Book description
This practical book demonstrates a data-centric approach to distilling complex security monitoring, incident response, and threat analysis ideas into their most basic elements. You’ll learn how to develop your own threat intelligence and incident detection strategy, rather than depend on security tools alone. Written by members of Cisco’s Computer Security Incident Response Team, this book shows IT and information security professionals how to create an InfoSec playbook by developing strategy, technique, and architecture.
Publisher resources
Table of contents
- Foreword
- Preface
- 1. Incident Response Fundamentals
- 2. What Are You Trying to Protect?
- 3. What Are the Threats?
- 4. A Data-Centric Approach to Security Monitoring
- 5. Enter the Playbook
- 6. Operationalize!
- 7. Tools of the Trade
-
8. Queries and Reports
- False Positives: Every Playbook’s Mortal Enemy
- There Ain’t No Such Thing as a Free Report
- An Inch Deep and a Mile Wide
- A Million Monkeys with a Million Typewriters
- A Chain Is Only as Strong as Its Weakest Link
- Detect the Chain Links, Not the Chain
- Getting Started Creating Queries
- Turning Samples of Malicious Activity into Queries for Reports
- Reports Are Patterns, Patterns Are Reports
- The Goldilocks-Fidelity
- Exploring Out of Sight of Land
- Chapter Summary
-
9. Advanced Querying
- Basic Versus Advanced
- The False Positive Paradox
- Good Indications
- Consensus as an Indicator (Set Operations and Outlier Finding)
- Set Operations for Finding Commonalities
- Finding Black Sheep
- Statistics: 60% of the Time, It Works Every Time
- Skimming the IDS Flotsam Off the Top
- Pulling Patterns Out of NetFlow
- Looking for Beaconing with Statistics
- Is Seven a Random Number?
- Correlation Through Contingent Data
- Who Is Keyser Söze?
- Guilty by Association
- Chapter Summary
- 10. I’ve Got Incidents Now! How Do I Respond?
- 11. How to Stay Relevant
- Index
Product information
- Title: Crafting the InfoSec Playbook
- Author(s):
- Release date: May 2015
- Publisher(s): O'Reilly Media, Inc.
- ISBN: 9781491949405
You might also like
book
Cybersecurity - Attack and Defense Strategies
Key Features Gain a clear understanding of the attack methods, and patterns to recognize abnormal behavior …
book
Cybersecurity - Attack and Defense Strategies
Updated edition of the bestselling guide for planning attack and defense strategies based on the current …
book
Cybersecurity – Attack and Defense Strategies - Second Edition
Updated and revised edition of the bestselling guide to developing defense strategies against the latest threats …
book
The Cyber Security Handbook – Prepare for, respond to and recover from cyber attacks
This book is a comprehensive cyber security implementation manual which gives practical guidance on the individual …