GaLeon - Fotolia
With all of the public attention security is commanding these days, it's no doubt a top priority for Windows administrators and others in charge of overseeing information risks. Even someone who works on nothing but security every day can struggle to keep up with the latest news, tools and techniques for understanding, uncovering and protecting Windows Server from risks.
Many people say that you can't rely on a single book for security advice because things change so rapidly. I say that each of the following Windows security resources can help every admin get up to speed with security and stay sharp with the latest news:
- CISSP For Dummies, 4th Edition by Lawrence C. Miller and Peter Gregory
This is a great book that I had the opportunity to read and edit. I realized in the process that every IT professional working in security should get to know this content, even if they're not going to be sitting for the CISSP exam. These core security concepts affect literally every system you run, every project you manage and every decision you make in IT.
- Principles of Information Security, 5th Edition by Michael E. Whitman and Herbert J. Mattord
This book gives a more academic look at the core elements of information security, but it's still a great reference guide for any administrator or security professional.
- Social Engineering: The Art of Human Hacking by Christopher Hadnagy and Paul Wilson
This book provides insights into what's arguably the greatest risk on your network -- uninformed, gullible or otherwise ignorant end users. This is a must-read for anyone who is in charge of enterprise security.
- Black Hat Briefings
This site is loaded with whitepapers, presentations and source code from Black Hat presenters covering the latest threats and vulnerabilities. They also give examples of how bad things happen when flaws are exploited. It's very educational and can be very motivating when you see what's going on in the wild.
- With information security, the fundamentals don't change much. For the basics, check out Security, Accuracy, and Privacy in Computer Systems by IT pioneer James Martin. Written in 1973, it's arguably the only book you need to establish and maintain a good information security program.
- Hacking For Dummies by Kevin Beaver
Currently in its fourth edition, I cover the entire penetration testing and security vulnerability assessment lifecycle -- something many organizations have yet to create.
These Windows security resources apply across the board -- from Windows to mobile to the cloud and everything in between. Sure, you'll need to learn about some of niche topics and nuances related to your environment but you're not going to have to become a security expert for each specific area.
The same principles apply regardless of the platform or process. Still, don't let your guard down and assume that once you've learned the important topics you can stop there. Certain things, such as threat vectors and specific vulnerabilities, change in security about as fast as Microsoft's business strategies. Make sure you stay tuned-in with the latest events so you can protect your Windows environment as needed.
About the author:
Kevin Beaver is an information security consultant, expert witness, and professional speaker with Atlanta-based Principle Logic, LLC. With over 26 years of experience in the industry, Beaver specializes in performing independent security assessments revolving around information risk management. He has authored/co-authored 12 books on information security including Hacking For Dummies and The Practical Guide to HIPAA Privacy and Security Compliance. In addition, he's the creator of the Security On Wheels information security audio books and blog providing security learning for IT professionals on the go. Beaver can be reached at www.principlelogic.com and you can follow him on Twitter, watch him on YouTube, and connect to him on LinkedIn.
Five books every Windows admin should read
Free resources for Windows admins
The best Windows admin reads of 2015
What Windows admins should know about mobile OSes