Security Texts

These are sources that I recommend for either supplemental reading to increase your knowledge for class, or simply because you are interested in the topic areas involved.

This list will be augmented over time, so you may wish to visit it again later.

Online Sources

Mailing Lists & Newsletters

This is a periodic newsletter written by Bruce Schneier. It contains some interesting essays from time-to-time, and often has links to interesting articles. It also promotes Bruce's books and company, but we all have to pay our bills.
The RISKS Digest
The RISKS Digest has been published for years as a publication of the ACM SIGSOFT. Dr. Peter Neumann, a giant in the field, has been editing the Digest (and adding awful puns) since its inception. Lots of articles beyond security, including items on software engineering, HCI, and crime, aviation safety, and more.
IEEE Cipher
This is the official newsletter of the IEEE Technical Committee on Security and Privacy. The list contains book reviews, conference reports, lots of announcements, and many other items of interest.
Spaf's Tumblr Blog
A collection of links to current news stories and blog entries about cyber security and privacy, updated daily.


General Security

Security in Computing (4th edition) by Charles P. Pfleeger and Shari Lawrence Pfleeger; Prentice Hall; 2007.
This is a good, general textbook for introducing the basics of information security to an undergraduate class. It covers a number of important topics, has good coverage of the literature, and a large collection of study problems.
Computer Security: Art and Science by Matt Bishop; Addison-Wesley, 2002.
A comprehensive text that goes into more depth and applies more formalism than the Pfleeger's book, but which neglects many of the issues of operational security, psychology and economics that really have an effect in the real world.
Network Security: Private Communication in a Public World, (2nd Edition) by Charlie Kaufman, Radia Perlman, and Mike Speciner; Prentice-Hall, 2002.
A great survey of the issues involved in remote authentication, confidentiality, and other issues about securing network communications.
Security Engineering: A Guide to Building Dependable Distributed Systems by Ross Anderson; Wiley 2001.
A book with lots of tips and observations about how security fails, and how security should be built in to systems.
Building Secure Software: How to Avoid Security Problems the Right Way by John Viega, Gary McGraw; Addison-Wesley, 2001.
A very practitioner-oriented work describing how to go about building and testing software that needs to exhibit common security principles.
Secure Coding: Principles and Practices by Mark Graff and Ken Van Wyk; O'Reilly, 2003.
A great book of principles for security. This doesn't so much as provide recipes as it does provide a set of fundamental issues that every security professional should bear in mind.


The Code Book; by Simon Singh; Anchor; 2000.
An interesting survey of some major cryptographic techniques, told from the standpoint of historic vignettes.
The Code Breakers; by David Kahn; Scribner; 2nd edition 1996.
A comprehensive history on cryptograhic methods and history. The book is most complete up to about 1950. The material on cryptographic developments and history from there forward is spotty and incomplete compared the rest of the book. Nonetheless, this is probably the single, best treatment of the history of cryptography in one (1200 page) book.
Applied Cryptography, by Bruce Schneier, John Wiley & Sons, 2nd edition, 1995.
An excellent reference to cryptographic methods and protocols. This is a book written for practitioners wishing to understand the algorithms and constraints of cryptography.

Miscellaneous Topics

Practical Unix & Internet Security, Simson Garfinkel and Gene Spafford, O'Reilly, 3rd edition, 2003.
A book describing the mechanics of securing Unix, MacOS X and Linux systems, both standalone and on networks. Material is included on administration and personnel as well as software and configuration.
@ Large: The Strange Case of the World's Biggest Internet Invasion, by David H. Freedman and Charles C. Mann, Simon & Schuster, 1997.
An account of a long-running series of system break-ins leading to formation of the FBI computer crime squad. Interesting history.
The Cuckoo's Egg, by Cliff Stoll, Pocket Books, 2000.
Classic tale of how a 75-cent accounting error led a part-time system administrator to discover an international spy ring conducting computer espionage. This describes a series of incidents in the mid-1980s, and was first published (and made into a movie) around 1990. A quick read.