Books on information security. Get acquainted closer with IB

Hub "Information Security" is one of the most popular on Habré. Moreover, in recent years, the issue of online privacy has become very relevant, given the scanning of our emails . But apart from specialists in this field, few people understand this, so let's try to get acquainted with information security more closely and apply it in our projects, as we did.

Let's start from the beginning. What is information security?
Information security is the process of ensuring the confidentiality, integrity and availability of information.
Confidentiality: Providing access to information only to authorized users.
Integrity: Ensuring the reliability and completeness of information and methods for its processing.
Accessibility: Providing access to information and related assets of authorized users as needed.

We have prepared for you a short list of information security literature, in this post 9 books (7 in Russian and 2 in English), we will continue to publish the rest later or you can search on our website .

1. Blinov - Information Security
The tutorial examines the current state of affairs in the field of information security. The basic terms and definitions are given in accordance with accepted legal documents in Russia. One of the chapters is devoted to the review of international evaluation standards in the field of information security. It covers the issues of building secure information systems based on the use of mathematical models. This textbook is intended for senior students of the specialty "Applied computer science in economics." It is the first theoretical part of the cycle of information security tutorials.
')
2. Boris Beizer - Black Box Testing
The book of Dr. Beizer "Testing of the black box" has long been recognized as a classic work in the field of behavioral testing of various systems. It deeply examines the main issues of software testing, allowing you to find the maximum error with a minimum of time-consuming. Extremely detailed sets out the basic testing methodology, covering all the spectra of aspects of the development of software systems. Methodicality and breadth of presentation make this book an indispensable tool in verifying the correct functioning of software solutions. The book is intended for software testers and programmers seeking to improve the quality of their work.

3. Alexey Petrovsky - Effective hacking for those who start and not only
Now this is our world ... the world of electronics, change and charm baud. We use already available services, without paying even for something that can be very cheap, and you can call us criminals. We are exploring ... We exist without color, without nationality, without religious deviations ... You create atomic bombs, fight, kill, you lie to us, and try to make us believe in our own actions, we are still criminals. Yes, I am a criminal. My crimes for the sake of curiosity. Judging by the talk and thoughts of people, my crimes do not look pleasant. My crimes in order to outwit you, and that you never forgive me. I am a hacker and this is my manifesto. You can stop me, but you can't stop us all ...

4. Gorbatov and Polyanskaya - Fundamentals of PKI technology
The basics of public key infrastructure technology are considered. Basic definitions are given. It analyzes the main approaches to the implementation of public key infrastructures, describes the architecture, data structures, components and services of PKI. A classification of standards and specifications in the field of public key infrastructures is proposed. We consider the problem situations and risks, the PKI policy, the legal aspects of using the PKI technology. The software products of the leading world and Russian software companies for the support of PKI are described (as of the moment of the publication of the first edition of the book). For students and postgraduates of higher educational institutions, students of advanced training courses, as well as for a wide range of readers interested in modern problems of information security.

5. Petrenko and Kurbatov - Company Security Policies for Working in the Internet
The book is the first complete Russian-language practical guide on the development of information security policies in domestic companies and organizations and differs from other sources, mainly published abroad, in that it consistently outlines all the main ideas, methods and methods of practical solution development, implementation, support of security policies in various Russian state and commercial structures. The book may be useful to managers of automation services (CIO) and information security services (CISO), responsible for approving security policies and organizing information security mode; internal and external auditors (CISA); top management managers of the company (TOR-managers) who have to develop and implement security policies in the company; security administrators, system and network administrators, database administrators who are responsible for complying with the security rules in domestic corporate information systems. The book can also be used as a textbook by students and graduate students of relevant technical specialties.

6. Mikhailov and Zhukov - Protection of mobile phones from attacks
The book is devoted to the security of mobile devices. The book examines more than 40 variants of malicious actions, with the help of which attackers steal confidential data, illegally withdraw money or listen to telephone conversations. Most of the vulnerabilities in question were not previously known to the general public. The reader will get acquainted with the main signs of attacks on his phone, as well as learn what to do in order not to become a victim of fraudsters. Arguments are presented showing the reality of the threats under consideration. However, in order not to provoke fraudsters to criminal actions, information is not provided on which mobile devices are imperfect from a security point of view, and how these vulnerabilities can be exploited. The book is designed for a wide range of readers and will be useful both to information security specialists and simple users of mobile phones.

7. Sutton, Green, Amini - Fuzzing: Exploration of vulnerabilities by brute force
Fuzzing is the process of sending intentionally incorrect data to the object in question in order to cause a failure or an error. There are no real fuzzing rules. This is a technology in which success is measured solely by test results. For any single product, the amount of input data can be infinite. Fuzzing is the process of predicting what types of software errors may occur in a product, exactly which input values ​​will cause these errors. Thus, fuzzing is more art than science. This book is the first attempt to pay tribute to fuzzing as a technology. The knowledge that is given in the book is enough to begin to fuzz new products and build your own effective fuzzers. The key to effective fuzzing is knowing what data and which products to use and what tools are needed to control the fuzzing process. The book is of interest to a wide audience: both for those readers who know nothing about fuzzing, and for those who already have significant experience.
The book tells:
- Why does fuzzing simplify test development and detect errors that are difficult to detect by other methods
- How to organize fuzzing: from identifying the input data to assessing the suitability of the product for operation
- What is needed for successful phasing
- How to create and implement a smart failure detection mechanism
- What is the difference between mutational fuzzers and generators?
- How to automate fuzzing of program arguments and environment variables
- How to organize data fuzzing in RAM?
- How to develop your own interface and fuzzing applications

8. Alan Conheim - Computer security and cryptography
This is a book for users who want to understand and implement data security systems. It makes it possible to understand the factors of health, secrecy, authentication, and digital signature schema. Most importantly, readers should be able to create effective cryptographic systems.

9. Kord Davis - Ethics of Big Data
Datasets full of personal information? This is a review of ethical questions raised to privacy and identity. If you are going to be able to find out how to do this, then you can learn how to do it. Both individuals and organizations have legitimate interests in these data. Brand of data can be directly affected by the quality and revenue — as Target, Apple, Netflix and other companies have discovered. You can read more