Book description
This practical book demonstrates a data-centric approach to distilling complex security monitoring, incident response, and threat analysis ideas into their most basic elements. You’ll learn how to develop your own threat intelligence and incident detection strategy, rather than depend on security tools alone. Written by members of Cisco’s Computer Security Incident Response Team, this book shows IT and information security professionals how to create an InfoSec playbook by developing strategy, technique, and architecture.
Publisher resources
Table of contents
- Foreword
- Preface
- 1. Incident Response Fundamentals
- 2. What Are You Trying to Protect?
- 3. What Are the Threats?
- 4. A Data-Centric Approach to Security Monitoring
- 5. Enter the Playbook
- 6. Operationalize!
- 7. Tools of the Trade
-
8. Queries and Reports
- False Positives: Every Playbook’s Mortal Enemy
- There Ain’t No Such Thing as a Free Report
- An Inch Deep and a Mile Wide
- A Million Monkeys with a Million Typewriters
- A Chain Is Only as Strong as Its Weakest Link
- Detect the Chain Links, Not the Chain
- Getting Started Creating Queries
- Turning Samples of Malicious Activity into Queries for Reports
- Reports Are Patterns, Patterns Are Reports
- The Goldilocks-Fidelity
- Exploring Out of Sight of Land
- Chapter Summary
-
9. Advanced Querying
- Basic Versus Advanced
- The False Positive Paradox
- Good Indications
- Consensus as an Indicator (Set Operations and Outlier Finding)
- Set Operations for Finding Commonalities
- Finding Black Sheep
- Statistics: 60% of the Time, It Works Every Time
- Skimming the IDS Flotsam Off the Top
- Pulling Patterns Out of NetFlow
- Looking for Beaconing with Statistics
- Is Seven a Random Number?
- Correlation Through Contingent Data
- Who Is Keyser Söze?
- Guilty by Association
- Chapter Summary
- 10. I’ve Got Incidents Now! How Do I Respond?
- 11. How to Stay Relevant
- Index
Product information
- Title: Crafting the InfoSec Playbook
- Author(s):
- Release date: May 2015
- Publisher(s): O'Reilly Media, Inc.
- ISBN: 9781491949405
You might also like
book
Digital Forensics and Incident Response
A practical guide to deploying digital forensic techniques in response to cyber security incidents About This …
book
Digital Forensics and Incident Response - Second Edition
Build your organization's cyber defense system by effectively implementing digital forensics and incident management techniques Key …
book
How to Measure Anything in Cybersecurity Risk
A ground shaking exposé on the failure of popular cyber risk management methods How to Measure …
book
Cybersecurity Blue Team Toolkit
A practical handbook to cybersecurity for both tech and non-tech professionals As reports of major data …