Introducing the Cybersecurity Canon

If knowledge is power, one of the more effective ways to get that power of knowledge is via reading books. When it comes to information security, one would have to spend many hours per day to keep up with the vast amount of written material that is constantly coming out. So what is a security professional to do?

Last month David Bisson wrote a blog post 10 Must-Read Books for Information Security Professionals, where he asked information security professionals their must-read book. There’s a number of books listed there that are definitely worth a read.

For those that want more, there’s the Cybersecurity Canon project, of which I’m a member. Canon members include industry experts such as Christina Ayiotis, co-chair of the Georgetown Cybersecurity Law Institute, Dawn-Marie Hutchinson of Optiv, Brian Kelly CISO at Quinnipiac University and more.

The project was started in 2014 by Rick Howard, CISO of Palo Alto Networks. The members of the Canon identify lists of must-read books for cybersecurity professionals or those looking to get a foothold into the security industry.

The list of books in the Canon, and those that are candidates for entry include both non-fiction and (to my chagrin) fiction book. So what does it take for a book to make it into the Canon? First off, it should not necessarily be directly tied to a specific technology or product. While a book on Windows Server 2016 security or how to configure and use Wireshark 2.2.6 are certainly worthy reads, these are not the types of books meant for the Canon.

Canon-worthy books include those that focus on the core aspects of information security, are forward thinking, original and insightful. They also should stand the test of time; meaning that they should be relevant for a number of years.

Some examples of books in the Canon include: Tallinn Manual on the International Law Applicable to Cyber Warfare, The CERT Guide To Insider Threats, and my favorite Measuring and Managing Information Risk: A FAIR Approach.

If you know of a book you think is a candidate for the Canon, you are invited to nominate it for entry. With that, the nomination process is meant for serious entries. Every PR person wants their client’s book to be a candidate and due to that, the Canon committee would be flooded with every book under the sun. To obviate that, in order to nominate a book for the candidate list, it must be done via a book review.

The benefit to the Canon of a full book review is that it demonstrates to the committee that the person submitting the book is serious about it and feels strongly enough about it to take the time to write a review. Note that the review does not have to be colossal, as a review of a few hundred words will suffice. There’s plenty of good books out there to be read, so submit as many nominations as your time permits.

For more information or if you want to contact the Canon, check out the Canon FAQ. Looking forward to your review.

What do you think? Add your comments over on Facebook.