Reading List - Information Security
(Sist oppdatert: $Date$)
The lectures and the exercises define the syllabus (pensum).
The syllabus is based on the following sources.
Torgeir Daler, Roar Gulbrandsen, Tore Audun Høie, Torbjørn Sjølstad:
Håndbok i datasikkerhet
- informasjonsteknologi og risikostyring
Tapir Akademisk Forlag
Whitman and Mattord:
Principles of Information Security
Thomson Course Technology 2009.
- ISO 27000-series (27000-27005)
These documents are available from the library, at least in the form
of a printout. At the time of writing, they are still looking into
whether more copies and/or electronic copies can be made available.
Please ask them for details.
- NIST 800-series,
in particular 800-30 and 800-53.
- CObIT 4.
Primarily the excerpt and executive summary.
An Introduction to Factor Analysis of Information Risk (FAIR)
- Data-Centric Security
IBM white paper
It is adviceable at least to skim-read both books, and you should
be familiar with all the cited standards and papers.
- Guide til Tekniske Rapporter (Norwegian)
It is important that you can write technical reports and
other (shorter) technical documents in a structured and legible
The following documents may be useful if you want to delve
deeper into particular topics, or if you find core
sources difficult to read and want an alternative angle.
Archive of Norwegian laws and regulations
Raggad: Information Security Management
- Pfleeger and Pfleeger: Security in Computing
This book is going to be a useful supplement to Gollmann,
as it is a bit more verbose and likely to provide supplementary
It also uses more figures and visual diagrams than Gollmann.
On the other hand, it does not cover the module entirely.
- IEEE Security and Privacy
is a professional magazine on computer security.
The articles are very readable, and useful background reading.
Information Security Policies in Small Finnish Companies,
Proceedings of the
8th European Conference on Information Warfare and Security,
John M. D. Hunter:
An Information Security Handbook 2001.
Too old to be authoritative, this book gives a useful and
well-structured overview of different aspects of security
at different levels of an IT operation.
It's worth browsing.
- Ross Anderson:
Vulnerabilities in E-governments by Vebjørn Moen et al.
`This paper shows that 80% of the E-governments in the world are
vulnerable to common Web Application attacks such as Cross Site
Scription and SQL injection.'
If you are particularly interested in the SQL injection problem
discussed in the first session, I suggest that you have a look
at this paper.
Other papers by the same group are also
Robert C. Seacord:
Secure Coding in C and C++
This book specialises on the topic of software security;
an interesting and important topic, which we unfortunately
will have little or no time for.