A Practical Guide to Federal Enterprise Architecture.pdf FEA架构的书,内容不 错,可惜不大适用于企业,更适用于我国政务网结构; A Supply Chain Management Guide To BCP.pdf 另一个角度看BCP,增长知识; Adaptive Security Management Architecture.pdf 介绍安全管理架构(ESA)的书,不 过思想较老,不推荐; Agile.IT.Security.Implementation.Methodology.Nov.2011.pdf IBM的几个研究员写的 书,算是新思路,不过并不适用于敏捷开发(Agile),整个思想体系还是较为生涩; Auerbach.Complete.Guide.to.CISM.Certification.Dec.2006.pdf 较老的CISM教材,但 内容不错,值得学习; Auerbach.Publications.Official.ISC.2.Guide.to.the.CISSP-ISSEP.CBK.eBook.pdf ISSEP CBK,值得认真学习; BCM-Building an Effective Incident Management Plan.pdf 比较细致深入的从 Incident角度讲解了BCM,里面大量案例非常值得参考; BackTrack 4_Assuring_Security_by_Penetration_Testing_2011.rar 还没看; BackTrack.5.Wireless.Penetration.Testing.Beginners.Guide.rar 内容一般; Build.Your.Own.Security.Lab.rar Matespoit的书,可以学习一下; CISA_Review_Manual_2011.pdf CISM Review Questions, Answers & Explanations Manual 2009.pdf CISSP Practice Exams - Book.pdf CISSP Questions, Answers & Explanations.pdf CPA_Exam_Review_2011.rar CRC.Press.Building.an.Effective.Information.Security.Policy.Architecture.pdf 讲解如何编写安全策略、制度的书,流程写的较细致,但内容不够精辟; Cisco Switching Black Book.pdf Cisco.Security.Little.Black.Book.eBook-EEn.pdf Computer Forensics Investigating Data and Image Files.pdf 一本非常好的取证分 析书,推荐; Computer Forensics for Dummies.pdf Computer and Information Security Handbook.rar 类似于Information Security Engneering,内容非常广泛庞杂,增长知识的书,但不精深; Defining Incident Management Processes for CSIRTs A Work in Progress.pdf CERT官方指南,教科书; EC Council - ECSA-LPT Training V 4.0.pdf EC-Council ECSA官方教材,内容一般, 不推荐; ECSAv4-LPTv4 Instructor slides.rar EMC Cloud Computing Security Overview.rar EMC的云安全培训材料,简单入门; Elsevier_Security_Risk_Management_2011.pdf 一本好书,务实的讲解信息安全管理, 非常推荐; Enterprise Risk Management Best Practices.pdf 一本不错的书,不过是讲COSO/ ERM的,并非针对information security,而且也不贴近,不过书本身还是不错的; Expert.Oracle.and.Java.Security.pdf Oracle和相关开发安全的书,内容不错,尤其 入门者可以学习; Fundamentals of Project Management.pdf 项目管理书,内容一般,入门级别,不如学 习Sybex PMP review; Gray Hat Python.pdf python高阶内容的书,偏重于逆向工程和程序调试,资深逆向和 python爱好者可以看下; HACKING EXPOSED MALWARE AND ROOTKITS- Malware and Rootkits Secrets and SolutionsHACKING EXPOSED MALWARE AND ROOTKITS- Malware and Rootkits Secrets and Solutions.pdf 黑客大曝光系列,讲解rootkit类的,不错的incident handling & forensics参考书; Hackers Heroes of the Computer Revolution - 25th Anniversary Edition.pdf 历史 书; Hackers.and.Painters.pdf 另一本历史书,内容还行; Hacking Exposed Computer Forensics Secrets & Solutions, Second Edition - Aaron Philipp.pdf 黑客大曝光取证,内容不错; Hacking Exposed Web Applications 3rd.pdf web安全第三版,好像2011的,内容很好 ,同类中的佼佼者; Handbook for Computer Security Incident Response Teams (CSIRTs).pdf cert教科 书; How to Achieve 27001.pdf 27001认证建设的书,不过其实主要篇幅都在写合规性管理 ,不如看Building.an.Effective.Information.Security.Policy.Architecture和CISO Handbook; How to Prepare Business Cases.pdf 附加资料,如何编写business case,合格的 manager和pm应该看; Human Resource Management fundamentals.pdf ISACA CISA Exam Review 2011.rar ISC Official Guide to CISSP Exam.rar CISSP OIG v2; Incident Management Capability Metrics Version 0.1_07tr008.pdf cert教科书,讲 incident management度量的; Incident Response and Computer Forensics.pdf 另一本incident和forensics的书, 推荐; Information Security Governace 2008.pdf 信息安全治理和管理,内容不错,很精简 ,初建安全管理体系者可以以之为参考; Information Security Harmonisation.pdf 短小的读物,讲解一系列信息安全管理、治 理标准之间的对比; Information Security and Cryptography.pdf 加密学教科书,内容中规中矩,还是很 详细的,但可读性不如RSA三件套; Metasploit_The_Penetration_Tester's_Guide_2011.rar metaspoit的书,这本内容还 不错; Mind Tools_Practical Thinking Skills for an Excellent Life_2007.pdf 管理工具 和技能培训,所有的职业人都应当学习,非常推荐; Moving_from_Project_Management_to_Project_Leadership.pdf Network-Infrastructure-Security.pdf Network.Security.Bible.Jan.2005.pdf 第一章内容还行,后面一般; Ninja Hacking - Unconventional Penetration Testing - T. Wilhelm, et al., ( Syngress, 2011).pdf 很另类的书...反正很另类就是了,但是内容太装B,不实在,不 推荐; No-Drama.Project.Management.pdf No.Starch.Practical.Packet.Analysis.2nd.Edition.Jun.2011.pdf 实用厚道的网络协 议分析书,推荐; O'Reilly - Hardening Cisco Routers.rar O'Reilly - Programming Python (Fourth Edition).pdf O-ESA.pdf Offensive.Security.Collection.rar offensive的安全系列集合; Offensve Security WiFu Training.rar offensive的wifi培训,主要讲解backtrack, 内容不错; Official ISC2 Guide to The ISSAP CBK.pdf ISSAP CBK; Oracle_LiveResponse.pdf PKI_Implementing_and_Managing_E-Security.pdf RSA的PKI经典,值得学习; PMBOK2008cn.pdf PMP_Exam_Prep_6th_Edition.pdf PMP_Project_Management_Professional_Exam_Review_Guide.pdf 前面三本经典的PMP教 材,值得任何想走的长远的人学习; PassGuide CISM V3.21.pdf Penetration Testing and Vulnerability Analysis Class.rar Practical Enterprise Risk Management A Business Process Approach.pdf 另一本讲 解ERM的书,与信息安全关系不大,但内容不错; Practical Oracle Security.pdf Oracle安全的书,很容很不错,可以和前面那个 oracle & java一起阅读; Presentation Secret.pdf jobs的演讲技巧,非常推荐,值得学习; Project Management 5ed -The Managerial Process.pdf Project_Management_A_Complete_Guide.pdf pmp的书,不如前面两个,不推荐; Python Standard Library.pdf RSA_Securitys_Official_Guide_to_Cryptography.pdf RSA加密的经典,推荐; SANS_GCIA_503_Intrusion_Detection.rar SANS_SEC531.pdf Sams.VBScript.WMI.and.ADSI.Unleashed.May.2007.pdf Security Planning Using Zachman Framework for Enterprises.pdf Security Policies and Implementing Identify Management with AD.pdf 使用AD构建 IDM的书,内容一般; Security for Microsoft Administrator.rar windows安全,内容基础,不适合于做安 全服务的人; Security Monitoring.rar 安全日志分析的书; Sockets, Shellcode, Porting, & Coding, RE.rar 一本历史悠久的shellcode经典教材 ; Syngress - Business Continuity and Disaster Recovery Planning for IT Professionals.pdf 非常全面的BCP书,偏重于IT BCP/DRP,非常推荐; Syngress - Hack Proofing Your Network (2nd Edition).pdf Syngress Security for Microsoft Windows System Administrators(2010).pdf Syngress Wireshark and Ethereal Network Protocol Analyzer Toolkit(2006).pdf 另一本讲wireshark的书,内容也不错,可以和前面那本一起看; Syngress Writing Security Tools and Exploits(2006).pdf The Mac Hacker's Handbook.pdf osx exploit开发; The Official CHFI Study Guide 2007.pdf CHFI v4官方教材,取证,内容经典,可以 作为主要教材; The_CISO_Handbook.pdf CISO Handbook,信息安全管理,对不不同人可能相差很大; Wiley.Security.Engineering.2nd.Edition.Apr.2008.pdf 增长见识的经典教材,内容 庞杂,可以作为cissp补充阅读资料; Write Great Code.rar Writing Exploits Tuts from Corelan Team.rar cisa_study_guide_2011_Sybex_3rd.rar sybex的cisa备考书,内容组织比CRM好很多, 推荐用此替代CISA Review Manual; crc press - cyber crime investigator's field guide.pdf 较老的取证书,CISSP ISSxP CIB中推荐的补充材料,但内容一般; designing-security-architecture-solutions.pdf ence_v6_study_guide.pdf encase认证的培训教材; iOS Forensic Analysis for iPhone, iPad and iPod Touch.pdf incident-handlers-handbook.pdf nmap-cookbook-the-fat-free-guide-to-network-scanning.pdf nmap的pocket手册,快 速查阅可以看看,不过一般是用不到; syngress - Eleventh Hour CISSP Study Guide.pdf 一本不错的cissp书,适合考前总 复习快速回忆知识点; togaf_v9.pdf togaf白皮书; windows_internal_5ed.pdf 经典的windows材料; Volonino - Computer Forensics for Dummies (Wiley, 2008).pdf Syngress.Penetration.Testers.Open.Source.Toolkit.3rd.Edition.Aug.2011 Syngress SQL Injection Attacks and Defense.pdf Managing Successful Projects with Prince2 以上主要是Penetration、Forensics和SecurityManagement方面的. 希望能给各位想从事信安的学弟学妹做些参考,当然啦,从事安全行业的学长有空也可 以抽时间看看 。 |
|