The OpSec Blog

Security and privacy information and advice at home and abroad.

Security Papers and Further Reading

leave a comment »

Part of any security professional’s job should be to keep up with current research in the field.  Even without subscriptions to ProQuest or any other paywalled academic publishing consortium (cough cough IEEE), you can still find a ton of highly reputable authors’ works for free.  Here are a few starting points.

Two of my favorite security researchers are Ross Anderson of the University of Cambridge and Matthew Blaze of the University of Pennsylvania.  You can find their publications websites here and here, respectively.  Matt Blaze wrote a semi-famous paper in 2004 called, “Safecracking for the Computer Scientist” (PDF) which caused quite a stir in the community and the public (see response here).  Other papers from security experts such as Gary McGraw, Bruce Schneier, and Jonathan Smith can be found online as well.

Another good source for security papers are conference homepages.  The good ones will link the position or presentation papers directly.  Here are a couple I keep tabs on.

Third, several of the security professionals above as well as numerous security organizations maintain public blogs that are good for general news (although sometimes the company blogs try to push their product- they’re more useful for “big picture” kind of news).  Some blogs I follow…

Fourth, the NIST Computer Security Division webpage has a voluminous repository of documentation on various security topics, just in case you want a refresher on FIPS 140-2 (PDF), for example.  The NSA also offers some helpful guidelines (mostly aimed at the novice) for securing your operating system, among other topics.

Major journalistic entities like the New York Times Technology Section, Wall Street Journal Tech, Wired Magazine’s Threat Level online, and Ars Technica are excellent resources for “larger picture”-type stories as well as the occasional exclusive.

Lastly, if you’re old fashioned like me and want some paper reading material there are several excellent books out there that might be of interest to you.  Kevin Mitnick wrote two best-selling books on social engineering called The Art of Deception and The Art of Intrusion that are a must-read for any security professional, and are highly entertaining to the end-user as well.  Bruce Schneier (yes, he’s everywhere) released Schneier on Security in 2008.  While there are way too many good books to list, the recently released (and a tad on the expensive side) Beautiful Security by Andy Oram is also a good read.

I’m always looking for new reading material.  If you have a recommendation leave me a comment or shoot me an e-mail.


Written by OSB

11/04/2011 at 06:31

Leave a Comment

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: