book

97 Things Every Information Security Professional Should Know

Name: 97 Things Every Information Security Professional Should Know
Author: Christina Morillo
ISBN: 9781098101398

by Christina Morillo

September 2021

Beginner

264 pages

7h 48m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Preface
O’Reilly Online LearningHow to Contact Us
1. Continuously Learn to Protect Tomorrow’s Technology
Alyssa Columbus
2. Fight in Cyber like the Military Fights in the Physical
Andrew Harris
3. Three Major Planes
Andrew Harris
4. InfoSec Professionals Need to Know Operational Resilience
Ann Johnson
5. Taking Control of Your Own Journey
Antoine Middleton
6. Security, Privacy, and Messy Data Webs: Taking Back Control in Third-Party Environments
Ben Brook
7. Every Information Security Problem Boils Down to One Thing
Ben Smith
8. And in This Corner, It’s Security Versus the Business!
Ben Smith
9. Don’t Overlook Prior Art from Other Industries
Ben Smith

10. Powerful Metrics Always Lose to Poor Communication
Ben Smith
11. “No” May Not Be a Strategic Word
Brian Gibbs
12. Keep People at the Center of Your Work
Camille Stewart
13. Take a Beat: Thinking Like a Firefighter for Better Incident Response
Catherine J. Ullman
14. A Diverse Path to Better Security Professionals
Catherine J. Ullman
15. It’s Not About the Tools
Chase Pettet
16. Four Things to Know About Cybersecurity
Chloé Messdaghi
17. Vetting Resources and Having Patience when Learning Information Security Topics
Christina Lang
18. Focus on the What and the Why First, Not the Tool
Christina Morillo
19. Insiders Don’t Care for Controls
Damian Finol
20. Identity and Access Management: The Value of User Experience
Dane Bamburry
21. Lessons from Cross-Training in Law
Danny Moules
22. Ransomware
David McKenzie
23. The Key to Success in Your Cloud Journey Begins with the Shared Responsibility Model
Dominique West
24. Why InfoSec Practitioners Need to Know About Agile and DevOps
Fernando Ike
25. The Business Is Always Right
Frank McGovern
26. Why Choose Linux as Your Secure Operating System?
Gleydson Mazioli da Silva
27. New World, New Rules, Same Principles
Guillaume Blaquiere
28. Data Protection: Impact on Software Development
Guy Lépine
29. An Introduction to Security in the Cloud
Gwyneth Peña-Siguenza
30. Knowing Normal
Gyle dela Cruz
31. All Signs Point to a Schism in Cybersecurity
Ian Barwise
32. DevSecOps Is Evolving to Drive a Risk-Based Digital Transformation
Idan Plotnik
33. Availability Is a Security Concern Too
Jam Leomi
34. Security Is People
James Bore
35. Penetration Testing: Why Can’t It Be Like the Movies?!
Jasmine M. Jackson
36. How Many Ingredients Does It Take to Make an Information Security Professional?
Jasmine M. Jackson
37. Understanding Open Source Licensing and Security
Jeff Luszcz
38. Planning for Incident Response Customer Notifications
JR Aquino
39. Managing Security Alert Fatigue
Julie Agnes Sparks
40. Take Advantage of NIST’s Resources
Karen Scarfone
41. Apply Agile SDLC Methodology to Your Career
Keirsten Brager
42. Failing Spectacularly
Kelly Shortridge
43. The Solid Impact of Soft Skills
Kim Z. Dale
44. What Is Good Cyber Hygiene Within Information Security?
Lauren Zink
45. Phishing
Lauren Zink
46. Building a New Security Program
Lauren Zink
47. Using Isolation Zones to Increase Cloud Security
Lee Atchison
48. If It’s Remembered for You, Forensics Can Uncover It
Lodrina Cherne
49. Certifications Considered Harmful
Louis Nyffenegger
50. Security Considerations for IoT Device Management
Mansi Thakar
51. Lessons Learned: Cybersecurity Road Trip
Mansi Thakar
52. Finding Your Voice
Maresa Vermulst
53. Best Practices with Vulnerability Management
Mari Galloway
54. Social Engineering
Marina Ciavatta
55. Stalkerware: When Malware and Domestic Abuse Coincide
Martijn Grooten
56. Understanding and Exploring Risk
Dr. Meg Layton
57. The Psychology of Incident Response
Melanie Ensign
58. Priorities and Ethics/Morality
Michael Weber
59. DevSecOps: Continuous Security Has Come to Stay
Michelle Ribeiro
60. Cloud Security: A 5,000 Mile View from the Top
Michelle Taggart
61. Balancing the Risk and Productivity of Browser Extensions
Mike Mackintosh
62. Technical Project Ideas Towards Learning Web Application Security
Ming Chow
63. Monitoring: You Can’t Defend Against What You Don’t See
Mitch B. Parker
64. Documentation Matters
Najla Lindsay
65. The Dirty Truth Behind Breaking into Cybersecurity
Naomi Buckwalter
66. Cloud Security
Nathan Chung
67. Empathy and Change
Nick Gordon
68. Information Security Ever After
Nicole Dorsett
69. Don’t Check It In!
Patrick Schiess
70. Threat Modeling for SIEM Alerts
Phil Swaim
71. Security Incident Response and Career Longevity
Priscilla Li
72. Incident Management
Quiessence Phillips
73. Structure over Chaos
Rob Newby
74. CWE Top 25 Most Dangerous Software Weaknesses
Rushi Purohit
75. Threat Hunting Based on Machine Learning
Saju Thomas Paul and Harshvardhan Parmar
76. Get In Where You Fit In
Sallie Newton
77. Look Inside and See What Can Be
Sam Denard
78. DevOps for InfoSec Professionals
Sasha Rosenbaum
79. Get Familiar with R&R (Risk and Resilience)
Shinesa Cambric
80. Password Management
Siggi Bjarnason
81. Let’s Go Phishing
Siggi Bjarnason
82. Vulnerability Management
Siggi Bjarnason
83. Reduce Insider Risk Through Employee Empowerment
Stacey Champagne
84. Fitting Certifications into Your Career Path
Steven Becker
85. Phishing Reporting Is the Best Detection
Steven Becker
86. Know Your Data
Steve Taylor
87. Don’t Let the Cybersecurity Talent Shortage Leave Your Firm Vulnerable
Tim Maliyil
88. Comfortable Versus Confident
Tkay Rice
89. Some Thoughts on PKI
Tarah Wheeler
90. What Is a Security Champion?
Travis F. Felder
91. Risk Management in Information Security
Trevor Bryant
92. Risk, 2FA, MFA, It’s All Just Authentication! Isn’t It?
Unique Glover
93. Things I Wish I Knew Before Getting into Cybersecurity
Valentina Palacin
94. Research Is Not Just for Paper Writing
Vanessa Redman
95. The Security Practitioner
Wayne A. Howell Jr.
96. Threat Intelligence in Two Steps
Xena Olsen
97. Maintaining Compliance and Information Security with Blue Team Assistance
Yasmin Schlegel
Contributors
Index
About the Editor

Content preview from 97 Things Every Information Security Professional Should Know

Chapter 70. Threat Modeling for SIEM Alerts

Phil Swaim

As security professionals in a security operations center (SOC), there are a great range of alerts that will be available to you. Antivirus, firewalls, intrusion detection and prevention systems (IDS/IPS), identity and access management (IAM), data loss prevention (DLP), and many other tools and systems will generate alerts that may or may not be helpful to your SOC in determining if an adverse event has occurred.

Overlogging and overenabling these alerts could result in high false-positive rates, which end up distracting the SOC from possible real threats in the environment getting through.

So what to do? Threat model your alerts!

Identify a target of interest in your environment you wish to defend from adversaries. Draw it or write its name on the right side of a chart. Leave some room on the right for later. This could be data, a process, or even a person in your organization.

Identify interested adversaries, such as hacktivists, nation states, cybercriminals, or insider threats, and place them on the left of the chart in separate rows. You will find that some adversaries prefer to use different initial vectors.

Identify likely initial vectors and list those by adversary to the right of the adversary list. A targeted phish, an insider using USB, and drive-by malware downloads are some examples.

Identify points of lateral ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9781098101381Errata Page

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

97 Things Every Information Security Professional Should Know

by Christina Morillo

Chapter 70. Threat Modeling for SIEM Alerts

Phil Swaim

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.