What are the best books on information security?

This blog has been updated to reflect industry updates. Originally published 29 November 2017.

As the risk of suffering a data breach continues to increase, information security has become a critical issue for all organisations – especially as the GDPR prescribes large administrative fines for organisations that fail to appropriately secure the personal data they process.

However, information security best practice can often be challenging to understand and implement.

Books are a valuable way of broadening your information security knowledge, but with thousands to choose from it can be hard to know where to begin.

To help you get the best information available to help you advance your information security career, we’ve picked some of our best titles for you.


An Introduction to Information Security and ISO 27001:2013 – A Pocket Guide

Written by an acknowledged expert on the ISO 27001 standard, this is the ideal resource for anyone wanting a clear, concise and easy-to-read primer on information security.

This book serves as the perfect introduction to the principles of information security management and ISO 27001:2013, and will ensure the systems you put in place are effective, reliable and auditable.

Price: £9.95

Also available as an audiobook.


Nine Steps to Success – An ISO 27001 Implementation Overview

Achieving and maintaining accredited certification to the international standard for information security management, ISO 27001, can be a complicated job, especially if you are new to the Standard.

This book offers essential guidance for anyone tackling ISO 27001 implementation for the first time.

Author Alan Calder knows ISO 27001 inside out: he is the founder and executive chairman of IT Governance, he led the implementation of the first management system to achieve accredited certification to BS 7799 – the forerunner to ISO 27001 – and he has been working with the Standard and its successors ever since.

What others have said

“It is an interesting mix of details on ISO 27001 ISMS and project management methodology and will be a useful guide for an ISMS implementation project.”

David B. Henderson, Computing Reviews

Price: £24.95

Also available as an audiobook.


The Case for ISO 27001:2013

Information and information systems are vital to every organisation. Our reliance on data and information, and the fact that they are so easy to share, means that everyone is at risk of a cyber attack from criminal hackers, viruses, or even simple human error.

To counter these threats, you have to identify the information risks your business faces and find the most appropriate way to mitigate them. Adopting the ISO 27001 standard will give your organisation a reliable framework for creating an information security management system (ISMS).

This must-have guide presents the compelling business case for implementing ISO 27001 to protect your information assets.

The Case for ISO 27001:2013 is a clear and concise introduction, and a perfect supporting text for an ISO 27001 project proposal.

What others have said

“… it’s as good a short introduction to info-security, and security management in general, as you could wish to find … Calder has done a grand job of setting out the case [for ISO 27001], briefly.”

Mark Rowe, Professional Security Magazine Online

Price: £24.95


ISO27001/ISO27002 A Pocket Guide, Second Edition

Your organisation’s information is one of its most important resources, so keeping that information secure is vital.

This pocket guide gives an overview of two of the key information security standards: the ISO 27001 requirements for creating an ISMS, and the ISO 27002 best-practice recommendations for initiating, implementing and maintaining it.

Price: £9.95

Also available as an audiobook.




IT Governance – An International Guide to Data Security and ISO27001/ISO27002, Sixth Edition

Threats to information security are increasing globally in frequency and severity. No organisation or sector is exempt from the risk of cyber threats, so it is vital that all organisations implement a robust ISMS that complies with the best-practice information security standard, ISO 27001.

Written by ISO 27001 experts Alan Calder and Steve Watkins, this book provides you with best-practice guidance on information security, and can help you successfully implement an ISO 27001 compliant ISMS.

Price: £49.99




Cyber security

Security in the Digital World

Technology is always developing, and so are the threats and risks of being online.

Whether you’re working in the most mature enterprise environment, unemployed or retired, you’re still at risk.

This book explains the common digital threats to home, office and mobile users, as well as providing advice and guidance.

You’ll gain a fountain of knowledge for modern security needs, and get an overview of who conducts cyber attacks, why and where they come from. The book also explains what you can do to protect yourself and others from cyber risks.

Price: £12.95

Also available as an audiobook.


Build a Security Culture

One of the most effective ways to address cyber risk is to create a culture of security.

In this book Kai Roer presents his Security Culture Framework, addressing the human and cultural factors in organisation security. Using everyday examples and analogies, Roer reveals the social and cultural triggers that drive human behaviour, highlighting the underlying cause for many easily preventable attacks.

Learn how to manage cyber threats by implementing an effective framework for an organisational culture, preparing your organisation to withstand cyber threats based on common human vulnerabilities.

Price: £12.95



View all ISO 27001 books >>