http://bbs.byr.cn/#!article/Focus/45726
发信人: RSA (RSA), 信区: Security
标 题: 信息安全行业里面一些很不错的书
发信站: 北邮人论坛 (Thu Mar 1 12:25:17 2012), 站内
A Practical Guide to Federal Enterprise Architecture.pdf FEA架构的书,内容不错,可惜不大适用于企业,更适用于我国政务网结构;
A Supply Chain Management Guide To BCP.pdf 另一个角度看BCP,增长知识;
Adaptive Security Management Architecture.pdf 介绍安全管理架构(ESA)的书,不过思想较老,不推荐;
Agile.IT.Security.Implementation.Methodology.Nov.2011.pdf IBM的几个研究员写的书,算是新思路,不过并不适用于敏捷开发(Agile),整个思想体系还是较为生涩;
Auerbach.Complete.Guide.to.CISM.Certification.Dec.2006.pdf 较老的CISM教材,但内容不错,值得学习;
Auerbach.Publications.Official.ISC.2.Guide.to.the.CISSP-ISSEP.CBK.eBook.pdf ISSEP CBK,值得认真学习;
BCM-Building an Effective Incident Management Plan.pdf 比较细致深入的从Incident角度讲解了BCM,里面大量案例非常值得参考;
BackTrack 4_Assuring_Security_by_Penetration_Testing_2011.rar 还没看;
BackTrack.5.Wireless.Penetration.Testing.Beginners.Guide.rar 内容一般;
Build.Your.Own.Security.Lab.rar Matespoit的书,可以学习一下;
CISA_Review_Manual_2011.pdf
CISM Review Questions, Answers & Explanations Manual 2009.pdf
CISSP Practice Exams - Book.pdf
CISSP Questions, Answers & Explanations.pdf
CPA_Exam_Review_2011.rar
CRC.Press.Building.an.Effective.Information.Security.Policy.Architecture.pdf 讲解如何编写安全策略、制度的书,流程写的较细致,但内容不够精辟;
Cisco Switching Black Book.pdf
Cisco.Security.Little.Black.Book.eBook-EEn.pdf
Computer Forensics Investigating Data and Image Files.pdf 一本非常好的取证分析书,推荐;
Computer Forensics for Dummies.pdf
Computer and Information Security Handbook.rar 类似于Information Security Engneering,内容非常广泛庞杂,增长知识的书,但不精深;
Defining Incident Management Processes for CSIRTs A Work in Progress.pdf CERT官方指南,教科书;
EC Council - ECSA-LPT Training V 4.0.pdf EC-Council ECSA官方教材,内容一般,不推荐;
ECSAv4-LPTv4 Instructor slides.rar
EMC Cloud Computing Security Overview.rar EMC的云安全培训材料,简单入门;
Elsevier_Security_Risk_Management_2011.pdf 一本好书,务实的讲解信息安全管理,非常推荐;
Enterprise Risk Management Best Practices.pdf 一本不错的书,不过是讲COSO/ERM的,并非针对information security,而且也不贴近,不过书本身还是不错的;
Expert.Oracle.and.Java.Security.pdf Oracle和相关开发安全的书,内容不错,尤其入门者可以学习;
Fundamentals of Project Management.pdf 项目管理书,内容一般,入门级别,不如学习Sybex PMP review;
Gray Hat Python.pdf python高阶内容的书,偏重于逆向工程和程序调试,资深逆向和python爱好者可以看下;
HACKING EXPOSED MALWARE AND ROOTKITS- Malware and Rootkits Secrets and SolutionsHACKING EXPOSED MALWARE AND ROOTKITS- Malware and Rootkits
Secrets and Solutions.pdf 黑客大曝光系列,讲解rootkit类的,不错的incident handling & forensics参考书;
Hackers Heroes of the Computer Revolution - 25th Anniversary Edition.pdf 历史书;
Hackers.and.Painters.pdf 另一本历史书,内容还行;
Hacking Exposed Computer Forensics Secrets & Solutions, Second Edition - Aaron Philipp.pdf 黑客大曝光取证,内容不错;
Hacking Exposed Web Applications 3rd.pdf web安全第三版,好像2011的,内容很好,同类中的佼佼者;
Handbook for Computer Security Incident Response Teams (CSIRTs).pdf cert教科书;
How to Achieve 27001.pdf 27001认证建设的书,不过其实主要篇幅都在写合规性管理,不如看Building.an.Effective.Information.Security.Policy.Architecture和CISO Handbook;
How to Prepare Business Cases.pdf 附加资料,如何编写business case,合格的manager和pm应该看;
Human Resource Management fundamentals.pdf
ISACA CISA Exam Review 2011.rar
ISC Official Guide to CISSP Exam.rar CISSP OIG v2;
Incident Management Capability Metrics Version 0.1_07tr008.pdf cert教科书,讲incident management度量的;
Incident Response and Computer Forensics.pdf 另一本incident和forensics的书,推荐;
Information Security Governace 2008.pdf 信息安全治理和管理,内容不错,很精简,初建安全管理体系者可以以之为参考;
Information Security Harmonisation.pdf 短小的读物,讲解一系列信息安全管理、治理标准之间的对比;
Information Security and Cryptography.pdf 加密学教科书,内容中规中矩,还是很详细的,但可读性不如RSA三件套;
Metasploit_The_Penetration_Tester's_Guide_2011.rar metaspoit的书,这本内容还不错;
Mind Tools_Practical Thinking Skills for an Excellent Life_2007.pdf 管理工具和技能培训,所有的职业人都应当学习,非常推荐;
Moving_from_Project_Management_to_Project_Leadership.pdf
Network-Infrastructure-Security.pdf
Network.Security.Bible.Jan.2005.pdf 第一章内容还行,后面一般;
Ninja Hacking - Unconventional Penetration Testing - T. Wilhelm, et al., (Syngress, 2011).pdf 很另类的书...反正很另类就是了,但是内容太装B,不实在,不推荐;
No-Drama.Project.Management.pdf
No.Starch.Practical.Packet.Analysis.2nd.Edition.Jun.2011.pdf 实用厚道的网络协议分析书,推荐;
O'Reilly - Hardening Cisco Routers.rar
O'Reilly - Programming Python (Fourth Edition).pdf
O-ESA.pdf
Offensive.Security.Collection.rar offensive的安全系列集合;
Offensve Security WiFu Training.rar offensive的wifi培训,主要讲解backtrack,内容不错;
Official ISC2 Guide to The ISSAP CBK.pdf ISSAP CBK;
Oracle_LiveResponse.pdf
PKI_Implementing_and_Managing_E-Security.pdf RSA的PKI经典,值得学习;
PMBOK2008cn.pdf
PMP_Exam_Prep_6th_Edition.pdf
PMP_Project_Management_Professional_Exam_Review_Guide.pdf 前面三本经典的PMP教材,值得任何想走的长远的人学习;
PassGuide CISM V3.21.pdf
Penetration Testing and Vulnerability Analysis Class.rar
Practical Enterprise Risk Management A Business Process Approach.pdf 另一本讲解ERM的书,与信息安全关系不大,但内容不错;
Practical Oracle Security.pdf Oracle安全的书,很容很不错,可以和前面那个oracle & java一起阅读;
Presentation Secret.pdf jobs的演讲技巧,非常推荐,值得学习;
Project Management 5ed -The Managerial Process.pdf
Project_Management_A_Complete_Guide.pdf pmp的书,不如前面两个,不推荐;
Python Standard Library.pdf
RSA_Securitys_Official_Guide_to_Cryptography.pdf RSA加密的经典,推荐;
SANS_GCIA_503_Intrusion_Detection.rar
SANS_SEC531.pdf
Sams.VBScript.WMI.and.ADSI.Unleashed.May.2007.pdf
Security Planning Using Zachman Framework for Enterprises.pdf
Security Policies and Implementing Identify Management with AD.pdf 使用AD构建IDM的书,内容一般;
Security for Microsoft Administrator.rar windows安全,内容基础,不适合于做安全服务的人;
Security Monitoring.rar 安全日志分析的书;
Sockets, Shellcode, Porting, & Coding, RE.rar 一本历史悠久的shellcode经典教材;
Syngress - Business Continuity and Disaster Recovery Planning for IT Professionals.pdf 非常全面的BCP书,偏重于IT BCP/DRP,非常推荐;
Syngress - Hack Proofing Your Network (2nd Edition).pdf
Syngress Security for Microsoft Windows System Administrators(2010).pdf
Syngress Wireshark and Ethereal Network Protocol Analyzer Toolkit(2006).pdf 另一本讲wireshark的书,内容也不错,可以和前面那本一起看;
Syngress Writing Security Tools and Exploits(2006).pdf
The Mac Hacker's Handbook.pdf osx exploit开发;
The Official CHFI Study Guide 2007.pdf CHFI v4官方教材,取证,内容经典,可以作为主要教材;
The_CISO_Handbook.pdf CISO Handbook,信息安全管理,对不不同人可能相差很大;
Wiley.Security.Engineering.2nd.Edition.Apr.2008.pdf 增长见识的经典教材,内容庞杂,可以作为cissp补充阅读资料;
Write Great Code.rar
Writing Exploits Tuts from Corelan Team.rar
cisa_study_guide_2011_Sybex_3rd.rar sybex的cisa备考书,内容组织比CRM好很多,推荐用此替代CISA Review Manual;
crc press - cyber crime investigator's field guide.pdf 较老的取证书,CISSP ISSxP CIB中推荐的补充材料,但内容一般;
designing-security-architecture-solutions.pdf
ence_v6_study_guide.pdf encase认证的培训教材;
iOS Forensic Analysis for iPhone, iPad and iPod Touch.pdf
incident-handlers-handbook.pdf
nmap-cookbook-the-fat-free-guide-to-network-scanning.pdf nmap的pocket手册,快速查阅可以看看,不过一般是用不到;
syngress - Eleventh Hour CISSP Study Guide.pdf 一本不错的cissp书,适合考前总复习快速回忆知识点;
togaf_v9.pdf togaf白皮书;
windows_internal_5ed.pdf 经典的windows材料;
Volonino - Computer Forensics for Dummies (Wiley, 2008).pdf
Syngress.Penetration.Testers.Open.Source.Toolkit.3rd.Edition.Aug.2011
Syngress SQL Injection Attacks and Defense.pdf
Managing Successful Projects with Prince2
以上主要是Penetration、Forensics和SecurityManagement方面的.
希望能给各位想从事信安的学弟学妹做些参考,当然啦,从事安全行业的学长有空也可以抽时间看看 。