links information security

I bought it from BSI, but I believe you can buy it cheaper from ANSI.

Before you decide to buy look at the following documents: Good highlevel explanation. From Sherbrooke, Québec, of all places.
https://www.callio.com/files/wp_iso_en.pdf
especially pages 4 to 15; the rest is fluff

Checklist based on BS7799, from SANS. If you can make sense of this checklist alone, you don't have to buy anything else.
http://www.sans.org/score/checklists/ISO_17799_checklist.pdf

Document NIST with history and good pointers to NIST documents http://csrc.nist.gov/publications/secpubs/otherpubs/reviso-faq.pdf

From our friends, the NSA:
http://www.iatf.net/framework_docs/version-3_1/index.cfm

Note that these documents are for management; they dont't resolve your technical problems

Glossaries
http://sun.soci.niu.edu/~rslade/secgloss.htm
http://www.ietf.org/rfc/rfc2828.txt
http://www.sans.org/resources/glossary.php


Attack trees
http://www.schneier.com/paper-attacktrees-ddj-ft.html
http://www.sei.cmu.edu/pub/documents/01.reports/pdf/01tn001.pdf

Very interesting:
http://www.eecs.harvard.edu/~stuart/papers/thesis.pdf