My top ten infosec books

As a bookworm, these are my top ten information security books, the ones I have found most insightful and provocative:

1. The Cuckoo’s Egg by Clifford Stoll – the whodunnit that first got me seriously interested in hacking and IT security. A gripping story of intrigue and perseverance.
   
   
2. Codebreakers by Hinsley & Stripp – the extraordinary tale of WWII cryptanalysis at Bletchley Park, and ultra-secrets.
   
   
3. Secrets and Lies by Bruce Schneier – Bruce’s writing is always stimulating, thought-provoking. S&L was the first I read, and would remind me of the books that followed.
   
   
4. The Art of Intrusion by Kevin Mitnick – as with Bruce, the first book reminds me of the series. More social engineering than hacking, but ingenious nevertheless. The hacker mindset laid bare.
   
   
5. Information Paradox by John Thorp – the book that changed my way of thinking, treating IT and information as business tools. Underpins ISACA’s ValIT method.
   
   
6. Managing an Information Security and Privacy Awareness and Training Program by Rebecca Herold – the book I wish I had written (and retitled!). Full to the brim with bright ideas.
   
   
7. How to Measure Anything by Doug Hubbard – creative approaches to measure and analyse situations that seem unmeasurable. All Doug's are well worth studying. 
   
   
8. Security Engineering by Ross Anderson – my infosec textbook of choice, though rather outdated. Emphasizes a systematic, engineering approach to infosec.
   
   
9. DTI Code of Practice for Information Security (BSI DISC PD003), or the Shell corporate infosec manual before that – both precursors to BS 7799 and ISO27k. A chance to think about how far we’ve come and where we are, or rather should be, heading next with security standards.
   
   
10. The Power of Resilience by Yossi Sheffi – the business continuity book that truly explores supply chain risks and proposes pragmatic controls.

What would you suggest for my Amazon wish-list?