What are the best books on information security?

There are few resources that can match the in-depth, comprehensive detail of a good book.

As Charles William Eliot, the famed president of Harvard University, once said, “Books are the quietest and most constant of friends; they are the most accessible and wisest of counselors, and the most patient of teachers.”

Books also serve as valuable resources for IT professionals looking to broaden their knowledge.

However, not all books offer the same depth of knowledge and insight. And with thousands of books on information security, it can be hard to know where to begin.

We’ve handpicked the best titles to better equip people looking to advance their careers in information security.


An Introduction to Information Security and ISO 27001:2013 – A Pocket Guide

Written by an acknowledged expert on the ISO 27001 standard, this is the ideal resource for anyone wanting a clear, concise and easy-to-read primer on information security.

This book serves as the perfect introduction to the principles of information security management and ISO 27001:2013, and will ensure the systems you put in place are effective, reliable and auditable.

Price: £9.95


Nine Steps to Success – An ISO 27001 Implementation Overview

Achieving and maintaining accredited certification to the international standard for information security management, ISO 27001, can be a complicated job, especially if you are new to the Standard.

This book offers essential guidance for anyone tackling ISO 27001 implementation for the first time.

Author Alan Calder knows ISO 27001 inside out: he is the founder and executive chairman of IT Governance, he led the implementation of the first management system to achieve accredited certification to BS 7799 – the forerunner to ISO 27001 – and he has been working with the Standard and its successors ever since.

What others have said

“It is an interesting mix of details on ISO 27001 ISMS and project management methodology and will be a useful guide for an ISMS implementation project.”

David B. Henderson, Computing Reviews

Price: £24.95


The Case for ISO 27001:2013

Information and information systems are vital to every organisation. Our reliance on data and information, and the fact that they are so easy to share, means that everyone is at risk of a cyber attack from criminal hackers, viruses, or even simple human error.

To counter these threats, you have to identify the information risks your business faces and find the most appropriate way to mitigate them. Adopting the ISO 27001 standard will give your organisation a reliable framework for creating an information security management system (ISMS).

This must-have guide presents the compelling business case for implementing ISO 27001 to protect your information assets.

The Case for ISO 27001:2013 is a clear and concise introduction, and a perfect supporting text for an ISO 27001 project proposal.

What others have said

“… it’s as good a short introduction to info-security, and security management in general, as you could wish to find … Calder has done a grand job of setting out the case [for ISO 27001], briefly.”

Mark Rowe, Professional Security Magazine Online

Price: £24.95


View all ISO 27001 books >>