Selected security book excerpts

Cyber Monday shopping? Here is a sampler of in-depth coverage by experts in application security, investigations, business continuity and more.

If you're looking to give (or receive) the gift of knowledge this year, you can get a preview of the following security books. Each listing includes a link to an excerpt on CSOonline.com as well as the book itself on Amazon.com.

Security Testing of Custom Software ApplicationsSecure and Resilient Software Development

Tools and techniques for testing applications.

Excerpted from

by Mark Merkow and Lakshmikanth Raghavan

CRC Press, July 2010

Investigative Tactics and StrategiesPrivate Security and the Investigative Process

Retail industry field techniques and tests for detecting internal retail theft, including double buys, combination buys, and refund buys

Excerpted from

by Charles Nemeth

CRC Press, March 2010

Physical Security Risk and Countermeasures: Effectiveness MetricsRisk Analysis and Security Countermeasure Selection

Is your security program working? Here's how to establish metrics for systematic measurement and improvement of countermeasures.

Excerpted from

by Thomas Norman

CRC Press, February 2010

PCI and the Art of the Compensating ControlPCI Compliance: Understand and Implement Effective PCI Data Security Standard Compliance

Compensating controls are a standard part of any security posture. But what makes an effective control?

Exerpted from

by Branden Williams and Anton Chuvakin

Syngress, December 2009

How to Perform a Disaster Recovery Business Impact AnalysisBuilding an Enterprise-Wide Business Continuity Program

Includes a sample Business Impact Analysis form

Excerpted from

by Kelly Okolita

CRC Press, December 2009

Contact and Coordination with Local, Regional, and International AuthoritiesManaging Security Overseas

Employees overseas are under your protection but not under your direct watch. Scott Alan Ast provides advice and examples for protecting employees by making and maintaining important security contacts abroad.

Excerpted from

by Scott Alan Ast

CRC Press, November 2009

Conducting a Protective Security Advancefrom the publisher)

Advance Teams protect employees visiting a potentially dangerous area. This book excerpt looks at some key considerations for getting the job done.

Excerpted from Conducting a Protective Security Advance

by David Johnson

Varro Press, November 2009 (available only

How Security Should Handle Pickets and StrikesThe Security Manager's Guide to Disasters.

9 things a business should do - and 6 things you absolutely can't do - to help ensure a strike or picket remains peaceful. Excerpted from

by Anthony Manley

CRC Press, November 2009

What Should Your Security Strategies Be?How to Develop and Implement a Security Master Plan

Identifying business needs, documenting policies and driving change - former IBM security director Timothy Giles says these are keys to success for security leadership.

Excerpted from

by Tim Giles

Auerbach, February 2009

No Excuses: Managing Operational RiskNo Excuses by Dennis Dickstein and Robert Flast

Headlines about high-profile white-collar criminals sometimes mask underlying weakness in business controls and risk management. This book excerpt looks behind the curtain.

Excerpted from

Wiley, December 2008

Copyright © 2010 IDG Communications, Inc.

8 pitfalls that undermine security program success