SECURITY

Featuring CSX™ and CISM® Exam Prep

ISACA BOOKSTORE
isaca.org/bookstore

ISACA® (isaca.org) helps global professionals lead, adapt
and assure trust in an evolving digital world by offering
innovative and world-class knowledge, standards,
networking, credentialing and career development.
Established in 1969, ISACA is a global nonprofit association
of 140,000 professionals in 180 countries. ISACA also
offers the Cybersecurity Nexus™ (CSX), a holistic
cybersecurity resource, and COBIT®, a business framework
to govern enterprise technology.
Contact the ISACA Bookstore
E-mail: bookstore@isaca.org
Tel: +1.847.660.5650
Fax: +1.847.253.1443
CSX™ and CISM® Exam Prep Materials
CSX Cybersecurity Fundamentals Study Guide
by ISACA
The CSX Cybersecurity Fundamentals Study Guide is a
comprehensive study aid that will help to prepare learners
for the Cybersecurity Fundamentals Certificate exam.
By passing the exam and agreeing to adhere to ISACA’s
Code of Ethics, candidates will earn the Cybersecurity
Fundamentals Certificate, a knowledge-based certificate
that was developed to address the growing demand for
skilled cybersecurity professionals. The CSX Cybersecurity
Fundamentals Study Guide covers key areas that will be
tested on the exam, including: cybersecurity concepts,
security architecture principles, incident response, security
of networks, systems, applications, and data, and security
implications of evolving technology.
Print
Member: US $45.00
Non-member: US $55.00
Product Code: CSXG1
eBook
Product Code: WCSXG1
NEW!
CISM® Review Questions, Answers &
Explanations Manual, 8th Edition
by ISACA
The CISM® Review Questions, Answers & Explanations
Manual, 8th Edition consists of 950 multiple-choice study
questions, answers and explanations, which are organized
according to the CISM job practice domains.
The questions, answers and explanations are intended
to introduce the CISM candidate to the types of questions
that appear on the CISM exam. They are not actual
questions from the exam. Questions are sorted by CISM
job practice domains and a sample exam of 200 questions
is also provided.
To help exam candidates maximize—and customize—
their study efforts, questions are presented in the following
two ways:
• Sorted by job practice area—Questions, answers and
explanations are sorted by the CISM job practice
areas. This allows the CISM candidate to refer to
questions that focus on a particular area as well as to
evaluate comprehension of the topics covered within
each practice area.
• Scrambled as a sample 200-question exam—200 of
the 950 questions included in the manual are selected
to represent a full-length CISM exam, with questions
chosen in the same percentages as the current CISM
job practice areas.
Member: US $100.00
Non-member: US $130.00
Product Code: CQA8ED
Order online at isaca.org/bookstore
 ®
CISM Exam Prep Materials
NEW!
CISM Review Manual, 14th Edition
®
by ISACA
The CISM Review Manual, 14th Edition assists candidates
® by ISACA
to study and understand essential concepts in the following
job practice areas:
• Information Security Governance
• Information Risk Management and Compliance
• Information Security Program Development and
Management
• Information Security Incident Management
Each of the book’s four chapters has been divided into two
sections for focused study. Section one of each chapter
contains the definitions and objectives for the four areas, as
well as the corresponding tasks performed by information
security managers and knowledge statements that are
tested on the exam. The manual includes:
• A map of the relationship of each task to the
knowledge statements
• A reference guide for the knowledge statements,
including the relevant concepts and explanations
• References to specific content in section two for each
knowledge statement
• Self-assessment questions and explanations of the
answers
• Suggested resources for further study
Section two of each chapter consists of reference material
and content that support the knowledge statements. The
material enhances CISM candidates’ knowledge and/or
understanding when preparing for the CISM certification
exam. Also included are definitions of terms most
commonly found on the exam.
Member: US $105.00
Non-member: US $135.00
Product Code: CM14ED
Also available in Spanish
Order online at isaca.org/bookstore
NEW!
CISM Review Questions, Answers &
®
Explanations Database—12-Month Subscription
The CISM® Review Questions, Answers & Explanations
Database is a comprehensive 950-question pool of items
that contains the questions from the CISM® Review
Questions, Answers & Explanations Manual 8th Edition.
The database is available via the web, allowing our CISM
candidates to log in at home, at work or anywhere they
have Internet connectivity. The database is MAC and
Windows compatible.
Exam candidates can take sample exams with randomly
selected questions and view the results by job practice
domain, allowing for concentrated study in particular areas.
Additionally questions generated during a study session are
sorted based on previous scoring history, allowing CISM
candidates to identify their strengths and weaknesses and
focus their study efforts accordingly.
Other features provide the ability to select sample exams
by specific job practice domain, view questions that were
previously answered incorrectly and vary the length of
study sessions, giving candidates the ability to customize
their study approach to fit their needs.
Member: US $185.00
2016
CISM Non-member: US $225.00
Product Code: XMXCM15-12M
Review Questions, Answers
& Explanations Database
CISM® Review Questions, Answers &
Explanations Database—6-Month Extension
by ISACA
The CISM® Questions, Answers & Explanations Database—
6-Month Extension can only be purchased only as an
extension to the CISM® Questions, Answers & Explanations
Database—12-Month Subscription. The database is available
via the web, allowing CISM Candidates to log in at home,
at work or anywhere they have Internet connectivity.
Member: US $45.00
2016
CISM
Review Questions, Answers
& Explanations Database
Non-member: US $65.00
Product Code: XMXCM15-EXT180
Security Resources
Transforming Cybersecurity
by ISACA
Cybersecurity has evolved as a new field of interest, gaining
political and societal attention. Given this magnitude, the
future tasks and responsibilities associated with cybersecurity
will be essential to organizational survival and profitability.
This publication applies the COBIT 5 framework and its
component publications to transform cybersecurity in a
systemic way.
Print
Member: US $35.00
Non-member: US $60.00
Product Code: CB5TC1
eBook
Product Code: WCB5TC1
Free member download
Business Continuity and Disaster Recovery for
IT Professionals, 2nd Edition
by S. Snedaker
Powerful Earthquake Triggers Tsunami in Pacific. Wildfires
Burn Hundreds of Houses and Businesses in Colorado.
Tornado Touches Down in Missouri. These headlines not
only have caught the attention of people around the world,
they have had a significant effect on IT professionals as
well. The new second edition of Business Continuity and
Disaster Recovery for IT Professionals gives you the most
up-to-date planning and risk management techniques
for business continuity and disaster recovery (BCDR).
With distributed networks, increasing demands for
confidentiality, integrity and availability of data, and the
widespread risks to the security of personal, confidential
and sensitive data, no organization can afford to ignore the
need for disaster planning.
Author Susan Snedaker shares her expertise, including
the most current options for disaster recovery and
communication, BCDR for mobile devices, and the latest
infrastructure considerations including cloud, virtualization,
clustering, and more. Snedaker also provides new case
studies in several business areas, along with a review of
high availability and information security in healthcare IT.
Member: US $70.00
Non-member: US $80.00
Product Code: 6SYN2
Responding to Targeted Cyberattacks
by ISACA
The threat environment has radically changed over the last
decade. Most enterprises have not kept pace and lack
the necessary fundamentals required to prepare and plan
against cyber attacks. To successfully expel attackers,
the enterprise must be able to conduct an investigation,
feed the threat intelligence into a detailed remediation/
eradication plan and then execute the remediation/
eradication plan. This publication covers a few of the basic
concepts that will help answer the key questions posed by
a new perspective which understands that a breach WILL
eventually occur.
Print
Member: US $35.00
Non-member: US $59.00
Product Code: RTC
eBook
Product Code: WRTC
Free member download
Also available in Japanese
Securing Mobile Devices
by ISACA
Securing Mobile Devices should be read in the context of
the existing publications COBIT® 5 for Information Security,
Business Model for Information Security (BMIS) and
COBIT 5 itself.
This publication is intended for several audiences who use
mobile devises directly or indirectly. These include end
users, IT administrators, information security managers,
service providers for mobile devices and IT auditors.
The main purpose of applying COBIT 5 to mobile device
security is to establish a uniform management framework
and to give guidance on planning, implementing and
maintaining comprehensive security for mobile devices in
the context of enterprises. The secondary purpose is to
provide guidance on how to embed security for mobile
devices in a corporate governance, risk management
and compliance (GRC) strategy using COBIT 5 as the
overarching framework for GRC.
Print
Member: US $35.00
Non-member: US $75.00
Product Code: CB5SMD1
eBook
Product Code: WCB5SMD1
Free member download
Order online at isaca.org/bookstore
 Security Resources
Cybersecurity Guidance for Small and
Medium-sized Enterprises
by ISACA
Cyber security is a topic of interest for most enterprises,
regardless of their size. Cyber crime and cyber warfare are
not restricted to large, multinational enterprises. Increasing
numbers of small and medium-sized enterprises (SMEs) are
being targeted. ISACA’s Cybersecurity Guidance for Small
and Medium-sized Enterprises is designed to meet the
needs of typical SMEs: reasonable security at affordable
cost while helping SMEs to prepare for, and manage,
typical cyber security issues, risk and threats.
Print
Member: US $35.00
Non-member: US $60.00
Product Code: CSXE
eBook
Product Code: WCSXE
Cyber Attacks: Protecting National Infrastructure
by E. Amoroso
This textbook offers a technical, architectural, and
management approach to solving the problems of
protecting national infrastructure and includes practical and
empirically-based guidance for students wishing to become
security engineers, network operators, software designers,
technology managers, application developers, Chief Security
Officers, etc. This book serves as an attractive framework for
a new national strategy for cyber security, as each principle is
presented as a separate security strategy, along with pages
of compelling examples that demonstrate use of the principle.
A specific set of criteria requirements allows students to
understand how any organization, such as a government
agency, integrates the principles into their local environment.
The STUDENT EDITION features several case studies
illustrating actual implementation scenarios of the principals
and requirements discussed in the text. It boasts a new and
complete instructor ancillary package including test bank,
IM, Ppt slides, case study questions, and more.
Member: US $70.00
Non-member: US $80.00
Product Code: 11EL2
Order online at isaca.org/bookstore
Implementing Cybersecurity Guidance for Small
and Medium-sized Enterprises
by ISACA
SMEs need hands-on guidance for affordable and effective
cybersecurity. ISACA’s Cybersecurity Guidance for Small
and Medium-sized Enterprises and this Implementing
Cybersecurity Guidance for Small and Medium-sized
Enterprises are designed to meet the needs of typical
SMEs: reasonable security at affordable cost. These
publications help SMEs to prepare for, and manage, typical
cybersecurity issues, risk and threats.
This implementation publication provides practical
advice on how to implement cybersecurity governance,
risk management, assurance and compliance using
Cybersecurity Guidance for Small and Medium-sized
Enterprises and its COBIT 5 foundation. Examples and
cases give SMEs insights into implementing the standard.
Print
Member: US $35.00
Non-member: US $60.00
Product Code: CSXI
eBook
Product Code: WCSXI
Advanced Persistent Threats: How to Manage
the Risk to Your Business
by ISACA
This book explains the nature of the security phenomenon
known as the advanced persistent threat (APT). It also
provides helpful advice on how to assess the risk of an APT
to the organization and recommends practical measures
that can be taken to prevent, detect and respond to such
an attack. In addition, it highlights key differences between
the controls needed to counter the risk of an APT attack
and those commonly used to mitigate everyday information
security risk.
Print
Member: US $35.00
Non-member: US $60.00
Product Code: APT
eBook
Product Code: WAPT
Free member download
Security Considerations for Cloud Computing
by ISACA
Another publication in the Cloud Computing Vision Series,
Security Considerations for Cloud Computing presents
practical guidance to facilitate the decision process for IT
and business professionals who are looking to move to the
cloud. It helps enable effective analysis and measurement
of risk through use of decision trees and checklists outlining
the security factors to be considered when evaluating the
cloud as a potential solution.
Print
Member: US $35.00
Non-member: US $75.00
Product Code: SCC
eBook
Product Code: WSCC
Free member download
FISMA Compliance Handbook, Second Edition
by L. Taylor
This book walks the reader through the entire FISMA
compliance process and includes guidance on how to
manage a FISMA compliance project from start to finish.
The book has chapters for all FISMA compliance deliverables
and includes information on how to conduct a FISMA
compliant security assessment.
Various topics discussed in this book include the NIST Risk
Management Framework, how to characterize the sensitivity
level of your system, contingency plan, system security plan
development, security awareness training, privacy impact
assessments, security assessments and more. Readers
will learn how to obtain an Authority to Operate for an
information system and what actions to take in regards to
vulnerabilities and audit findings.
FISMA Compliance Handbook Second Edition also includes
all-new coverage of federal cloud computing compliance
from author Laura Taylor, the federal government’s technical
lead for FedRAMP, the government program used to assess
and authorize cloud products and services.
Member: US $55.00
Non-member: US $65.00
Product Code: 15SYN
The Rootkit Arsenal: Escape and Evasion in the
Dark Corners of the System, 2nd Edition
by Bill Blunden
While forensic analysis has proven to be a valuable
investigative tool in the field of computer security, utilizing
anti-forensic technology makes it possible to maintain a
covert operational foothold for extended periods, even in
a high-security environment. Adopting an approach that
favors full disclosure, the updated second edition of The
Rootkit Arsenal presents the most accessible, timely, and
complete coverage of forensic countermeasures. This
book covers more topics, in greater depth, than any other
currently available. In doing so the author forges through
the murky back alleys of the Internet, shedding light on
material that has traditionally been poorly documented,
partially documented, or intentionally undocumented.
Member: US $74.00
Non-member: US $84.00
Product Code: 4JBSS
Information Security Governance Simplified:
From the Boardroom to the Key Board
by Todd Fitzgerald
Security practitioners must be able to build cost-effective
security programs while also complying with government
regulations. Information Security Governance Simplified:
From the Boardroom to the Keyboard lays out these
regulations in simple terms and explains how to use control
frameworks to build an air-tight information security (IS)
program and governance structure.
Defining the leadership skills required by IS officers, the book
examines the pros and cons of different reporting structures
and highlights various control frameworks. It details the
functions of the security department and considers the control
areas, including physical, network, application, business
continuity/disaster recovery, and identity management.
Member: US $80.00
Non-member: US $90.00
Product Code: 54CRC
Order online at isaca.org/bookstore
 Security Resources
Securing Cloud Services: A Pragmatic Guide to
Security Architecture in the Cloud
by Lee Newcombe
This book provides an overview of security architecture
processes and explains how they may be used to derive
an appropriate set of security controls to manage the
risks associated with working in the cloud. It is aimed
at business decision makers, senior IT stakeholders,
enterprise architects, information security professionals and
anyone else who is interested in working with cloud
services, but might be concerned about the potential
security implications.
Member: US $40.00
Non-member: US $50.00
Product Code: 16ITSCS
There’s A New Sheriff In Town
by Mary Lou Heastings
This compilation is a reminder to security professionals
that security is no longer about implementing the latest
technologies; the role has evolved to one of adding value
to the company. Security leaders must help the business
understand operational risks and the business value of risk
management.
“ These writers have given some valuable insight that is
worth the read.”
– Cynthia Whitley, CISO Fortune 100 Insurance Company
“ It’s like having a who’s who of security at your beck
and call. Many of these contributors have the knowledge
to draft a book of their own, but combined with each
contributing from their field of expertise makes this book
a must have for any serious Security Executive.”
– Frank Artes, Vice President, Converged Security (North
America) Deluxe Entertainment Services Group, Inc.
Member: US $20.00
Non-member: US $30.00
Product Code: 2EA
Order online at isaca.org/bookstore
Computer Forensics InfoSec Pro Guide
by David Cowen
Find out how to excel in the field of computer forensics
investigations. Learn what it takes to transition from an
IT professional to a computer forensic examiner in the
private sector. Written by a Certified Information Systems
Security Professional, Computer Forensics: InfoSec Pro
Guide is filled with real-world case studies that demonstrate
the concepts covered in this book. You’ll learn how to
set up a forensics lab, select hardware and software,
choose forensic imaging procedures, test your tools,
capture evidence from different sources, follow a sound
investigative process, safely store evidence, and verify
your findings. Best practices for documenting your results,
preparing reports, and presenting evidence in court are
also covered in this detailed resource.
Member: US $40.00
Non-member: US $50.00
Product Code: 34MCF
Cloud Computing—Assessing the Risks
by Jared Carstensen, Bernard Golden, JP Morgenthal
Written by three internationally renowned experts, this
book discusses the primary concerns of most businesses
leaders regarding cloud computing, primarily: “How safe is
it?”, “Is it reliable?”, “How secure will your information be?”
Cloud Computing—Assessing the Risks answers these
questions and many more. Using jargon-free language
and relevant examples, analogies and diagrams, it is an
up-to-date, clear and comprehensive guide the security,
governance, risk, and compliance elements of Cloud
Computing.
Member: US $40.00
Non-member: US $50.00
Product Code: 17ITCC
Pragmatic Security Metrics: Applying
Metametrics to Info Sec
by W. Krag Brotby; Gary Hinson
Other books on information security metrics discuss
number theory and statistics in academic terms. Light
on mathematics and heavy on utility, Pragmatic Security
Metrics: Applying Metametrics to Info Sec breaks the mold.
This is the ultimate how-to-do-it guide for security metrics.
Packed with time-saving tips, the book offers easy-to-follow
guidance for those struggling with security metrics. Step by
step, it clearly explains how to specify, develop, use, and
maintain an information security measurement system (a
comprehensive suite of metrics).
Member: US $70.00
Non-member: US $80.00
Product Code: 55CRC
Access Control, Security and Trust: A Logical
Approach
by Shiu-Kai Chin, Beth Older
Access Control, Security, and Trust: A Logical Approach
equips readers with an access control logic that they can
use to specify and verify their security designs. Throughout
the text, the authors use a single access control logic based
on a simple propositional modal logic. The first part of the
book presents the syntax and semantics of access control
logic, basic access control concepts, and an introduction
to confidentiality and integrity policies. The second section
covers access control in networks, delegation, protocols
and the use of cryptography. In the third section, the authors
focus on hardware and virtual machines. The final part
discusses confidentiality, integrity and role-based access
control. Taking a logical, rigorous approach to access
control, this book shows how logic is a useful tool for
analyzing security designs and spelling out the conditions
upon which access control decisions depend.
Member: US $100.00
Non-member: US $110.00
Product Code: 48CRC
The Web Application Hacker’s Handbook: Finding
and Exploiting Security Flaws, 2nd Edition
by Dafydd Stuttard, Marcus Pinto
Web applications are the front door to most organizations,
exposing them to attacks that may disclose personal
information, execute fraudulent transactions, or compromise
ordinary users. This practical book has been completely
updated and revised to discuss the latest step-by-step
techniques for attacking and defending the range of
ever-evolving web applications. You’ll explore the various
new technologies employed in web applications that have
appeared since the first edition and review the new attack
techniques that have been developed, particularly in
relation to the client side.
Member: US $50.00
Non-member: US $60.00
Product Code: 97WWAH
Hacking Exposed Wireless: Wireless Security
Secrets & Solutions, 2nd Edition
by Johnny Cache, Joshua Wright and Vincent Liu
Protect wireless systems from crippling attacks using
the detailed security information in this comprehensive
volume. Thoroughly updated to cover today’s established
and emerging wireless technologies, Hacking Exposed
Wireless, 2nd Edition reveals how attackers use readily
available and custom tools to target, infiltrate and hijack
vulnerable systems. The book discusses the latest
developments in Wi-Fi, Bluetooth, ZigBee and DECT
hacking, and explains how to perform penetration tests,
reinforce WPA protection schemes, mitigate packet
injection risk, and lock down Bluetooth and RF devices.
Cutting-edge techniques for exploiting Wi-Fi clients, WPA2,
cordless phones, Bluetooth pairing and ZigBee encryption
are also covered in this fully revised guide.
Member: US $50.00
Non-member: US $60.00
Product Code: 17MHE
Order online at isaca.org/bookstore
 Security Resources
Honeypots: A New Paradigm to Information
Security
by R. C. Joshi and Anjali Sardana
A well-rounded, accessible exposition of honeypots in
both wired and wireless networks, this book addresses
honeypots from a variety of perspectives. Case studies
enhance the practical understanding of the subject, along
with a strong theoretical foundation. The book covers the
latest technology in information security and honeypots,
including honeytokens, honeynets and honeyfarms.
Member: US $140.00
Non-member: US $150.00
Product Code: 49CRC
Cybersecurity for Executives: A Practical Guide
by Gregory J. Touhil and C. Joseph Touhill
Practical guide that can be used by executives to make
well-informed decisions on cyber security issues to better
protect their business
• Emphasizes, in a direct and uncomplicated way, how
executives can identify, understand, assess, and
mitigate risks associated with cybersecurity issues
• Covers ‘What to Do When You Get Hacked?’ including
Business Continuity and Disaster Recovery planning,
Public Relations, Legal and Regulatory issues, and
Notifications and Disclosures
• Provides steps for integrating cyber security into
Strategy; Policy and Guidelines; Change Management
and Personnel Management.
• Identifies cyber security best practices that executives
can and should use both in the office and at home to
protect their vital information
Member: US $75.00
Non-member: US $85.00
Product Code: 120WCS
Order online at isaca.org/bookstore
Securing the Clicks: Network Security in the Age
of Social Media
by Gary Bahadur, Jason Inasi and Alex de Carvalho
Securing the Clicks: Network Security in the Age of Social
Media explains the latest threats along with detailed fixes,
best practices, and “from the headlines” case studies.
Readers will find ways how to analyze risk, implement
robust security protocols, and enforce social media
usage policies. Regulatory compliance, online reputation
management, and incident response are also covered in
this comprehensive volume.
Member: US $40.00
Non-member: US $50.00
Product Code: 27MSC
Developing and Securing the Cloud
by Bhavani Thuraisingham
Developing and Securing the Cloud provides a
comprehensive overview of cloud computing technology.
Presenting a framework for secure cloud computing
development, the book describes supporting technologies
for the cloud such as web services and security. It details
the various layers of the cloud computing framework,
including the virtual machine monitor and hypervisor,
cloud data storage, cloud data management, and virtual
network monitor. It also provides several examples of cloud
products and prototypes, including private, public, and U.S.
government clouds.
This diverse reference is suitable for those in industry,
government, and academia. Technologists will develop
the understanding required to select the appropriate tools
for particular cloud applications. Developers will discover
alternative designs for cloud development, and managers
will understand if it’s best to build their own clouds or
contract them out.
Member: US $80.00
Non-member: US $90.00
Product Code: 57CRC
Hacking Exposed 7: Network Security
Secrets & Solutions
by Stuart McClure, Joel Scambray and George Kurtz
Hacking Exposed 7: Network Security Secrets & Solutions
is filled with all new information on today’s most devastating
attacks and proven countermeasures. The book covers
advanced persistent threats, infrastructure hacks, industrial
automation and embedded devices, wireless security, the
new SCADA protocol hacks, Microsoft Windows Server
2010, Web 2.0, Unbuntu Linux, hardware, Cisco, RFID,
malware, and more!
Member: US $50.00
Non-member: US $60.00
Product Code: 2MCG7
Fraud Analysis Techniques Using ACL
by David Coderre
Fraud Analysis Techniques Using ACL offers auditors and
investigators:
• A CD-ROM containing a thorough fraud tool kit with
two sets of customizable scripts to serve your specific
audit needs
• Case studies and sample data files that you can use
to try out the tests
• Step-by-step instructions on how to run the tests
• A self-study course on ACL script development with
exercises, data files and suggested answers
The tool kit also contains 12 utility scripts and a self-study
course on ACL scripting, which includes exercises, data
files and proposed answers. Filled with screen shots,
flow charts, example data files descriptive commentary
highlighting explaining each step, and case studies offering
real-world examples of how the scripts can be used
to search for fraud it is the only tool kit you will need to
harness the power of ACL to spot fraud.
Member: US $211.00
Non-member: US $221.00
Product Code: 82WACL
Contains CD-ROM
Anti-Hacker Tool Kit, Fourth Edition
by Mike Shema
Fully revised to include cutting-edge new tools for your
security arsenal, Anti-Hacker Tool Kit, Fourth Edition reveals
how to protect your network from a wide range of nefarious
exploits. You’ll get detailed explanations of each tool’s
function along with best practices for configuration and
implementation illustrated by code samples and up-to-date,
real-world case studies. This new edition includes references
to short videos that demonstrate several of the tools in
action. Organized by category, this practical guide makes
it easy to quickly find the solution you need to safeguard
your system from the latest, most devastating hacks.
Member: US $50.00
Non-member: US $60.00
Product Code: 38MAH
Engineering Safe and Secure Software Systems
by C Warren Axelrod
This first-of-its-kind resource offers a broad and detailed
understanding of software systems engineering from
both security and safety perspectives. Addressing the
overarching issues related to safeguarding public data
and intellectual property, the book defines such terms as
systems engineering, software engineering, security, and
safety as precisely as possible, making clear the many
distinctions, commonalities, and interdependencies among
various disciplines. You explore the various approaches to
risk and the generation and analysis of appropriate metrics.
This unique book explains how processes relevant to the
creation and operation of software systems should be
determined and improved, how projects should be managed,
and how products can be assured. You learn the importance
of integrating safety and security into the development life
cycle. Additionally, this practical volume helps identify what
motivators and deterrents can be put in place in order to
implement the methods that have been recommended.
Member: US $109.00
Non-member: US $119.00
Product Code: 11ART
Order online at isaca.org/bookstore
 Security Resources
Cybercrime: The Investigation, Prosecution and
Defense of a Computer-Related Crime, 3rd Edition
Ralph D. Clifford, Editor
As technology grows increasingly complex, so does
computer crime. In this third edition, the author leads
a team of nationally reknowned experts in cyber crime
(gathered from the diverse fields of academia, private and
governmental practice) to unfold the legal mysteries of
computer crime. The book explores the variety of crimes
that involve computer technology and provides essential
details on procedural and tactical issues associated with
the prosecution and defense of cyber crime.
Member: US $38.00
Non-member: US $48.00
Product Code: 1CAP3
Cybersecurity for Industrial Control Systems:
SCADA, DCS, PLC, HMI, and SIS
by Tyson Macaulay and Bryan L. Singer
Highlighting the key issues that need to be addressed,
the book begins with a thorough introduction to ICS. It
discusses business, cost, competitive, and regulatory
drivers and the conflicting priorities of convergence. Next,
it explains why security requirements differ from IT to ICS.
It differentiates when standard IT security solutions can be
used and where SCADA-specific practices are required.
The book examines the plethora of potential threats to
ICS, including hi-jacking malware, botnets, spam engines,
and porn dialers. It outlines the range of vulnerabilities
inherent in the ICS quest for efficiency and functionality
that necessitates risk behavior such as remote access and
control of critical equipment.
Member: US $84.00
Non-member: US $94.00
Product Code: 60CRC
Order online at isaca.org/bookstore
Applied Cyber Security and the Smart Grid,
1st Edition
by Eric Knapp and Raj Samani
Many people think of the Smart Grid as a power distribution
group built on advanced smart metering-but that’s just
one aspect of a much larger and more complex system.
The “Smart Grid” requires new technologies throughout
energy generation, transmission and distribution, and even
the homes and businesses being served by the grid. This
also represents new information paths between these new
systems and services, all of which represents risk, requiring
a more thorough approach to where and how cyber
security controls are implemented.
This insight provides a detailed architecture of the entire
Smart Grid, with recommended cyber security measures
for everything from the supply chain to the consumer.
Member: US $60.00
Non-member: US $70.00
Product Code: 10SYN
Carry On: Sound Advice from Schneier on Security
by Bruce Schneier
Bruce Schneier is known worldwide as the foremost
authority and commentator on every security issue from
cyber-terrorism to airport surveillance. This groundbreaking
book features more than 160 commentaries on recent
events including the Boston Marathon bombing, the NSA’s
ubiquitous surveillance programs, Chinese cyber attacks,
the privacy of cloud computing, and how to hack the Papal
election. Timely as an Internet news report and always
insightful, Schneier explains, debunks, and draws lessons
from current events that are valuable for security experts
and ordinary citizens alike.
Member: US $30.00
Non-member: US $40.00
Product Code: 103WCO
Mobile Application Security
by Himanshu Dwivedi, Chris Clark and David Thiel
Implement a systematic approach to security in mobile
application development with help from this practical guide.
Featuring case studies, code examples and best practices,
Mobile Application Security details how to protect against
vulnerabilities in the latest smartphone and PDA platforms.
Maximize isolation, lockdown internal and removable
storage, work with sandboxing and signing, and encrypt
sensitive user information. Safeguards against viruses,
worms, malware and buffer overflow exploits are also
covered in this comprehensive resource.
Member: US $50.00
Non-member: US $60.00
Product Code: 21MMS
Cyberethics—Morality and Law in Cyberspace,
Fifth Edition
by Richard Spinello
The fully revised and updated fifth edition of Cyberethics:
Morality and Law in Cyberspace offers an in-depth and
comprehensive examination of the social costs and moral
issues emerging from ever-expanding use of the Internet
and new information technologies. Focusing heavily on
content control, free speech, intellectual property, and
security, Cyberethics: Morality and Law in Cyberspace
provides legal and philosophical discussions of these
critical issues.
This new edition includes real-life case studies, including
all-new examples focusing on Google, Facebook, video
games, reader’s rights, and the LulzSec Hackers, provide
real-world context. Ideal for undergraduate computer ethics
courses as well as a general readership, Cyberethics is an
excellent resource for students and laypeople alike.
Member: US $107.00
Non-member: US $117.00
Product Code: 5JBC
Cloud Computing for Lawyers and Executives:
A Global Approach, 2nd Edition
by Thomas J. Shaw Esq
Cloud computing is the present and future of IT, a utility
service that promises unlimited, cheap, and reliable IT
services for all. But at present, there still are significant risks
involved in the use of cloud computing for organizations,
including legal and business risks. Executives, and the
lawyers and risk professional who advise them, must
understand how to identify, assess, and respond to these
risks in their own organizations and in cloud service
providers and do so in a globally-aware manner.
The updated and revised second edition of this popular
book covers:
• Big Data
• Personal clouds
• Bring your own device (BYOD)
• Critical infrastructure
• Cloud taxation, and much more.
This book presents the information and analytical tools
needed by lawyers and risk professionals to guide their
executives and organizational clients in assessing, treating,
and negotiating cloud computing services using risk-based
methodologies.
Member: US $100.00
Non-member: US $110.00
Product Code: 3ABA
Order online at isaca.org/bookstore
 Security Resources
Cloud Management and Security
by Imad M. Abbadi
Written by an expert with over 15 years’ experience in
the field, this book establishes the foundations of Cloud
computing, building an in-depth and diverse understanding
of the technologies behind Cloud computing.
The book begins with a focus on the main components
constituting the Cloud and federated Cloud infrastructure
(e.g., interactions and deployment), discusses management
platforms (resources and services), identifies and analyzes
the main properties of the Cloud infrastructure, and
presents Cloud automated management services: virtual
and application resource management services.
It goes on to analyze the problem of establishing
trustworthy Cloud, discusses foundation frameworks
for addressing this problem—focusing on mechanisms
for treating the security challenges, explores foundation
frameworks and mechanisms for remote attestation in
Cloud and establishing Cloud trust anchors, and lastly
provides a framework for establishing a trustworthy
provenance system and describes its importance in
addressing major security challenges such as forensic
investigation, mitigating insider threats and operation
management assurance.
Additionally, real-life commercial and open source
examples of some of the concepts discussed are provided.
Member: US $92.00
Non-member: US $102.00
Product Code: 118WCM
Order online at isaca.org/bookstore
COBIT® 5 for Information Security
by ISACA
COBIT 5 for Information Security provides guidance
to help IT and security professionals understand,
utilize, implement and direct important information
security-related activities, and make more informed
decisions while maintaining awareness about
emerging technologies and the accompanying threats.
Learn how to:
• Reduce complexity and increase cost-effectiveness
• Increase user satisfaction with information security
arrangements and outcomes
• Improve integration of information security
• Inform risk decisions and risk awareness
• Reduce information security incidents
• Enhance support for innovation and competitiveness
Print
Member: US $35.00
Non-member: US $80.00
Product Code: CB5IS
eBook
Member: US $35.00
Non-member: US $75.00
Product Code: WCB5IS
Bookstore Special Savings!
Purchase the Print format at the regular price and get the eBook for just:
Member US $15.00 / Non-Member US $30.00
Cyber Crime & Warfare: All That Matters
by Peter Warren and Michael Streeter
In Cyber Crime & Warfare: All That Matters, Peter Warren
and Michael Streeter outline the history, scale and
importance of cyber crime. In particular they show how
cyber crime, cyber espionage and cyber warfare now pose
a major threat to society. After analysing the origins of
computer crime among early hackers the authors describe
how criminal gangs and rogue states have since moved into
the online arena with devastating effect at a time when the
modern world—including all the communication services
and utilities we have come to take for granted—has
become utterly dependent on computers and the internet.
Member: US $15.00
Non-member: US $25.00
Product Code: 1HSCC
Cyber Security Policy Guidebook
by Jennifer Bayuk, Jason Healy, Paul Rohmeyer, Marcus Sachs,
Jeffrey Scmidt Joseph Weiss
Drawing upon a wealth of experience from academia,
industry, and government service, Cyber Security Policy
Guidebook details and dissects, in simple language, current
organizational cyber security policy issues on a global
scale-taking great care to educate readers on the history
and current approached to the security of cyberspace.
The Guidebook delves into organizational implementation
issues, and equips readers with descriptions of the positive
and negative impact of specific policy choices.
Learn how to:
• Explain what is meant by cyber security and cyber
security policy
• Discuss the process by which cyber security policy
goals are set
• Educate the reader on decision-making processes
related to cyber security, and more
With a glossary that puts cyber security language in layman’s
terms, and diagrams that help explain complex topics,
Cyber Security Policy Guidebook gives students, scholars,
and technical decision-makers the necessary knowledge to
make information decisions on cyber security policy.
Member: US $90.00
Non-member: US $100.00
Product Code: 96WCSP
Cyber Forensics: From Data to Digital Evidence
by Albert J. Marcella, Jr. and Frederic Guillossou
This book explains the basic principles of data as building
blocks of electronic evidential matter, which are used in
cyber forensics investigations. The entire text is written
with no reference to a particular operation system or
environment, thus it is applicable to all work environments,
cyber investigation scenarios, and technologies. The text
is written in a step-by-step manner, beginning with the
elementary building blocks of data progressing upwards
to the representation and storage of information. It includes
practical examples and illustrations throughout to guide
the reader.
Member: US $80.00
Non-member: US $90.00
Product Code: 100WCF
CyberSecurity and CyberWar—What Everyone
Needs to Know®
by P.W. Singer and Allan Friedman
In Cybersecurity and CyberWar: What Everyone Needs to
Know, New York Times best-selling author P. W. Singer
and noted cyber expert Allan Friedman team up to provide
the kind of easy-to-read, yet deeply informative resource
book that has been missing on this crucial issue of 21st
century life. Written in a lively, accessible style, filled with
engaging stories and illustrative anecdotes, the book is
structured around the key question areas of cyberspace
and its security: how it all works, why it all matters, and what
can we do? Along the way, they take readers on a tour of
the important (and entertaining) issues and characters of
cybersecurity, from the “Anonymous” hacker group and
the Stuxnet computer virus to the new cyber units of the
Chinese and U.S. militaries. Cybersecurity and CyberWar—
What Everyone Needs to Know is the definitive account on
the subject for us all, which comes not a moment too soon.
Member: US $17.00
Non-member: US $27.00
Product Code: 2OX
Order online at isaca.org/bookstore
 Security Resources
Fraud Prevention and Detection: Warning Signs
and the Red Flag Systems
by Rodney T. Stamler, Hans J. Marschdorf, Mario Possamai
Fraud Prevention and Detection: Warning Signs and the
Red Flag Systems enables officers and directors, internal
and external stakeholders, as well as outside analysts to
protect themselves and their organizations against fraud
by effectively detecting, analyzing, and acting on early Red
Flag warning signs. Based on an empirically tested strategy,
the Red Flag System reflects the authors’ more than 100
years combined experience in the investigation of fraud in
high-profile, global cases in North America, Africa, Europe,
and the Far East.
Readers of this book will:
• Acquire a general awareness of the nature,
characteristics, and dynamics of fraud
• Understand the process for determining whether
a fraud has been committed
• Develop an understanding of enterprise risk
management approaches for fraud risk management,
compliance risk management, and managing the
risk of fraudulent financial reporting-including an
understanding of the limitations inherent in these
approaches, and much more.
Member: US $56.00
Non-member: US $66.00
Product Code: 61CRC
Order online at isaca.org/bookstore
Guide to Firewalls and VPNs, 3rd Edition
by Michael E. Whitman, Herbert J. Mattord, Andrew Green
This third edition explores firewalls in the context of these
critical elements, providing an in-depth guide that focuses
on both managerial and technical aspects of security.
Coverage includes packet filtering, authentication, proxy
servers, encryption, bastion hosts, virtual private networks
(VPNs), log file maintenance, and intrusion detection
systems. The text also features an abundant selection of
realistic projects and cases incorporating cutting-edge
technology and current trends, giving students the
opportunity to hone and apply the knowledge and skills
they will need as working professionals. Guide to Firewalls
and VPNs includes new and updated cases and projects,
enhanced coverage of network security and VPNs, and
information on relevant National Institute of Standards and
Technology guidelines used by businesses and information
technology professionals.
Member: US $177.00
Non-member: US $187.00
Product Code: 18IT
Penetration Tester’s Open Source Toolkit,
3rd Edition
by Jeremy Faircloth
Great commercial penetration testing tools can be very
expensive and sometimes hard to use or of questionable
accuracy. This book helps solve both of these problems.
The open source, no-cost penetration testing tools
presented do a great job and can be modified by the
user for each situation. Many tools, even ones that cost
thousands of dollars, do not come with any type of
instruction on how and in which situations the penetration
tester can best use them. Penetration Tester’s Open Source
Toolkit, Third Edition, expands upon existing instructions so
that a professional can get the most accurate and in-depth
test results possible. Real-life scenarios are a major focus
so that the reader knows which tool to use and how to use
it for a variety of situations.
Member: US $50.00
Non-member: US $60.00
Product Code: 11SYN
Hacking Exposed Unified Communications & Hacking Exposed Mobile Security Secrets and
VoIP Security Secrets & Solutions, 2nd Edition Solutions
by Mark Collier and David Endler by Joel Scambray, Jason Rouse, Neil Bergman, Mike Stanfield,
Sarath Geethakumar, Swapnil Deshmukh and Scott Mats
This comprehensive guide features all-new chapters, case
studies, and examples to highlight latest techniques for Proven security tactics for today’s mobile apps, devices,
averting UC disaster. and networks
Topics teach how to: “ A great overview of the new threats created by mobile
• Understand how hackers target vulnerable UC devices. ...The authors have heaps of experience in the
devices and entire networks topics and bring that to every chapter.”
• Defend against TDoS, toll fraud, and service abuse —Slashdot
• Block calling number hacks and calling number This cutting-edge guide reveals secure mobile development
spoofing guidelines, how to leverage mobile OS features and MDM
• Thwart voice social engineering and phishing exploits to isolate apps and data, and the techniques the pros use
• Employ voice spam mitigation products and filters to secure mobile payment systems.
• Tour the mobile risk ecosystem with expert guides
• Fortify Cisco Unified Communications Manager
to both attack and defense
• And more
• Learn how cellular network attacks compromise
devices over-the-air
Member: US $50.00
Non-member: US $60.00 • See the latest Android and iOS attacks in action,
Product Code: 36MHHE and learn how to stop them
• Delve into mobile malware at the code level to
understand how to write resilient apps
• Defend against server-side mobile attacks, including
SQL and XML injection, and much more.
Member: US $40.00
System Forensics, Investigation, and Response, Non-member: US $50.00
Product Code: 35MHEM
2nd Edition
by Chuck Easttom
Computer crimes call for forensics specialists, people
who know how to find and follow the evidence. System
Forensics, Investigation, and Response, Second Edition
begins by examining the fundamentals of system forensics,
such as what forensics is, the role of computer forensics
specialists, computer forensic evidence, and application
of forensic analysis skills. It also gives an overview of
computer crimes, forensic methods, and laboratories. It
then addresses the tools, techniques, and methods used
to perform computer forensics and investigation. Finally, it
explores emerging technologies as well as future directions
of this interesting and cutting-edge field.
Member: US $102.00
Non-member: US $112.00
Product Code: 2JBSF2
Order online at isaca.org/bookstore
 Security Resources
IBM Mainframe Security
by Dinesh D. Dattani
IBM Mainframe Security moves beyond the basic material
available elsewhere to discuss the important issues in IBM
mainframe security from a practical, real-life perspective.
Author Dinesh D. Dattani covers security and audit issues,
business best practices, and compliance, drawing on
more than 30 years of experience as a mainframe security
practitioner, consultant, and trainer.
The book is written in tutorial format, with quizzes and
pointers designed to help readers assess the current
security in their own organizations.
With IBM Mainframe Security, you will:
• Learn how to identify and reduce security weaknesses
at your installation
• Know what it takes to adequately protect the operating
system
• Understand security best practices
• Learn about audit issues
Member: US $59.00
Non-member: US $69.00
Product Code: 2MCIBM
Order online at isaca.org/bookstore
Introduction to Healthcare Information
Technology, 1st Edition
by Mark Ciampa and Mark Revels
The healthcare industry is growing at a rapid pace and
undergoing some of its most significant changes as the
use of electronic health records increase. Designed for
technologists or medical practitioners seeking to gain entry
into the field of healthcare information systems, Introduction
to Healthcare Information Technology teaches the
fundamentals of healthcare IT (HIT) by using the CompTIA
Healthcare IT Technician (HIT-001) exam objectives as the
framework. It takes an in-depth and comprehensive view
of HIT by examining healthcare regulatory requirements,
the functions of a healthcare organization and its medical
business operations in addition to IT hardware, software,
networking, and security. Introduction to Healthcare
Information Technology is a valuable resource for those
who want to learn about HIT and who desire to enter this
growing field by providing the foundation that will help
prepare for the CompTIA HIT certificate exam.
Member: US $73.00
Non-member: US $83.00
Product Code: 16IT
Protecting Industrial Control Systems from
Electronic Threats
by Joseph Weiss
Aimed at both the novice and expert in IT security and
industrial control systems (ICS), this book will help readers
gain a better understanding of protecting ICSs from
electronic threats. Cybersecurity is getting much more
attention and SCADA security (supervisory control and data
acquisition) is a particularly important part of this field, as
are distributed control systems (DCS), programmable logic
controllers (PLCs), remote terminal units (RTUs), intelligent
electronic devices (IEDs), and all other field controllers,
sensors, drives and emission controls that make up the
“intelligence” of modern industrial buildings and facilities.
Member: US $109.00
Non-member: US $119.00
Product Code: 1MPPI
Information Security Management Handbook,
CD 2013 Edition
by James S Tiller and Rich O’Hanley
Containing the complete contents of Volumes 1-7, the
Information Security Management Handbook, 2013
CD-ROM Edition is an authoritative resource that is linked
and searchable by keyword. It updates the benchmark
Volume 1 with information on the latest developments in
information security and recent changes to the (ISC)2®
CISSP Common Body of Knowledge (CBK®).
The 2013 CD-ROM Edition features 27 new chapters on
topics such as BYOD, IT consumerization, smart grids,
secure development, and forensics. In addition to the
complete contents of the 7,000 page set, the CD contains
an extra volume’s worth of information-including chapters
from other security and networking books that have never
appeared in the print editions.
Features:
• Provides fundamental knowledge, skills, techniques,
and tools required by all IT security professionals
• Updates the sixth edition with new developments in
information security and the (ISC)2® CISSP® CBK®
• Covers advanced persistent threats, new HIPAA information security professionals
requirements, social networks, virtualization, and SOA
• Discusses access control, physical security,
cryptography, application security, and operations
security
Member: US $200.00
Non-member: US $210.00
Product Code: 56CRC
Information Security Roles & Responsibilities
Made Easy, Version 3.0
by Charles Cresson Wood
Information Security Roles & Responsibilities Made Easy
by security expert Charles Cresson Wood, provides
over 70 pre-written job descriptions, mission statements,
and organization charts that you can easily customize for
your own organization. Includes time-saving tools and
practical, step-by-step instructions on how to develop and
document specific information security responsibilities for
over 40 different key organizational roles.
Information Security Roles & Responsibilities Made Easy,
Version 3.0 provides:
• Over 70 pre-written, time-saving information
documents
• Justification to help increase management’s
awareness and funding of information security
• Specific advice on how to plan, document and execute
an information security infrastructure project
• Practical advice on how to maintain security when
dealing with third parties
• Valuable staffing advice and descriptions for
Member: US $495.00
Non-member: US $505.00
Product Code: 2PS3
Order online at isaca.org/bookstore
 Security Resources
Information Security The Complete Reference,
2nd Edition
by Mark Rhodes-Ousley
Information Security: The Complete Reference, Second
Edition (previously titled Network Security: The Complete
Reference) is the only comprehensive book that offers
vendor-neutral details on all aspects of information
protection, with an eye toward the evolving threat
landscape. Thoroughly revised and expanded to cover all
aspects of modern information security—from concepts to
details—this edition provides a one-stop reference equally
applicable to the beginner and the seasoned professional.
Find out how to build a holistic security program based
on proven methodology, risk analysis, compliance, and
business needs. You’ll learn how to successfully protect
data, networks, computers, and applications. In-depth
chapters cover data protection, encryption, information
rights management, network security, intrusion detection
and prevention, Unix and Windows security, virtual
and cloud security, secure application development,
disaster recovery, forensics, and real-world attacks and
countermeasures. Included is an extensive security
glossary, as well as standards-based references. This
is a great resource for professionals and students alike.
Member: US $70.00
Non-member: US $80.00
Product Code: 32MIS
Order online at isaca.org/bookstore
Networking A Beginner’s Guide, 6th Edition
by Bruce Hallberg
Current, essential IT networking skills—made easy!
Thoroughly revised to cover the latest technologies, this
practical resource provides you with a solid foundation in
networking fundamentals. Networking: A Beginner’s Guide,
Sixth Edition discusses wired and wireless network design,
configuration, hardware, protocols, security, backup,
recovery, and virtualization. You’ll also get step-by-step
instructions for installing, configuring, and managing
Windows Server 2012, Exchange Server 2013, Oracle Linux,
and Apache. This is the perfect book for anyone starting a
networking career or in need of an easy-to-follow refresher.
• Understand network cabling, topologies, hardware,
and the OSI seven-layer model
• Connect LANs and WANs
• Configure network protocols, such as TCP/IP, IPX/SPX,
SMTP, DHCP, HTTP, WINS, and more
• Explore directory services, such as Microsoft’s Active
Directory, X.400, and LDAP
Member: US $45.00
Non-member: US $55.00
Product Code: 37MCNB
SECURE…Insights From the People Who Keep
Information Safe
by Mary Lou Heastings
From across different industries both practitioners and
IT providers share their views on a variety of topics, such
as the acceleration of change within the information
security industry, preparation for the future, the important
discussions to have with senior management, and data
protection. By showcasing insights from leaders deploying
information security initiatives and the IT providers
supporting security strategies, this book offers the reader
a broad based perspective of what is top of mind today in
information security.
Member: US $13.00
Non-member: US $23.00
Product Code: 3EA
IT Security Metrics: A Practical Framework for
Measuring Security and Protecting Data
by Lance Hayden
IT Security Metrics provides a comprehensive approach
to measuring risks, threats, operational activities, and the
effectiveness of data protection in your organization.
The book explains how to choose and design effective
measurement strategies and addresses the data requirements
of those strategies. The Security Process Management
Framework is introduced and analytical strategies for security
metrics data are discussed. You’ll learn how to take a security
metrics program and adapt it to a variety of organizational
contexts to achieve continuous security improvement over
time. Real-world examples of security measurement projects
are included in this definitive guide.
• Define security metrics as a manageable amount
of usable data
• Design effective security metrics
• Understand quantitative and qualitative data, data
sources, and collection and normalization methods
• And much more
Member: US $50.00
Non-member: US $60.00
Product Code: 22MSM
BEST SELLER!
SAP Security and Risk Management, 2nd Edition
by Mario Linkies and Horst Karin
The revised and expanded second edition of this
best-selling book describes all requirements, basic
principles and best practices of security for an SAP system.
Readers will learn how to protect each SAP component
internally and externally while also complying with legal
requirements. Furthermore, the book describes how to
master the interaction of these requirements to provide
a holistic security and risk management solution. Using
numerous examples and step-by-step instructions,
this book teaches the reader the technical details of
implementing security in SAP NetWeaver.
Comprehensive Description
Learn where and how you can secure processes or improve
the security of existing SAP systems. This description
includes both sample risk potentials with their possible side
effects, as well as the corresponding control measures.
Tried and Tested Solutions
Understand the proven methods of an SAP security
strategy, as well as international guidelines and standards.
Step-by-step examples describe how to technically
implement security solutions.
Up-to-Date Information
Explore new technologies, as well as SAP products and
procedures, and learn how you can integrate them with
your risk analysis.
ERM Navigation Control Map
Take advantage of the ERM Navigation Control Map,
included as a supplement to the book, which presents
the technical, process-oriented, organizational, and legal
aspects of SAP components and security solutions.
Member: US $70.00
Non-member: US $80.00
Product Code: 2SAPP
Order online at isaca.org/bookstore
 Security Resources
The Lure: The True Story of How the Department
of Justice Brought Down Two of The World’s
Most Dangerous Cyber Criminals, 1st Edition
by Stephen C Schroeder
Beginning in the fall of 1999, a number of Internet-related
businesses and financial institutions in the United States
suffered computer intrusions or “hacks” that originated
from Russia. Some of the companies gave in and paid off
the hackers. Some decided not to. The hackers responded
by shutting down parts of their networks and using stolen
credit card numbers to order thousands of dollars’ worth of
computer equipment.
The Lure is the true, riveting story of how these Russian
hackers, who bragged that the laws in their country offered
them no threat, and who mocked the inability of the FBI
to catch them, were caught by an FBI lure designed to
appeal to their egos and their greed. The story of the sting
operation and subsequent trial is told for the first time here
by the Department of Justice’s attorney for the prosecution.
This fascinating story reads like a crime thriller, but also
offers a wealth of information that can be used by IT
professionals, business managers, lawyers and academics
who wish to learn how to protect systems from abuse, and
who want to respond appropriately to network incidents.
BEST SELLER!
Secrets and Lies: Digital Security in a Networked
World 15th Anniversary Edition
by Bruce Schneier
This anniversary edition, which has stood the test of time as
a runaway best-seller provides, a practical, straight-forward
guide to achieving security throughout computer networks.
No theory, no math, no fiction of what should be working,
but isn’t, just the facts. Known as the master of cryptography,
Schneier uses his extensive field experience with his own
clients to dispel the myths that often mislead IT managers
as they try to build secure systems. A much-touted section:
Schneier’s tutorial on just what cryptography (a subset
of computer security) can and cannot do for them, has
received far-reaching praise from both the technical and
business community.
Member: US $24.00
Non-member: US $34.00
Product Code: 115WSL
Securing Cloud and Mobility: A Practitioner’s
Guide
by Ian Lin, E.Coleen Coolidge and Paul Hourani
Securing Cloud and Mobility: A Practitioner’s Guide
explains how to secure the multifaceted layers of private and
public cloud deployments as well as mobility infrastructures.
With comprehensive coverage that includes network, server,
and endpoint security, it provides a strategic view of the
security implications of virtualization and cloud computing.
For private clouds, it discusses the issues of physical versus
logical segmentation, securing orchestration, encryption
services, threat intelligence, and identity management.
For public clouds, it provides three frameworks for reviewing
cloud services: cursory, in-depth, and outsourced.
On the mobility side, the text discusses the three major
mobile architectures: Apple IOS, Android, and Blackberry.
Member: US $80.00
Non-member: US $90.00
Product Code: 58CRC
Security Strategies in Windows Platforms and
Applications, 2nd Edition
by Michael G Solomon
More than 90 percent of individuals, students, educators,
businesses, organizations, and governments use Microsoft
Windows, which has experienced frequent attacks against
its well-publicized vulnerabilities. Revised and updated to
keep pace with this ever changing field, Security Strategies
in Windows Platforms and Applications, Second Edition
focuses on new risks, threats, and vulnerabilities associated
with the Microsoft Windows operating system. Particular
emphasis is placed on Windows XP, Vista, and 7 on the
desktop, and Windows Server 2003 and 2008 versions. It
highlights how to use tools and techniques to decrease risks
arising from vulnerabilities in Microsoft Windows operating
systems and applications. The book also includes a
resource for readers desiring more information on Microsoft
Windows OS hardening, application security, and incident
management. With its accessible writing style, and
step-by-step examples, this must-have resource will ensure
readers are educated on the latest Windows security.
Member: US $102.00
Non-member: US $112.00
Product Code: 3JBSS2

Member: US $15.00
Non-member: US $25.00
Product Code: 19IT The Tangled Web
by Michal Zalewski
Modern web applications are built on a tangle of
technologies that have been developed over time
and then haphazardly pieced together. Every piece
of the web application stack, from HTTP requests to
browser-side scripts, comes with important yet subtle
security consequences. To keep users safe, it is essential
for developers to confidently navigate this landscape.
In The Tangled Web, Michal Zalewski, one of the world’s
top browser security experts, offers a compelling narrative
that explains exactly how browsers work and why they’re
fundamentally insecure. Rather than dispense simplistic
advice on vulnerabilities, Zalewski examines the entire
browser security model, revealing weak points and providing
crucial information for shoring up web application security.
Member: US $50.00
Non-member: US $60.00
Product Code: 2CSTW
Security Metrics: A Beginner’s Guide
by Caroline Wong
Learn how to communicate the value of an information
security program, enable investment planning and decision
making, and drive necessary change to improve the security
of the enterprise. Security Metrics: A Beginner’s Guide
explains, step by step, how to develop and implement a
successful security metrics program.
This practical resource covers project management,
communication, analytics tools, identifying targets, defining
objectives, obtaining stakeholder buy-in, metrics automation,
data quality, and resourcing. The reader will also get details
on cloud-based security metrics and process improvement.
Templates, checklists, and examples give the reader the
hands-on help needed to get started right away.
Member: US $40.00
Non-member: US $50.00
Product Code: 28MSM

Order online at isaca.org/bookstore Order online at isaca.org/bookstore

 Security Resources
The Browser Hacker’s Handbook
by Wade Alcorn, Christian Frichot, Michele Orru
The Browser Hacker’s Handbook gives a practical
understanding of hacking the everyday web browser and
using it as a beachhead to launch further attacks deep into
corporate networks. Written by a team of highly experienced
computer security experts, the handbook provides hands-on
tutorials exploring a range of current attack methods.
With attacks on the rise, companies are increasingly
employing browser-hardening techniques to protect the
unique vulnerabilities inherent in all currently used browsers.
The Browser Hacker’s Handbook thoroughly covers complex
security issues and explores relevant topics such as:
• Bypassing the Same Origin Policy
• ARP spoofing, social engineering, and phishing
to access browsers
• DNS tunneling, attacking web applications, and
proxying-all from the browser
• And many more
Member: US $44.00
Non-member: US $54.00
Product Code: 117WBH
Order online at isaca.org/bookstore
The Computer Incident Response Planning
Handbook: Executable Plans for Protecting
Information at Risk
by N.K. McCarthy, Matthew Todd, Jeff Klaben
Reinforce your organization’s security posture using
the expert information contained in this tactical guide.
The Computer Incident Response Planning Handbook:
Executable Plans for Protecting Information at Risk shows
you how to build and manage successful response plans
for the cyber incidents that have become inevitable
for organizations of any size. Find out why these plans
work. Learn the step-by-step process for developing and
managing plans built to address the wide range of issues
organizations face in times of crisis.
• Contains the essentials for developing both data
breach and malware outbreak response plans—and
best practices for maintaining those plans
• Features ready-to-implement CIRPs—derived from
living incident response plans that have survived the
rigors of repeated execution and numerous audits,
and much more.
Member: US $60.00
Non-member: US $70.00
Product Code: 33MCIR
The Fifth Domain—Wake Up Neo
by Giuliano Pozza,John D. Halamka
A book written by two CIOs (Chief Information Officers):
a novel about the breath-taking fight of Tommaso,
Ned, Martin, Myriam and Diana against a destructive
cyber-attack menacing the lives of thousands of patients,
intertwined with real life experiences about building and
managing healthcare information systems. As entertaining
as a novel, as real as real life can be: a way to enter the
world of information technology and to approach some of
the big themes about security threats, IT governance, IT
architectures, cloud computing and IT risks.
A note of caution: the book is for many but not for all. We
strongly suggest it should be read only by anyone who
happens to be a technology or an Internet user. Moreover,
the book should be read and used as a call to action
only by CEOs and top executives who by chance use
information technologies in their companies.
Member: US $18.00
Non-member: US $28.00
Product Code: 3CSFD
Using Social Media for Global Security
by Ravi Gupta, Hugh Brooks
Essential reading for cybersecurity professionals, security
analysts, policy experts, decision-makers, activists, and
law enforcement!
Using Social Media for Global Security offers pages
of instruction and detail on cutting-edge social media
technologies, analyzing social media data, and building
crowdsourcing platforms.
The book teaches how to collect social media data and
analyze it to map the social networks of terrorists and sex
traffickers, and forecast attacks and famines. You will learn
how to coalesce communities through social media to help
catch murderers, coordinate disaster relief, and collect
intelligence about drug smuggling from hard-to-reach
areas. Also highlighting dramatic case studies drawn from
the headlines, this crucial book is a must-read.
• Illustrates linguistic, correlative, and network analysis
of OSINT
• Examines using crowdsourcing technologies to work
and engage with populations globally to solve security
problems, and more.
Member: US $40.00
Non-member: US $50.00
Product Code: 106WUS
Order online at isaca.org/bookstore
 Security Resources
Wireless Network Security A Beginner’s Guide
by Tyler Wrightson
Security Smarts for the Self-Guided IT Professional
Protect wireless networks against all real-world hacks by
learning how hackers operate. Wireless Network Security:
A Beginner’s Guide discusses the many attack vectors that
target wireless networks and clients—and explains how to
identify and prevent them. Actual cases of attacks against
WEP, WPA, and wireless clients and their defenses are
included.
Wireless Network Security: A Beginner’s Guide features:
• Lingo—Common security terms defined so that
you’re in the know on the job
• IMHO—Frank and relevant opinions based on the
author’s years of industry experience
• In Actual Practice—Exceptions to the rules of security
explained in real-world contexts
• Your Plan—Customizable checklists you can use on
the job now
• Into Action—Tips on how, why, and when to apply
new skills and techniques at work
Member: US $40.00
Non-member: US $50.00
Product Code: 30MWNS
Order online at isaca.org/bookstore
Configuration Management: Using COBIT® 5
by ISACA
Enterprises continuously experience changes; driven by
both external and internal forces. When changes occur in
one part of the enterprise without proper communication “THIS IS THE
INFORMATION AGE.
and coordination, signs of malfunction are likely to manifest
as business disruptions, inefficiencies and potential financial
losses. Configuration management (CM) reduces the risk of
these malfunctions as part of a strategy to manage internal
enterprise changes and minimize unforeseen impacts.
ISACA KEEPS ME
The purpose of this publication is to help enterprises create
a homogenous view of CM and implement a sustainable
process. This publication describes the most important
challenges and formulates mitigating actions that are
supported by COBIT® 5 practices to manage configuration
MORE INFORMED.”
successfully.
— OPEYEMI ONIFADE, CISA, CISM, CGEIT
Print PRACTICE LEADER, AFENOID ENTERPRISE, LTD
Member: US $30.00 ABUJA, NIGERIA
ISACA MEMBER SINCE 2010
Non-member: US $55.00
Product Code: CB5CM
eBook Connect with a global community of more than 140,000 innovators,
Product Code: WCB5CM
leaders and passionate professionals in IS and IT. Leverage
Free Member Download
standards, best practices and expert insights into the rapidly evolving
IT landscape. Be more informed, inspired, skilled and successful
every day of your career.
LIKE BOOKS?
Consider the real value of an ISACA membership.
Over 575 FREE e-Book downloads available Need CPEs? For less than $200 annually*,
for ISACA members, including: membership also offers over 70 FREE CPE
• Securing Mobile Devices hours each year—Well more than the required
40 annual hours needed to maintain your
• Responding to Targeted Cyberattacks certification at an unbeatable price.
And hundreds MORE!
*Contingent on regional chapter dues. More than 90% of all
ISACA memberships are under $200.
Networking | Standards | Insights | Member Savings | Free CPEs | COBIT ® 5
3701 Algonquin Road, Suite 1010
Rolling Meadows, IL 60008 USA

Contact the ISACA Bookstore

E-mail: bookstore@isaca.org
Tel: +1.847.660.5650
Fax: +1.847.253.1443