book

Agile Security Operations

by Hinne Hettema

February 2022

Beginner

254 pages

5h 57m

English

Packt Publishing

Read now

Unlock full access

ContributorsAbout the authorAbout the reviewers
Who this book is forWhat this book coversTo get the most out of this bookDownload the color imagesConventions usedGet in touchShare Your Thoughts
Why security is hardSecurity operationsCybersecurity, threats, and riskFive types of cyber defenseSecurity incidents Security solutions in search of a problem The scope of security operationsWhere security operations turn agileAgile incident responseAgile security operationsSummary
Facing up to breachesThe incident response cycleKnowing an incident – detection and analysisDetection engineeringRepurposingAnalyzing threatsBranches and pivots – how incidents changeThe kill chain modelExpanding the options for defenseLateral movementAgile incident responseCompromise is eternalIncidents and compromisesWhy incident response needs to be agileTeam structure for incident responseLearning from incidents – from resolution to tactics to strategySummary
From incident response to agile security operations engineeringMapping the incident loopFeedback – closing the incident loopThe businesslike weaknesses of attackersA brief discussion of agile frameworksLeanKanbanScrumAgile security operationsKey activities in agile security operationsBreachDetectAnalyzeContainEradicateRecoverDevelop context and TTPsUpdating the architecture, strategy, and riskDetection engineeringImprovements – prevention, discovery, and predictionTooling – defend to respondPassive defenseActive defense – Mitre ATT&CK and ShieldSummary
What is cyber defense?Enduring failureThe fit of security operationsCoordination and discoordinationCoordination gamesDiscoordination gamesA framework for uncertaintyA brief overview of the Cynefin frameworkConstraintsResolving crisesStructured analytic techniquesIs this part of the security skillset?Summary
The definition of defensible architecturePareto optimizable attacksUnderstanding the kill chainRequirements of defensible architectureDefense in depthImplied trust in network segmentsTrust in the endpoints of the architectureDefense in depth as an evolutionThe new security boundariesPrinciples of the defensible architectureRoots of trustIdentity as a root of trustData controls as a root of trustAlgorithmic integrity as a root of trustRoots of trust and verifiabilityElements of the defensible architecturePreventionVisibility and forensic readinessThreat modelingAttack path modelingDefensible architecture tradeoffsOn-premises infrastructureCloudIndustrialSummary
The role of active defenseActive defense as one of the five types of cyber defenseCompromise is eternalAgile incident responseAn approach to active defenseThe agile active defense processUnderstanding the adversaryPeople and processesTechnologyActive defense during a crisisActive defense for eternal compromiseAssessAdaptThe pivot or [<>]ExaptTranscendSummary

Security as risk reductionMeasuring risk reductionDescriptionFinancial aspects of risksControlsRisk management versus enabling the businessStrategy maps – security as business valueConstructing strategy mapsStrategy map layersSecurity strategy mapsStarting a security strategyWorking with the security strategy mapFinancial metricsCustomer metricsOperations metricsMetrics for capabilitiesSummary
Red teaming and blue teamingWhy red team?What is a red team?What is a blue team?Threat huntingHunt leads Analytic queriesAlternative hunt leads – alert streams and detectionsImplementing a threat hunting practicePurple teaming conceptsPurple team activitiesCharacteristics of blue and red teamsAgile approaches to purple teamingPurple teaming operations Planning – sources of attack dataPlanning – cadence and processExecuting the red side of purple teamingFeedback – moving to an agile approachClosing into threat-informed defenseBusiness value from purple teamingSecurity baseliningSecurity posture improvementThreat-informed defenseSummary
The essential security servicesWhat is a service?Service worksheetsStrategy servicePoliciesArchitectureDeploymentMonitoring and alertingIncident responseOther servicesService maturityMaturity managementPractices – components of a serviceMeasuring effectivenessMaturity modelsDefining CapabilityMaturity does not stand aloneDrawbacks of MaturityAgile approaches to the six security servicesAgileDevOps cycleSummary
What threat intelligence is and isn'tA threat intelligence programAcquiring threat intelligenceRunning your own functionUsing threat intelligenceDirectionUnderstanding risk reductionUsing past attacks as a guideScoping prospective groupsBusiness capabilities and operational contextThe influence on directionCollection and collationThe data funnelExternal feedsFeeds meeting internal logsInterpretationUsing structured analytic techniquesThreat groupsDisseminationRisk analysisAlerting, hunting, and detectionInfrastructure hardeningSummary
Principles of cybersecurity operations
BackgroundCynefin frameworkCynefin Field guideStructured analytic techniquesArchitectureThreat modelingOrganizationsOperationsPrinciples for operationsSOC operationsPeople to follow
Other Books You May EnjoyPackt is searching for authors like youShare Your Thoughts

Overview

Agile Security Operations is your guide to implementing an agile approach to cybersecurity operations. By exploring concepts like defensible architectures, active defense strategies, and methods to measure and communicate security posture, you will gain comprehensive insights into modern security practices. This book also helps you align security operations with business objectives, improving overall security outcomes.

What this Book will help me do

Understand how to implement agile methodologies into security operations to enhance efficiency.
Learn to develop defensible security architectures tailored to your organization.
Master the use of frameworks such as the ATT&CK framework to understand attacker methods.
Discover methods to measure and communicate your organization's security posture effectively.
Gain practical skills to integrate security into broader business and development operations.

Author(s)

Hinne Hettema is an experienced cybersecurity professional with an extensive background in engineering and operational security. He specializes in bridging the gap between technical cybersecurity practices and organizational strategies, with a focus on agility and effectiveness. Hinne aims to empower professionals with actionable advice and practical methodologies.

Who is it for?

This book is ideal for information security managers, security operations center (SOC) professionals, and decision-makers like CISOs and CIOs who want to modernize their security practices. If you are a cybersecurity engineer or analyst with intermediate knowledge in incident response and threat management, this book will help you expand your skills. It's perfect for professionals aiming to incorporate agility into their organizations' security framework.