Book description
This practical book demonstrates a data-centric approach to distilling complex security monitoring, incident response, and threat analysis ideas into their most basic elements. You’ll learn how to develop your own threat intelligence and incident detection strategy, rather than depend on security tools alone. Written by members of Cisco’s Computer Security Incident Response Team, this book shows IT and information security professionals how to create an InfoSec playbook by developing strategy, technique, and architecture.
Publisher resources
Table of contents
- Foreword
- Preface
- 1. Incident Response Fundamentals
- 2. What Are You Trying to Protect?
- 3. What Are the Threats?
- 4. A Data-Centric Approach to Security Monitoring
- 5. Enter the Playbook
- 6. Operationalize!
- 7. Tools of the Trade
-
8. Queries and Reports
- False Positives: Every Playbook’s Mortal Enemy
- There Ain’t No Such Thing as a Free Report
- An Inch Deep and a Mile Wide
- A Million Monkeys with a Million Typewriters
- A Chain Is Only as Strong as Its Weakest Link
- Detect the Chain Links, Not the Chain
- Getting Started Creating Queries
- Turning Samples of Malicious Activity into Queries for Reports
- Reports Are Patterns, Patterns Are Reports
- The Goldilocks-Fidelity
- Exploring Out of Sight of Land
- Chapter Summary
-
9. Advanced Querying
- Basic Versus Advanced
- The False Positive Paradox
- Good Indications
- Consensus as an Indicator (Set Operations and Outlier Finding)
- Set Operations for Finding Commonalities
- Finding Black Sheep
- Statistics: 60% of the Time, It Works Every Time
- Skimming the IDS Flotsam Off the Top
- Pulling Patterns Out of NetFlow
- Looking for Beaconing with Statistics
- Is Seven a Random Number?
- Correlation Through Contingent Data
- Who Is Keyser Söze?
- Guilty by Association
- Chapter Summary
- 10. I’ve Got Incidents Now! How Do I Respond?
- 11. How to Stay Relevant
- Index
Product information
- Title: Crafting the InfoSec Playbook
- Author(s):
- Release date: May 2015
- Publisher(s): O'Reilly Media, Inc.
- ISBN: 9781491949405
You might also like
book
The Cybersecurity Playbook
The real-world guide to defeating hackers and keeping your business secure Many books discuss the technical …
book
The Cybersecurity Playbook for Modern Enterprises
Learn how to build a cybersecurity program for a changing world with the help of proven …
book
Ransomware Protection Playbook
Avoid becoming the next ransomware victim by taking practical steps today Colonial Pipeline. CWT Global. Brenntag. …
book
Cybersecurity – Attack and Defense Strategies - Second Edition
Updated and revised edition of the bestselling guide to developing defense strategies against the latest threats …