Cyber Shelf

// What to read next

What to read after Foundations of Information Security

Where to go after Foundations of Information Security, picked from our catalog. The next step up from beginner level, weighted toward the topics this book covers.

FoundationsDefensive

  1. 01 · 2022

    Cybersécurité

    Solange Ghernaouti's broad academic survey of cybersecurity — risk analysis, governance, technical and legal dimensions — the standard French university reference, now in its 7th edition.

    Intermediate
    4/5Solange Ghernaouti

  2. 02 · 2021

    How Cybersecurity Really Works

    Sam Grubb's gentle, exercise-driven introduction for non-specialists who need a working mental model of attacker behaviour and basic defence.

    Beginner
    4/5Sam Grubb

  3. 03 · 2013

    Sécurité informatique

    A principles-first treatment of information security for DSI, RSSI and sysadmins — architecture, cryptography, network defence and security policy — from two veteran French practitioners.

    Advanced
    4/5Laurent Bloch, Christophe Wolfhugel

  4. 04 · 2021

    Designing Secure Software

    Loren Kohnfelder, the original PKI author, on how to weave security thinking through requirements, design, implementation and operations rather than bolt it on at the end.

    Intermediate
    5/5Loren Kohnfelder

  5. 05 · 2012

    Practical Malware Analysis

    Still the gold standard textbook for static and dynamic malware analysis on Windows.

    Intermediate
    5/5Michael Sikorski, Andrew Honig

  6. 06 · 2013

    The Practice of Network Security Monitoring

    Richard Bejtlich's NSM playbook: how to deploy collection sensors, validate that you actually see what you think you see, and build detection workflows around open-source tools.

    Intermediate
    5/5Richard Bejtlich

  7. 07 · 2014

    Threat Modeling

    Adam Shostack's practitioner-oriented introduction to threat modeling: STRIDE, attack trees, and how to fit the practice into a real software-development lifecycle.

    Intermediate
    5/5Adam Shostack

  8. 08 · 2013

    Applied Network Security Monitoring

    A practitioner's walkthrough of building an NSM capability end to end, from deciding what to collect through detection and the analysis workflow that ties it together. The tooling is dated, but the way it teaches you to think about monitoring is not.

    Intermediate
    4/5Chris Sanders, Jason Smith
Back to Foundations of Information SecurityAlternatives to Foundations of Information Security