Beyond Fear: Thinking Sensibly About Security in an Uncertain World

by Bruce Schneier

If you are a security practitioner, this is the book you should recommend to your friends and relatives.

Read this book yourself, to get a better handle on explaining Security issues to non-security people. Schneier believes we all can and should be better security consumers, and that the trade-offs we make in the name of security —in terms of cash outlays, taxes, inconvenience, and diminished freedoms—should be part of an ongoing negotiation in our personal, professional, and civic lives, and the subject of an open and informed national discussion.

This is a plain-English book that explains, using plenty of relevant real-world examples, how we can think for ourselves about key security issues. (Click to read more...)

Managing Information Security Risks: The OCTAVE^® Approach

by Christopher Alberts and Audrey Dorofee

OCTAVE enables any organization to develop security priorities based on the organization's particular business concerns. This approach provides a coherent framework for aligning security actions with overall objectives. Managing Information Security Risks, written by the developers of OCTAVE, is the complete and authoritative guide to its principles and implementations. The book provides a systematic way to evaluate and manage information security risks, illustrates the implementation of self-directed evaluations, and shows how to tailor evaluation methods to different types of organizations. (Click to read more...)