communications, Unmasking the Social Engineer arms readers with the knowledge needed to help protect their organizations.
5. Social Engineering: The Art of Human Hacking
To the point earlier – it is widely recognized today that human factor is the most vulnerable part of any security infrastructure. With that being said – it’s not surprising that today’s hackers are very interested in NLP techniques. This book reveals and dissects the technical aspect of many social engineering maneuvers.
From elicitation, pretexting, influence and manipulation all aspects of social engineering are picked apart, discussed and explained by using real world examples, personal experience and the science behind them to unravel the mystery in social engineering.
Kevin Mitnick—one of the most famous social engineers in the world—popularized the term “social engineering”. He explained that it is much easier to trick someone into revealing a password for a system than to exert the effort of hacking into the system. Mitnick claims that this social engineering tactic was the single-most effective method in his arsenal. This indispensable book examines a variety of maneuvers that are aimed at deceiving unsuspecting victims, while it also addresses ways to prevent social engineering threats.
- Examines social engineering, the science of influencing a target to perform a desired task or divulge information
- Arms you with invaluable information about the many methods of trickery that hackers use in order to gather information with the intent of executing identity theft, fraud or gaining computer system access
- Reveals vital steps for preventing social engineering threats
- Social Engineering: The Art of Human Hacking does its part to prepare you against nefarious hackers—now you can do your part by putting to good use the critical information within its pages.
6. Leading Effective Virtual Teams: Overcoming Time and Distance to Achieve Exceptional Results
We’re global – lots of IT services, including support and R&D are often outsourced or placed in regions with the best profitability potential. It means that more and more companies are facing a necessity to manage global teams. If you’re a leader of virtual team of any type, then buy this book. You will learn how to:
- Build trust and cultivate relationships, virtually, across your team
- Design and facilitate virtual meetings that are focused and engaging
- Influence without authority
- Motivate and galvanize a virtual team for top performance
- Blend asynchronous and synchronous communications for better virtual collaboration
- Navigate cross-cultural and generational differences in the absence of vital visual cues
- Assess skills, strengths, aptitudes and preferences from afar
- Handle other tough issues that can trip up virtual teams
7. CISSP Exam Cram
Only certified professionals are allowed to be in charge of informational security for business. Passing the CISSP Exam – is the way to become one of those elite IT guys. This book is the perfect study guide to help you pass the tough new electronic version of the CISSP exam. It provides coverage and practice questions for every exam topic, including substantial new coverage of encryption, cloud security, information lifecycles, security management/governance and more. The book contains an extensive set of preparation tools, such as quizzes, exam alerts and two practice exams, while the CD’s state-of-the-art test engine provides real-time practice and feedback.
Covers the critical information you’ll need to pass the CISSP exam!
- Enforce effective physical security throughout your organization
- Apply reliable authentication, authorization and accountability
- Design security architectures that can be verified, certified and accredited
- Understand the newest attacks and countermeasures
- Use encryption to safeguard data, systems and networks
- Systematically plan and test business continuity/disaster recovery programs
- Protect today’s cloud, web and database applications
- Address global compliance issues, from privacy to computer forensics
- Develop software that is secure throughout its entire lifecycle
- Implement effective security governance and risk management
- Use best-practice policies, procedures, guidelines and controls
- Ensure strong operational controls, from background checks to security audits
8. CISSP Practice Exams, Second Edition
CISSP Practice Exams, Second Edition is the ideal companion to Shon Harris’ bestselling CISSP All-in-One Exam Guide. Well-regarded for her engaging and informative style, Shon Harris is renowned as an IT security certification expert.
Designed as an exam-focused study self-aid and resource, CISSP Practice Exams, Second Edition provides 100% coverage of the 10 exam domains. Organized by these domains, the book allows you to focus on specific topics and tailor your study to your areas of expertise and weakness. To further aid in study and retention, each question in the book is accompanied by in-depth answer explanations for the correct and incorrect answer choices. Each chapter contains 25+ practice questions with an additional 500 practice questions hosted in a web-based environment. As an added bonus, you’ll get access to 24 hours of audio lectures featuring Harris conducting intensive review sessions.
9. Mobile Device Security For Dummies
Mobile devices have essentially replaced computers for corporate users who are on the go. There are millions of networks that have little to no security. This essential guide walks you through the steps for securing a network and building a bulletproof framework that will protect and support mobile devices in the enterprise. Featuring real-world case scenarios, this straightforward guide shares invaluable advice for protecting mobile devices from the loss of sensitive and confidential corporate information.
- Provides a practical, fast-track approach to protecting a mobile device from security threats
- Discusses important topics such as specific hacker protection, loss/theft protection, backing up and restoring data and more
- Offers critical advice for deploying enterprise network protection for mobile devices
- Walks you through the advantages of granular application access control and enforcement with VPN
10. Mobile Authentication: Problems and Solutions
The author looks at human-to-machine authentication, with a keen focus on the mobile scenario. Human-to-machine authentication is a startlingly complex issue. In the old days of computer security before 2000, the human component was all but disregarded. It was either assumed that people should and would be able to follow instructions or that end users were hopeless and would always make mistakes. The truth, of course, is somewhere in between, which is exactly what makes this topic so enticing. We cannot make progress with human-to-machine authentication without understanding both humans and machines. Mobile security is not simply security ported to a handset. Handsets have different constraints than traditional computers, and are used in a different way. Text entry is more frustrating, and therefore, it is tempting to use shorter and less complex passwords. It is also harder to detect spoofing. We need to design with this in mind. We also need to determine how exactly to integrate biometric readers to reap the maximum benefits from them. This book addresses all of these issues and more.
A must read.
11. Malware, Rootkits & Botnets A Beginner’s Guide
The “lock, stock and two smoking barrels” of security:) This book will help you learn how to improve the security posture of any organization and defend against some of the most pervasive network attacks. Malware, Rootkits & Botnets: A Beginner’s Guide explains the nature, sophistication and danger of these risks and offers best practices for thwarting them.
After reviewing the current threat landscape, the book describes the entire threat lifecycle, explaining how cybercriminals create, deploy and manage the malware, rootkits and botnets under their control. You’ll learn proven techniques for identifying and mitigating these malicious attacks. Templates, checklists and examples give you the hands-on help you need to get started protecting your network right away.