book

Agile Security Operations

Name: Agile Security Operations
Author: Hinne Hettema
ISBN: 9781801815512

by Hinne Hettema

February 2022

Beginner

254 pages

5h 57m

English

Packt Publishing

Read now

Unlock full access

Agile Security Operations
ContributorsAbout the authorAbout the reviewers
Preface
Who this book is forWhat this book coversTo get the most out of this bookDownload the color imagesConventions usedGet in touchShare Your Thoughts
Section 1: Incidence Response: The Heart of Security
Chapter 1: How Security Operations Are Changing
Why security is hardSecurity operationsCybersecurity, threats, and riskFive types of cyber defenseSecurity incidents Security solutions in search of a problem The scope of security operationsWhere security operations turn agileAgile incident responseAgile security operationsSummary
Chapter 2: Incident Response – A Key Capability in Security Operations
Facing up to breachesThe incident response cycleKnowing an incident – detection and analysisDetection engineeringRepurposingAnalyzing threatsBranches and pivots – how incidents changeThe kill chain modelExpanding the options for defenseLateral movementAgile incident responseCompromise is eternalIncidents and compromisesWhy incident response needs to be agileTeam structure for incident responseLearning from incidents – from resolution to tactics to strategySummary
Chapter 3: Engineering for Incident Response
From incident response to agile security operations engineeringMapping the incident loopFeedback – closing the incident loopThe businesslike weaknesses of attackersA brief discussion of agile frameworksLeanKanbanScrumAgile security operationsKey activities in agile security operationsBreachDetectAnalyzeContainEradicateRecoverDevelop context and TTPsUpdating the architecture, strategy, and riskDetection engineeringImprovements – prevention, discovery, and predictionTooling – defend to respondPassive defenseActive defense – Mitre ATT&CK and ShieldSummary
Section 2: Defensible Organizations
Chapter 4: Key Concepts in Cyber Defense
What is cyber defense?Enduring failureThe fit of security operationsCoordination and discoordinationCoordination gamesDiscoordination gamesA framework for uncertaintyA brief overview of the Cynefin frameworkConstraintsResolving crisesStructured analytic techniquesIs this part of the security skillset?Summary
Chapter 5: Defensible Architecture
The definition of defensible architecturePareto optimizable attacksUnderstanding the kill chainRequirements of defensible architectureDefense in depthImplied trust in network segmentsTrust in the endpoints of the architectureDefense in depth as an evolutionThe new security boundariesPrinciples of the defensible architectureRoots of trustIdentity as a root of trustData controls as a root of trustAlgorithmic integrity as a root of trustRoots of trust and verifiabilityElements of the defensible architecturePreventionVisibility and forensic readinessThreat modelingAttack path modelingDefensible architecture tradeoffsOn-premises infrastructureCloudIndustrialSummary
Chapter 6: Active Defense
The role of active defenseActive defense as one of the five types of cyber defenseCompromise is eternalAgile incident responseAn approach to active defenseThe agile active defense processUnderstanding the adversaryPeople and processesTechnologyActive defense during a crisisActive defense for eternal compromiseAssessAdaptThe pivot or [<>]ExaptTranscendSummary

Chapter 7: How Secure Are You? – Measuring Security Posture
Security as risk reductionMeasuring risk reductionDescriptionFinancial aspects of risksControlsRisk management versus enabling the businessStrategy maps – security as business valueConstructing strategy mapsStrategy map layersSecurity strategy mapsStarting a security strategyWorking with the security strategy mapFinancial metricsCustomer metricsOperations metricsMetrics for capabilitiesSummary
Section 3: Advanced Agile Security Operations
Chapter 8: Red, Blue, and Purple Teaming
Red teaming and blue teamingWhy red team?What is a red team?What is a blue team?Threat huntingHunt leads Analytic queriesAlternative hunt leads – alert streams and detectionsImplementing a threat hunting practicePurple teaming conceptsPurple team activitiesCharacteristics of blue and red teamsAgile approaches to purple teamingPurple teaming operations Planning – sources of attack dataPlanning – cadence and processExecuting the red side of purple teamingFeedback – moving to an agile approachClosing into threat-informed defenseBusiness value from purple teamingSecurity baseliningSecurity posture improvementThreat-informed defenseSummary
Chapter 9: Running and Operating Security Services
The essential security servicesWhat is a service?Service worksheetsStrategy servicePoliciesArchitectureDeploymentMonitoring and alertingIncident responseOther servicesService maturityMaturity managementPractices – components of a serviceMeasuring effectivenessMaturity modelsDefining CapabilityMaturity does not stand aloneDrawbacks of MaturityAgile approaches to the six security servicesAgileDevOps cycleSummary
Chapter 10: Implementing Agile Threat Intelligence
What threat intelligence is and isn'tA threat intelligence programAcquiring threat intelligenceRunning your own functionUsing threat intelligenceDirectionUnderstanding risk reductionUsing past attacks as a guideScoping prospective groupsBusiness capabilities and operational contextThe influence on directionCollection and collationThe data funnelExternal feedsFeeds meeting internal logsInterpretationUsing structured analytic techniquesThreat groupsDisseminationRisk analysisAlerting, hunting, and detectionInfrastructure hardeningSummary
Appendix
Principles of cybersecurity operations
Further reading
BackgroundCynefin frameworkCynefin Field guideStructured analytic techniquesArchitectureThreat modelingOrganizationsOperationsPrinciples for operationsSOC operationsPeople to follow
Why subscribe?
Other Books You May EnjoyPackt is searching for authors like youShare Your Thoughts

Overview

Agile Security Operations is your guide to implementing an agile approach to cybersecurity operations. By exploring concepts like defensible architectures, active defense strategies, and methods to measure and communicate security posture, you will gain comprehensive insights into modern security practices. This book also helps you align security operations with business objectives, improving overall security outcomes.

What this Book will help me do

Understand how to implement agile methodologies into security operations to enhance efficiency.
Learn to develop defensible security architectures tailored to your organization.
Master the use of frameworks such as the ATT&CK framework to understand attacker methods.
Discover methods to measure and communicate your organization's security posture effectively.
Gain practical skills to integrate security into broader business and development operations.

Author(s)

Hinne Hettema is an experienced cybersecurity professional with an extensive background in engineering and operational security. He specializes in bridging the gap between technical cybersecurity practices and organizational strategies, with a focus on agility and effectiveness. Hinne aims to empower professionals with actionable advice and practical methodologies.

Who is it for?

This book is ideal for information security managers, security operations center (SOC) professionals, and decision-makers like CISOs and CIOs who want to modernize their security practices. If you are a cybersecurity engineer or analyst with intermediate knowledge in incident response and threat management, this book will help you expand your skills. It's perfect for professionals aiming to incorporate agility into their organizations' security framework.

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9781801815512

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills