Chapter 3: Engineering for Incident Response

In the previous two chapters, we discussed security operations and incident response and looked at some of the key elements that come into play in incident response, such as the incident response cycle and the kill chain. We have also argued, albeit somewhat loosely, that agile is the best approach for both security operations and incident response. In this chapter, the aim is to tighten up that argument and develop an agile framework in more detail, as well as outline what relationships exist between existing agile approaches and agile security operations.

In this chapter, we will discuss the engineering aspects of incident response, from the viewpoint that incident response is a continuing operational ...

Get Agile Security Operations now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Agile Security Operations by Hinne Hettema

Chapter 3: Engineering for Incident Response

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly