Recommended Reading & Core Resources
These selected publications and frameworks support best practices in information security, IT governance, and disaster recovery. Each item is chosen for its practical relevance and alignment with modern security challenges.
Books & Publications
- An IT Manager’s Guide to Disaster Recovery – Jon Pertwee
A structured guide for developing effective disaster recovery capabilities in real-world IT environments. - Managing Risk in Information Systems – Darril Gibson
A practical introduction to IT risk management; suitable for CISSP and CISM exam preparation. - COBIT 2019 Framework: Governance and Management Objectives – ISACA
Essential for designing and evaluating IT control environments aligned with business goals. - Measuring and Managing Information Risk: A FAIR Approach – Jack Freund & Jack Jones
A quantitative risk analysis framework particularly relevant for regulated sectors.
Frameworks & Standards
Title | Summary | Link |
---|---|---|
ISO/IEC 27001 | International standard for information security management systems (ISMS) | Visit |
NIST SP 800-34 | Contingency planning for federal and private-sector IT systems | Visit |
DORA (EU Regulation) | Digital Operational Resilience for financial services ICT risk | Visit |
COBIT 2019 | Governance and control framework for aligning IT and business goals | Visit |
Reports & Industry Intelligence
- ENISA Threat Landscape Reports
– Ongoing threat intelligence for the EU cybersecurity ecosystem. - Verizon Data Breach Investigations Report (DBIR)
– Annual trends and statistics from real-world security incidents. - UK National Cyber Security Centre (NCSC) Guidance
– Authoritative guidance for UK organisations and practitioners. - Cyber and Infrastructure Security Agency (CISA)
– Weekly bulletins of vulnerabilities.
Cybersecurity Industry News
This section offers curated cybersecurity news from leading industry sources, automatically updated via RSS. These streams provide insight into cyber threats, regulatory developments, vulnerability disclosures, and strategic responses across sectors.
-
Krebs on Security
– Independent investigative reporting on cybercrime, breaches, and critical vulnerabilities by Brian Krebs. - The CyberWire
– Daily briefings and analysis on threats, policy, and industry trends aimed at business and technical leaders. -
The Hacker News
– Rapid updates on emerging vulnerabilities, exploits, and data breaches. -
SecurityWeek
– Global cybersecurity news, with emphasis on enterprise risk, threat intelligence, and incident response. -
SC Magazine
– Security journalism covering policy, technology, and operational risks across industries. -
SANS ISC Diary
– Real-time analysis of attacks and anomalies from the Internet Storm Center, curated by security practitioners. -
Microsoft Security Blog
– Insight from Microsoft’s threat intelligence teams on cloud, endpoint, and identity security.
Note: These news feeds are provided via third-party RSS sources and updated automatically. While we make every effort to maintain these connections, availability and content are subject to change outside of our control.