Skip to main content
Schedule exam

Suggested References

This reference list is not intended to be an all-inclusive collection representing the respective certifications Exam Outline. Its purpose is to provide candidates a starting point for their studies in domains which need supplementary learning in order to complement their associated level of work and academic experience. Candidates may also consider other references, which are not on this list but adequately cover domain content.

Note: ISC2 does not endorse any particular text or author and does not imply that any or all references be acquired or consulted. ISC2 does not imply nor guarantee that the study of these references will result in an examination pass.

  • Access Control and Identity Management, 3rd Ed. by Mike Chapple. Publisher: Jones and Bartlett Learning. (Sep, 2020).
  • Building a Cyber Risk Management Program by Brian Allen, Brandon Bapst, Terry Allan Hicks. Publisher: O'Reilly Media, Inc. (Dec 2023).
  • Building an Information Security Awareness Program, 1st Ed. by Bill Gardner and Valerie Thomas. Publisher: Syngress. (Aug, 2014).
  • Business Continuity and Disaster Recovery Planning for IT Professionals, 2nd Ed. by Susan Snedaker. Publisher: Syngress. (Sep, 2013).
  • Cloud Security Handbook by Eyal Estrin. Publisher: Packt Publishing. (Apr, 2022).
  • Computer Security Fundamentals, 5th Ed. by William Chuck Easttom. Publisher: Pearson IT Certification. (Feb, 2023).
  • Computer Security Handbook, 6th Ed. by Seymour Bosworth, M. E. Kabay, Eric Whyne. Publisher: Wiley. (Mar, 2014).
  • Cyber Security by David Sutton. Publisher: BCS, The Chartered Institute for IT. (Dec, 2022).
  • Cybersecurity Risk Management by Cynthia Brumfield, Brian Haugli. Publisher: Wiley. (Dec, 2021).
  • Distributed Denial of Service (DDoS) by Eric Chou, Rich Groves. Publisher: O’Reilly Media, Inc. (Apr, 2018).
  • Foundations of Information Security: A Straightforward Introduction by Jason Andress. Publisher: William Pollock. (Oct, 2019).
  • Fundamentals of Information Systems Security, 4th Ed. by David Kim, Michael G. Solomon. Publisher: Jones & Bartlett Publishers. (Nov, 2021).
  • Information Assurance Handbook: Effective Computer Security and Risk Management Strategies, 1st Ed. by Corey Schou and Steven Hernandez. Publisher: McGraw-Hill Education. (Sep, 2014).
  • Information Security Policies, Procedures, and Standards: A Practitioner’s Reference by Dogulas J. Landoll. Publisher: Auerbach Publications. (Mar, 2017).
  • IT Security Controls: A Guide to Corporate Standards and Frameworks by Virgilio Viegas, Oben Kuyucu. Publisher: Apress (Mar, 2022).
  • Modern Cryptography for Security Professionals, 1st Ed. by Lisa Bock. Publisher: Packt Publishing. (Jun, 2021).
  • Network Defense and Countermeasures: Principles and Practices by Chuck Easttom. Publisher: Pearson IT Certification. (Oct, 2023).
  • Network Security Strategies by Aditya Mukherjee. Publisher: Packt Publishing. (Nov, 2020).
  • Network Security, Firewalls, and VPNs, 3rd Edition by J. Michael Stewart, Denise Kinsey. Publisher: Jones & Bartlett Learning. (Oct, 2020).
  • Networking Fundamentals, 3rd Ed. by Chuck Easttom, Richard M. Roberts. Publisher: Goodheart-Willcox. (Sep, 2018).
  • NIST SP 800-53, Rev. 5, Security and Privacy Controls for Information Systems and Organizations by Joint Task Force Transformation Initiative. (Sep, 2020).
  • Security in Computing, 6th Ed. by Charles Pfleeger, Shari Lawrence Pfleeger, Lizzie Coles-Kemp. Publisher: Addison-Wesley Professional. (Aug, 2023).
  • Security Policies and Implementation Issues, 3rd Ed. by Robert Johnson and Chuck Easttom. Publisher: Bartlett Learning. (Oct, 2020).
  • The Disaster Recovery Handbook, 3rd Ed. by Michael Wallace, Lawrence Webber. Publisher: AMACOM. (Dec, 2017).
  • A Technical Guide to IPSec Virtual Private Networks by James S. Tiller. Publisher: Auerbach Publications. (Jul, 2017).
  • Access Control and Identity Management, 3rd Ed. by Mike Chapple. Publisher: Jones and Bartlett Learning. (Sep, 2020).
  • Access Control, Authentication, and Public Key Infrastructure (Information Systems Security & Assurance), 1st Ed. by Bill Ballad, Tricia Ballad, Erin Banks. Publisher: Jones & Bartlett Learning. (Oct, 2010).
  • Computer and Information Security Handbook, 3rd Ed. by John Vacca. Publisher: Morgan Kaufmann. (May, 2017).
  • Digital Forensics and Incident Response, 2nd Ed. by Gerard Johansen. Publisher: Packt Publishing. (Jan, 2020).
  • Encryption for Organizations and Individuals: Basics of Contemporary and Quantum Cryptography by Robert Ciesla. Publisher: Apress. (Aug, 2020).
  • EU General Data Protection Regulation (GDPR) by European Parliament. Publisher: European Parliament and Council of the European Union. (May, 2016).
  • Foundations of Information Security: A Straightforward Introduction by Jason Andress. Publisher: William Pollock. (Oct, 2019).
  • Fundamentals of Information Systems Security, 4th Ed. by David Kim, Michael G. Solomon. Publisher: Jones & Bartlett Publishers. (Nov, 2021).
  • Identity and Access Management: Business Performance Through Connected Intelligence, 1st Ed. by Ertem Osmanoglu. Publisher: Syngress. (Nov, 2013).
  • Identity Attack Vectors: Implementing an Effective Identity and Access Management Solution by Morey J. Haber, Darran Rolls. Publisher: Apress. (Dec, 2019).
  • Information Security Handbook by Darren Death. Publisher: Packt Publishing. (Dec, 2017).
  • Introduction to Computer Networks and Cybersecurity, 1st Ed. by J. Chwan-Hwa Wu, David Irwin. Publisher: CRC Press. (Apr, 2016).
  • IT Change Management By Axelos. Publisher: TSO. (Sep, 2017).
  • IT Security Controls: A Guide to Corporate Standards and Frameworks by Virgilio Viegas, Oben Kuyucu. Publisher: Apress (Mar, 2022).
  • Network Security, Firewalls, and VPNs, 3rd Edition by J. Michael Stewart, Denise Kinsey. Publisher: Jones & Bartlett Learning. (Oct, 2020).
  • Networking Fundamentals, 3rd Ed. by Chuck Easttom, Richard M. Roberts. Publisher: Goodheart-Willcox. (Sep, 2018).
  • Official (ISC)² SSCP CBK Reference, 5th Ed. by Mike Wills. Publisher: Sybex. (Dec, 2019).
  • Practical Cloud Security: A Guide for Secure Design and Deployment by Chris Dotson. Publisher: O'Reilly Media. (Mar, 2019).
  • Real-World Cryptography by David Wong. Publisher: Manning Publications. (Sep, 2021).
  • Security in Computing, 6th Ed. by Charles Pfleeger, Shari Lawrence Pfleeger, Lizzie Coles-Kemp. Publisher: Addison-Wesley Professional. (Aug, 2023).
  • The Disaster Recovery Handbook, 3rd Ed. by Michael Wallace, Lawrence Webber. Publisher: AMACOM. (Dec, 2017).
  • Understanding Log Analytics at Scale, 2nd Ed. by Matt Gillespie, Charles Givre. Publisher: O'Reilly Media, Inc. (May, 2021).
  • Wireless and Mobile Device Security by Jim Doherty. Publisher: Jones & Bartlett Learning. (Dec, 2014).
  • Zero Trust Networks: Building Secure Systems in Untrusted Networks by Evan Gilman, Doug Barth. Publisher: O'Reilly. (Jul, 2017).Access Control and Identity Management, 3rd Ed. by Mike Chapple. Publisher: Jones and Bartlett Learning. (Sep, 2020).
  • Access Control and Identity Management, 3rd Ed. by Mike Chapple. Publisher: Jones and Bartlett Learning. (Sep, 2020).
  • Authentication and Access Control: Practical Cryptography Methods and Tools by Sirapat Boonkrong. Publisher: Apress. (Dec, 2020).
  • Business Continuity and Disaster Recovery Planning for IT Professionals, 2nd Ed. by Susan Snedaker. Publisher: Syngress. (Sep, 2013).
  • Computer and Information Security Handbook, 3rd Ed. by John Vacca. Publisher: Morgan Kaufmann. (May, 2017).
  • Core Software Security: Security at the Source by Anmol Misra, James F. Ransome. Publisher: Auerbach Publications. (Oct, 2018).
  • Data Governance: The Definitive Guide by Evren Eryurek, Uri Gilad, Valliappa Lakshmanan, Anita Kibunguchy-Grant, Jessi Ashdown. Publisher: O'Reilly Media, Inc. (Mar, 2021).
  • Developing Cybersecurity Programs and Policies, 3rd Ed. by Omar Santos, Sari Greene. Publisher: Pearson IT Certification. (Aug, 2018).
  • Ethical Hacking and Penetration Testing Guide by Rafay Baloch. Publisher: Auerbach Publications. (Sep, 2017).
  • Foundations of Information Security: A Straightforward Introduction by Jason Andress. Publisher: William Pollock. (Oct, 2019).
  • Fundamentals of Information Systems Security, 4th Ed. by David Kim, Michael G. Solomon. Publisher: Jones & Bartlett Publishers. (Nov, 2021).
  • Identity and Access Management: Business Performance Through Connected Intelligence, 1st Ed. by Ertem Osmanoglu. Publisher: Syngress. (Nov, 2013).
  • Identity Attack Vectors: Implementing an Effective Identity and Access Management Solution by Darran Rolls, Morey J. Haber. Publisher: Apress. (Dec, 2019).
  • Information Security Handbook by Darren Death. Publisher: Packt Publishing. (Dec, 2017).
  • IT Auditing Using Controls to Protect Information Assets, 3rd Edition by Mike Kegerreis, Mike Schiller, Chris Davis. Publisher: McGraw-Hill Education. (Oct, 2019).
  • IT Change Management By Axelos. Publisher: TSO. (Sep, 2017).
  • IT Security Controls: A Guide to Corporate Standards and Frameworks by Virgilio Viegas, Oben Kuyucu. Publisher: Apress (Mar, 2022).
  • IT Security Risk Control Management: An Audit Preparation Plan by Raymond Pompon. Publisher: Apress. (Sep, 2016).
  • Official (ISC)² Guide to the CISSP CBK, 5th Ed. by John Warsinske, Mark Graff, Kevin Henry, Christopher Hoover, Ben Malisow, Sean Murphy, C. Paul Oakes, George Pajari, Jeff T. Parker, David Seidl and Mike Vasquez. Publisher: Wiley. (May, 2019).
  • Practical Cloud Security: A Guide for Secure Design and Deployment by Chris Dotson. Publisher: O'Reilly Media. (Mar, 2019).
  • Security in Computing, 6th Ed. by Charles Pfleeger, Shari Lawrence Pfleeger, Lizzie Coles-Kemp. Publisher: Addison-Wesley Professional. (Aug, 2023).
  • Solving Identity Management in Modern Applications: Demystifying OAuth 2.0, OpenID Connect, and SAML 2.0 by Abhishek Hingnikar, Yvonne Wilson. Publisher: Apress. (Nov, 2022).
  • The Complete Guide to Physical Security by Paul R. Baker and Daniel J. Benny. Publisher: Auerbach Publications. (Apr, 2016).
  • The Disaster Recovery Handbook, 3rd Ed. by Michael Wallace, Lawrence Webber. Publisher: AMACOM. (Dec, 2017).
  • Threat Modeling: Designing for Security, 1st Ed. by Adam Shostack. Publisher: Wiley. (Feb, 2014).
  • Zero Trust Networks: Building Secure Systems in Untrusted Networks by Evan Gilman, Doug Barth. Publisher: O'Reilly. (Jul, 2017).
  • Alice and Bob Learn Application Security by Tanya Janca. Publisher: Wiley. (Nov, 2020).
  • API Security in Action by Neil Madden. Publisher: Manning Publications. (Jan, 2021).
  • Architecting the Cloud: Design Decisions for Cloud Computing Service Models (SaaS, PaaS, and IaaS) by Michael Kavis. Publisher: Wiley. (Jan, 2014).
  • Cloud Auditing Best Practices by Shinesa Cambric, Michael Ratemo. Publisher: Packt Publishing. (Jan, 2023).
  • Cloud Computing Security, 2nd Ed. by John R. Vacca. Publisher: CRC Press. (Nov, 2020).
  • Cloud Computing: Concepts, Technology, Security and Architecture, 2nd Ed. by Thomas Erl, Eric Barcelo Monroy. Publisher: Pearson. (Aug, 2023).
  • Cloud Native Development Patterns and Best Practices by John Gilbert. Publisher: Packt Publishing. (Feb, 2018)
  • Cloud Security Handbook by Eyal Estrin. Publisher: Packt Publishing. (Apr, 2022).
  • Computer and Information Security Handbook, 3rd Ed. by John Vacca. Publisher: Morgan Kaufmann. (May, 2017).
  • Data Governance: The Definitive Guide by Evren Eryurek, Uri Gilad, Valliappa Lakshmanan, Anita Kibunguchy-Grant, Jessi Ashdown. Publisher: O'Reilly Media, Inc. (Mar, 2021).
  • Designing Cloud Data Platforms by Lynda Partner, Danil Zburivsky. Publisher: Manning Publications. (May, 2021).
  • EU General Data Protection Regulation (GDPR) by European Parliament. Publisher: European Parliament and Council of the European Union. (May, 2016).
  • Incident Response in the Age of Cloud: Techniques and Best Practices to Effectively Respond to Cybersecurity Incidents by Erdal Ozkaya. Publisher: Packt Publishing. (Feb, 2021).
  • Information Privacy Engineering and Privacy by Design by William Stallings. Publisher: Addison-Wesley Professional. (Dec, 2019)
  • Information Security Handbook by Darren Death. Publisher: Packt Publishing. (Dec, 2017).
  • IT Release Management: A Hands-on Guide by Dave Howard. Publisher: CRC Press. (Apr, 2016).
  • Official (ISC)² Guide to the CCSP CBK, 3rd Ed. by Leslie Fife, Aaron Kraus, Bryan Lewis. Publisher: Sybex. (July, 2021).
  • Practical Cloud Security, 2nd Ed. by Chris Dotson. Publisher: O'Reilly Media, Inc. (Oct, 2023).
  • Practical Cloud Security: A Guide for Secure Design and Deployment by Chris Dotson. Publisher: O'Reilly Media. (Mar, 2019).
  • Secure, Resilient, and Agile Software Development by Mark Merkow. Publisher: Auerbach Publications. (Dec, 2019).
  • Security Guidance for Critical Areas of Focus in Cloud Computing v5.0 by Rich Mogull, James Arlen, Adrian Lane, Gunnar Peterson, Mike Rothman, David Mortman. Publisher: Cloud Security Alliance. (Jul, 2024).
  • Security, Privacy, and Digital Forensics in the Cloud by Lei Chen, Hassan Takabi, Nhien-An Le-Khac. Publisher: Wiley. (Apr, 2019).
  • The Modern Security Operations Center by Joseph Muniz, Aamir Lakhani, Omar Santos, Moses Frost. Publisher: Addison-Wesley Professional. (May, 2021).
  • Threat Modeling: Designing for Security, 1st Ed. by Adam Shostack. Publisher: Wiley. (Feb, 2014).
  • Building a Cyber Risk Management Program by Brian Allen, Brandon Bapst, Terry Allan Hicks. Publisher: O'Reilly Media, Inc. (Dec 2023).
  • EU General Data Protection Regulation (GDPR) by European Parliament. Publisher: European Parliament and Council of the European Union. (May, 2016).
  • Implementing an Information Security Management System: Security Management Based on ISO 27001 Guidelines by Abhishek Chopra, Mukund Chaudhary. Publisher: Apress. (Dec, 2019).
  • Information Security Handbook by Darren Death. Publisher: Packt Publishing. (Dec, 2017).
  • Information Security Policies, Procedures, and Standards: A Practitioner’s Reference by Dogulas J. Landoll. Publisher: Auerbach Publications. (Mar, 2017).
  • Information Security Risk Management for ISO 27001/ISO 27002, 3rd Ed. by Alan Calder, Steve Watkins. Publisher: ITGP. (Aug, 2019).
  • ISO 27001 Controls - A guide to implementing and auditing, 2nd Ed. by Bridget Kenyon. Publisher: IT Governance Publishing. (Jul, 2024).
  • ISO 27001/ISO 27002 - A guide to Information Security Management Systems by Alan Calder. Publisher: IT Governance Publishing. (Nov, 2023).
  • IT Auditing Using Controls to Protect Information Assets, 3rd Edition by Mike Kegerreis, Mike Schiller, Chris Davis. Publisher: McGraw-Hill Education. (Oct, 2019).
  • IT Security Controls: A Guide to Corporate Standards and Frameworks by Virgilio Viegas, Oben Kuyucu. Publisher: Apress (Mar, 2022).
  • NIST FIPS-199, Standards for Security Categorization of Federal Information and Information Systems by U.S. Dept. of Commerce. (Feb, 2004).
  • NIST SP 800-115, Technical Guide to Information Security Testing and Assessment by Karen Scarfone, Murugiah Souppaya, Amanda Cody, Angela Orebaugh. (Sep, 2008).
  • NIST SP 800-122, Guide to Protecting the Confidentiality of Personally Identifiable Information (PII) by Erika McCallister, Tim Grance, Karen Scarfone. (Apr, 2010).
  • NIST SP 800-128, Guide for Security-Focused Configuration Management of Information Systems by Arnold Johnson, Kelley Dempsey, Ron Ross, Sarbari Gupta, Dennis Bailey. (Aug, 2011).
  • NIST SP 800-137, Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations by Kelley Dempsey, Nirali Shah Chawla, Arnold Johnson, Ronald Johnston, Alicia Clay Jones, Angela Orebaugh, Matthew Scholl, Kevin Stine. (Sep, 2011).
  • NIST SP 800-18, Rev. 1, Guide for Developing Security Plans for Federal Information Systems by Marianne Swanson, Joan Hash, Pauline Bowen. (Feb, 2006).
  • NIST SP 800-30, Rev. 1, Guide for Conducting Risk Assessments by Joint Task Force Transformation Initiative. (Sep, 2012).
  • NIST SP 800-37, Rev. 2, Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy by Joint Task Force Transformation Initiative. (Dec, 2018).
  • NIST SP 800-39, Managing Information Security Risk: Organization, Mission, and Information System View by Joint Task Force Transformation Initiative. (Mar, 2011).
  • NIST SP 800-53, Rev. 5, Security and Privacy Controls for Information Systems and Organizations by Joint Task Force Transformation Initiative. (Sep, 2020).
  • NIST SP 800-53A, Rev. 5, Assessing Security and Privacy Controls in Information Systems and Organizations by Joint Task Force Transformation Initiative. (Jan, 2022).
  • NIST SP 800-53B, Control Baselines for Information Systems and Organizations by Joint Task Force Transformation Initiative. (Sep, 2020).
  • NIST SP 800-60, Vol. 1, Rev. 1, Guide for Mapping Types of Information and Information Systems to Security Categories by Kevin Stine, Rich Kissel, William C. Barker, Jim Fahlsing, Jessica Gulick. (Aug, 2008).
  • Security Controls Evaluation, Testing, and Assessment Handbook by Leighton Johnson. Publisher: Syngress. (Dec, 2015).
  • Security Policies and Implementation Issues, 3rd Ed. by Robert Johnson and Chuck Easttom. Publisher: Bartlett Learning. (Oct, 2020).
  • Access Control and Identity Management, 3rd Ed. by Mike Chapple. Publisher: Jones and Bartlett Learning. (Sep, 2020).
  • Advanced Software Testing by Rex Black, 2nd Ed. Publisher: Rocky Nook. (Jan, 2016).
  • Agile Application Security by Laura Bell, Rich Smith, Michael Brunton-Spall, Jim Bird. Publisher: O'Reilly Media, Inc. (Jun, 2017).
  • Application Security Program Handbook by Derek Fisher. Publisher: Manning Publications. (Jan, 2023).
  • Computer and Information Security Handbook, 3rd Ed. by John Vacca. Publisher: Morgan Kaufmann. (May, 2017).
  • Cyber Security Engineering: A Practical Approach for Systems and Software Assurance by Nancy R. Mead, Carol C. Woody. Publisher: Addison-Wesley Professional. (Oct, 2016).
  • Cybersecurity and Third-Party Risk by Gregory C. Rasner. Publisher: Wiley. (Jul, 2021).
  • Effective Debugging: 66 Specific Ways to Debug Software and Systems by Diomidis Spinellis. Publisher: Addison-Wesley Professional. (Jun, 2016).
  • Enterprise Software Security: A Confluence of Disciplines by Kenneth R. van Wyk, Mark G. Graff, Dan S. Peters, Diana L. Burley. Publisher: Addison-Wesley Professional. (Dec, 2014).
  • Foundations of Information Security: A Straightforward Introduction by Jason Andress. Publisher: William Pollock. (Oct, 2019).
  • Fuzzing Against the Machine by Antonio Nappa, Eduardo Blazquez. Publisher: Packt Publishing. (May, 2023).
  • Hacking Exposed Industrial Control Systems: ICS and SCADA Security Secrets & Solutions by Clint Bodungen, Bryan Singer, Aaron Shbeeb, Kyle Wilhoit, Stephen Hilt. Publisher: McGraw-Hill. (Sep, 2016).
  • Hands-On Security in DevOps by Tony Hsu. Publisher: Packt Publishing. (Jul, 2018).
  • Improper Error Handling by Jeremy Ferragamo, Wichers, Jim Bird. Publisher: OWASP. (Dec, 2021).
  • Information Security Handbook by Darren Death. Publisher: Packt Publishing. (Dec, 2017).
  • Information Security: Principles and Practices, 2nd Ed. by Mark S. Merkow, Jim Breithaupt. Publisher: Pearson IT Certification. (Jun, 2014).
  • IT Release Management: A Hands-on Guide by Dave Howard. Publisher: CRC Press. (Apr, 2016).
  • IT Security Risk Control Management: An Audit Preparation Plan by Raymond Pompon. Publisher: Apress. (Sep, 2016).
  • NIST IR 7622, Notional Supply Chain Risk Management Practices for Federal Information Systems by Jon Boyens, Celia Paulsen, Nadya Bartol, Stephany A. Shankles, Rama Moorthy. (Oct, 2012).
  • Official (ISC)² Guide to the CSSLP, 2nd Ed. by Mano Paul. Publisher: Auerbach Publications. (Aug, 2013).
  • OWASP Testing Guide, Release 4.0 by Matteo Meucci, Andrew Muller. Publisher: OWASP. (Dec, 2014).
  • Penetration Testing: A Survival Guide by W. Halton, B. Weaver, J. Ansari, S. Kotipalli, M. Imran. Publisher: Packt Publishing. (Jan, 2017).
  • Secure, Resilient, and Agile Software Development by Mark Merkow. Publisher: Auerbach Publications. (Dec, 2019).
  • Security in Computing, 6th Ed. by Charles Pfleeger, Shari Lawrence Pfleeger, Lizzie Coles-Kemp. Publisher: Addison-Wesley Professional. (Aug, 2023).
  • Threat Modeling: Designing for Security, 1st Ed. by Adam Shostack. Publisher: Wiley. (Feb, 2014).
  • A Technical Guide to IPSec Virtual Private Networks by James S. Tiller. Publisher: Auerbach Publications. (Jul, 2017).
  • Access Control and Identity Management, 3rd Ed. by Mike Chapple. Publisher: Jones and Bartlett Learning. (Sep, 2020).
  • Advanced API Security: Securing APIs with OAuth 2.0, OpenID Connect, JWS, and JWE by Prabath Siriwardena. Publisher: Apress. (Aug, 2014).
  • Agile Application Security by Laura Bell, Rich Smith, Michael Brunton-Spall, Jim Bird. Publisher: O'Reilly Media, Inc. (Jun, 2017).
  • Applied Cryptography: Protocols, Algorithms and Source Code in C, 20th Anniversary Ed. by Bruce Schneier. Publisher: Wiley. (Mar, 2015).
  • Business Continuity and Disaster Recovery Planning for IT Professionals, 2nd Ed. by Susan Snedaker. Publisher: Syngress. (Sep, 2013).
  • Center for Internet Security. CIS Critical Security Controls Version 8. Center for Internet Security, May 2021, www.cisecurity.org/controls/v8.
  • Cloud Storage Security: A Practical Guide by Aaron Wheeler, Michael Winburn. Publisher: Elsevier. (Jul, 2015).
  • Computer and Information Security Handbook, 3rd Ed. by John Vacca. Publisher: Morgan Kaufmann. (May, 2017).
  • Data Center Handbook, 2nd Ed. by Hwaiyu Geng. Publisher: Wiley. (May, 2021).
  • Disaster Recovery, Crisis Response, and Business Continuity: A Management Desk Reference by Jamie Watters, Janet Watters. Publisher: Apress. (Dec, 2013).
  • Enterprise Mobility Suite Managing BYOD and Company-Owned Devices by Yuri Diogenes, Jeff Gilbert. Publisher: Microsoft Press. (Apr, 2015).
  • Fundamentals of Communications and Networking, 3rd Ed. by Michael G. Solomon, David Kim. Publisher: Jones & Bartlett Learning. (Jan, 2021).
  • Fundamentals of Information Systems Security, 4th Ed. by David Kim, Michael G. Solomon. Publisher: Jones & Bartlett Publishers. (Nov, 2021).
  • IKEv2 IPsec Virtual Private Networks: Understanding and Deploying IKEv2, IPsec VPNs, and FlexVPN in Cisco IOS by Graham Bartlett, Amjad Inamdar. Publisher: Cisco Press. (Sep, 2016).
  • Industrial Network Security, 2nd Ed. by Eric D. Knapp, Joel Thomas Langill. Publisher: Syngress. (Dec, 2014).
  • Information Security Management Handbook, Vol. 6, 6th Ed. by Harold F. Tipton and Micki Krause Nozaki. Publisher: Auerbach Publications. (Apr, 2016).
  • Information Security Risk Management for ISO 27001/ISO 27002, 3rd Ed. by Alan Calder, Steve Watkins. Publisher: ITGP. (Aug, 2019).
  • NIST SP 800-61, Rev. 3, Incident Response Recommendations and Considerations for Cybersecurity Risk Management: A CSF 2.0 Community Profile by Alexander Nelson, Sanjay Rekhi, Murugiah Souppaya, Karen Scarfone. (Apr, 2025).
  • Payment Card Industry Data Security Standards, Requirements and Security Assessment Procedures, Version 3.2.1 by PCI Security Standards Council. Publisher: PCI Security Standards Council, LLC. (May, 2018).
  • Securing VoIP, 1st Ed. by Regis Bates. Publisher: Syngress. (Nov, 2014).
  • Security Guidance for Critical Areas of Focus in Cloud Computing v5.0 by Rich Mogull, James Arlen, Adrian Lane, Gunnar Peterson, Mike Rothman, David Mortman. Publisher: Cloud Security Alliance. (Jul, 2024).
  • The Disaster Recovery Handbook, 3rd Ed. by Michael Wallace, Lawrence Webber. Publisher: AMACOM. (Dec, 2017).
  • The MITRE Corporation. MITRE ATT&CK, 2025, attack.mitre.org. Accessed 19 Nov. 2025.
  • Web Appliication Firewalls by Chad Russell. Publisher: O’Reilly Media, Inc. (Apr, 2018).
  • A Guide to the Project Management Body of Knowledge (PMBOK Guide), 7th Ed. by Project Management Institute. Publisher: Project Management Institute. (Aug, 2021).
  • Building A Global Information Assurance Program by Raymond J Curts, Douglas E. Campbell. Publisher: Auerbach Publications. (Jul, 2017).
  • Center for Internet Security. CIS Critical Security Controls Version 8. Center for Internet Security, May 2021, www.cisecurity.org/controls/v8.
  • Committee on National Security Systems. Committee on National Security Systems (CNSS) Glossary. CNSSI No. 4009, National Security Agency, 6 Apr. 2015, -dni.gov/files/NCSC/documents/nittf/CNSSI-4009_National_Information_Assurance.pdf.
  • Common Criteria for Information Technology Security Evaluation, Version 3.1 Rev. 5 by Mead, N. Publisher: Carnegie. (Apr, 2017).
  • Computer Incident Response and Forensics Team Management by Leighton Johnson. Publisher: Syngress. (Nov, 2013).
  • Computer Security: Art and Science, 2nd Ed. by Matt Bishop. Publisher: Addison-Wesley Professional. (Nov, 2018).
  • Cyber resilience - Defense-in-Depth Principles by Alan Calder. Publisher: IT Governance Publishing. (Aug, 2023).
  • Department of Defense. Cybersecurity Test and Evaluation Guidebook. Version 2.0, Change 1, Defense Acquisition University, 10 Feb. 2020, www.dau.edu/cybersecurity-test-and-evaluation-guidebook-version-2-change-1.
  • Designing Secure Software by Loren Kohnfelder. Publisher: No Starch Press. (Nov, 2021).
  • Enterprise Security Architecture: A Business-Driven Approach, 1st Ed. by John Sherwood. Publisher: CRC Press. (Nov, 2015).
  • EU General Data Protection Regulation (GDPR) by European Parliament. Publisher: European Parliament and Council of the European Union. (May, 2016).
  • Hands-On Security in DevOps by Tony Hsu. Publisher: Packt Publishing. (Jul, 2018).
  • INCOSE Systems Engineering Handbook by Walden. Publisher: Wiley. (Jul, 2015).
  • NIST FIPS 200 Minimum Security Requirements for Federal Information and Information Systems by National Institute of Standards and Technology. (Mar, 2006).
  • NIST FIPS-199, Standards for Security Categorization of Federal Information and Information Systems by U.S. Dept. of Commerce. (Feb, 2004).
  • NIST SP 800-123 Guide to General Server Security by Karen Scarfone, Wayne Jansen, Miles Tracy. (Jul, 2008).
  • NIST SP 800-128, Guide for Security-Focused Configuration Management of Information Systems by Arnold Johnson, Kelley Dempsey, Ron Ross, Sarbari Gupta, Dennis Bailey. (Aug, 2011).
  • NIST SP 800-160, Vol. 1, Engineering Trustworthy Secure Systems by Ron Ross, Mark Winstead, Michael McEvilley. (Nov, 2022).
  • NIST SP 800-30, Rev. 1, Guide for Conducting Risk Assessments by Joint Task Force Transformation Initiative. (Sep, 2012).
  • NIST SP 800-37, Rev. 2, Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy by Joint Task Force Transformation Initiative. (Dec, 2018).
  • NIST SP 800-39, Managing Information Security Risk: Organization, Mission, and Information System View by Joint Task Force Transformation Initiative. (Mar, 2011).
  • NIST SP 800-40, Rev. 4, Guide to Enterprise Patch Management Planning: Preventive Maintenance for Technology by Murugiah Souppaya, Karen Scarfone. (Apr, 2022).
  • NIST SP 800-53, Rev. 5, Security and Privacy Controls for Information Systems and Organizations by Joint Task Force Transformation Initiative. (Sep, 2020).
  • Payment Card Industry Data Security Standards, Requirements and Security Assessment Procedures, Version 4.0.1 by PCI Security Standards Council. Publisher: PCI Security Standards Council, LLC. (Jun, 2024).
  • A Guide to the Project Management Body of Knowledge (PMBOK Guide), 7th Ed. by Project Management Institute. Publisher: Project Management Institute. (Aug, 2021).
  • Applied Incident Response by Steve Anson. Publisher: Wiley. (Jan, 2020).
  • Business Continuity and Disaster Recovery Planning for IT Professionals, 2nd Ed. by Susan Snedaker. Publisher: Syngress. (Sep, 2013).
  • Computer and Information Security Handbook, 3rd Ed. by John Vacca. Publisher: Morgan Kaufmann. (May, 2017).
  • Computer Security: Art and Science, 2nd Ed. by Matt Bishop. Publisher: Addison-Wesley Professional. (Nov, 2018).
  • Defensive Security Handbook, 2nd Ed. by Lee Brotherston, Amanda Berlin, William F. Reyor. Publisher: O'Reilly Media, Inc. (Jun, 2024).
  • Digital Forensics and Incident Response, 2nd Ed. by Gerard Johansen. Publisher: Packt Publishing. (Jan, 2020).
  • Incident Response & Computer Forensics, 3rd Ed. by Jason Luttgens, Matthew Pepe, Kevin Mandia. Publisher: McGraw-Hill Osborne Media. (Aug, 2014).
  • Information Security Handbook by Darren Death. Publisher: Packt Publishing. (Dec, 2017).
  • Intelligence-Driven Incident Response, 2nd Ed. by Rebekah Brown, Scott J. Roberts. Publisher: O'Reilly Media, Inc. (Jun, 2023).
  • Legal and Privacy Issues in Information Security, 3rd Ed. by Joanna Lyn Grama. Publisher: Jones & Bartlett Learning. (Dec, 2020).
  • Managing Risk in Information Systems, 3rd Ed. by Darril Gibson, Andy Igonor. Publisher: Jones & Bartlett Learning. (Nov, 2020).
  • NIST SP 800-128, Guide for Security-Focused Configuration Management of Information Systems by Arnold Johnson, Kelley Dempsey, Ron Ross, Sarbari Gupta, Dennis Bailey. (Aug, 2011).
  • NIST SP 800-150 Guide to Cyber Threat Information Sharing by Christopher Johnson, Mark Badger, David Waltermire, Julie Snyder, Clem Skorupka. (Oct, 2016).
  • NIST SP 800-160, Vol. 1, Engineering Trustworthy Secure Systems by Ron Ross, Mark Winstead, Michael McEvilley. (Nov, 2022).
  • NIST SP 800-30, Rev. 1, Guide for Conducting Risk Assessments by Joint Task Force Transformation Initiative. (Sep, 2012).
  • NIST SP 800-34 Rev. 1, Contingency Planning Guide for Federal Information Systems by Marianne Swanson, Pauline Bowen, Amy Wohl Phillips, Dean Gallup, David Lynes. (May, 2010).
  • NIST SP 800-37, Rev. 2, Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy by Joint Task Force Transformation Initiative. (Dec, 2018).
  • NIST SP 800-39, Managing Information Security Risk: Organization, Mission, and Information System View by Joint Task Force Transformation Initiative. (Mar, 2011).
  • NIST SP 800-40, Rev. 4, Guide to Enterprise Patch Management Planning: Preventive Maintenance for Technology by Murugiah Souppaya, Karen Scarfone. (Apr, 2022).
  • NIST SP 800-61, Rev. 3, Incident Response Recommendations and Considerations for Cybersecurity Risk Management: A CSF 2.0 Community Profile by Alexander Nelson, Sanjay Rekhi, Murugiah Souppaya, Karen Scarfone. (Apr, 2025).
  • NIST SP 800-88, Rev. 2, Guidelines for Media Sanitization by Ramaswamy Chandramouli, Eric Hibbard. (Sep, 2025).
  • Official (ISC)² Guide to the ISSMP CBK by Joseph Steinberg and Harold F. Tipton. Publisher: Auerbach Publications. (Apr, 2016).
  • Security Operations Center: Building, Operating, and Maintaining your SOC by Gary McIntyre, Joseph Muniz, Nadhem AlFardan. Publisher: Cisco Press. (Nov, 2015).
  • The Disaster Recovery Handbook, 3rd Ed. by Michael Wallace, Lawrence Webber. Publisher: AMACOM. (Dec, 2017).