September 2021
Beginner to intermediate
392 pages
12h 13m
Chinese
book
Google系统架构解密: 构建安全可靠的系统
by Heather Adkins, Betsy Beyer, Paul Blankinship, Piotr Lewandowski, Ana Oprea, Adam Stubblefield
Content preview from Google系统架构解密: 构建安全可靠的系统
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
266
|
第
16
章
以及何时将事件上报给
IR
团队
3
。这类培训对公司的
IR
政策有支撑作用。
在将事件升级前,要为工程师处理事件设置一个时间限制。组织可接受的风险水平决定了
应急人员的可用时间。可以先从
15
分钟开始,然后再按需调整。
为确保响应人员在紧急关头能选择最符合逻辑的行动方案,而不是依照直觉仓促决定,应
提前制订决策的标准。首位响应人员经常面对的问题是需要立即做出决定:是否要下线被
入侵的系统,或者采取什么样的遏制方法。更多讨论请参阅第
17
章。
应该对工程师进行培训,让他们了解事件响应过程中可能需要解决优先级相互矛盾的事
项。例如,要保持最长的正常运行时间和最高的可用性,同时还要为取证调查保留工件。
还应该培训工程师创建响应活动的相关记录,以便后续能将这些活动与攻击者留下的工件
区分开来。
16.5.3
流程和程序
在事件发生前建立一套流程和程序,可以大大减少响应人员的响应时间和认知负担。以下
列出了一些可供参考的建议。
•
制订硬件和软件的快速采购方法。在紧急情况下,可能需要额外的设备或资源,如服务
器、软件或发电机燃料。
•
建立外包服务的合同审批流程。对于较小的组织来说,这意味着确定要外包的能力,如
取证调查服务。
•
创建策略和程序,在安全事件期间保存证据和日志,以防止日志被覆盖。更多详情参见
第
15
章。
16.6
测试系统和响应计划
如前几节所述,一旦创建了组织需要为事件准备的全部材料,就必须评估这
些材料的有效性并改进发现的缺陷。建议从以下多个角度进行测试。
•
评估自动化系统,确保其正常运行。
•
测试流程,消除首位响应人员和工程团队使用的程序和工具中的偏差。 ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.