Intelligence-driven incident response : outwitting the adversary / Scott J. Roberts and Rebekah Brown.

By:

Roberts, Scott J. (Writer on computer security) [author.]

Contributor(s):

Brown, Rebekah (Writer on computer security) [author.]

Material type: Text

TextPublication details: Mumbai : Shroff Publishers & Distributors, OReilly, 2018.Description: xvii, 260 p. : ill. ; 24 cmISBN:

9789352136070

Subject(s):

DDC classification:

364.168 23 ROB

LOC classification:

HV6773 .R635 2017

Contents:

pt. I The Fundamentals -- 1. Introduction -- Intelligence as Part of Incident Response -- History of Cyber Threat Intelligence -- Modern Cyber Threat Intelligence -- The Way Forward -- Incident Response as a Part of Intelligence -- What Is Intelligence-Driven Incident Response? -- Why Intelligence-Driven Incident Response? -- Operation SMN -- Operation Aurora -- Conclusion -- 2. Basics of Intelligence -- Data Versus Intelligence -- Sources and Methods -- Process Models -- OODA -- Intelligence Cycle -- Using the Intelligence Cycle -- Qualities of Good Intelligence -- Levels of Intelligence -- Tactical Intelligence -- Operational Intelligence -- Strategic Intelligence -- Confidence Levels -- Conclusion -- 3. Basics of Incident Response -- Incident-Response Cycle -- Preparation -- Identification -- Containment -- Eradication -- Recovery -- Lessons Learned -- Kill Chain -- Targeting -- Reconnaissance -- Weaponization -- Delivery -- Exploitation -- Installation -- Command and Control -- Actions on Objective -- Example Kill Chain -- Diamond Model -- Basic Model -- Extending the Model -- Active Defense -- Deny -- Disrupt -- Degrade -- Deceive -- Destroy -- F3EAD -- Find -- Fix -- Finish -- Exploit -- Analyze -- Disseminate -- Using F3EAD -- Picking the Right Model -- Scenario: GLASS WIZARD -- Conclusion -- pt. II Practical Application -- 4. Find -- Actor-Centric Targeting -- Starting with Known Information -- Useful Find Information -- Asset-Centric Targeting -- Using Asset-Centric Targeting -- News-Centric Targeting -- Targeting Based on Third-Party Notification -- Prioritizing Targeting -- Immediate Needs -- Past Incidents -- Criticality -- Organizing Targeting Activities -- Hard Leads -- Soft Leads -- Grouping Related Leads -- Lead Storage -- The Request for Information Process -- Conclusion -- 5. Fix -- Intrusion Detection -- Network Alerting -- System Alerting -- Fixing GLASS WIZARD -- Intrusion Investigation -- Network Analysis -- Live Response -- Memory Analysis -- Disk Analysis -- Malware Analysis -- Scoping -- Hunting -- Developing Leads -- Testing Leads -- Conclusion -- 6. Finish -- Finishing Is Not Hacking Back -- Stages of Finish -- Mitigate -- Remediate -- Rearchitect -- Taking Action -- Deny -- Disrupt -- Degrade -- Deceive -- Destroy -- Organizing Incident Data -- Tools for Tracking Actions -- Purpose-Built Tools -- Assessing the Damage -- Monitoring Life Cycle -- Conclusion -- 7. Exploit -- What to Exploit? -- Gathering Information -- Storing Threat Information -- Data Standards and Formats for Indicators -- Data Standards and Formats for Strategic Information -- Managing Information -- Threat-Intelligence Platforms -- Conclusion -- 8. Analyze -- The Fundamentals of Analysis -- What to Analyze? -- Conducting the Analysis -- Enriching Your Data -- Developing Your Hypothesis -- Evaluating Key Assumptions -- Judgment and Conclusions -- Analytic Processes and Methods -- Structured Analysis -- Target-Centric Analysis -- Analysis of Competing Hypotheses -- Graph Analysis -- Contrarian Techniques -- Conclusion -- 9. Disseminate -- Intelligence Consumer Goals -- Audience -- Executive/Leadership Consumer -- Internal Technical Consumers -- External Technical Consumers -- Developing Consumer Personas -- Authors -- Actionability -- The Writing Process -- Plan -- Draft -- Edit -- Intelligence Product Formats -- Short-Form Products -- Long-Form Products -- The RFI Process -- Automated Consumption Products -- Establishing a Rhythm -- Distribution -- Feedback -- Regular Products -- Conclusion -- pt. III The Way Forward -- 10. Strategic Intelligence -- What Is Strategic Intelligence? -- Developing Target Models -- The Strategic Intelligence Cycle -- Setting Strategic Requirements -- Collection -- Analysis -- Dissemination -- Conclusion -- 11. Building an Intelligence Program -- Are You Ready? -- Planning the Program -- Defining Stakeholders -- Defining Goals -- Defining Success Criteria -- Identifying Requirements and Constraints -- Defining Metrics -- Stakeholder Personas -- Tactical Use Cases -- SOC Support -- Indicator Management -- Operational Use Cases -- Campaign Tracking -- Strategic Use Cases -- Architecture Support -- Risk Assessment/Strategic Situational Awareness -- Strategic to Tactical or Tactical to Strategic? -- Hiring an Intelligence Team -- Demonstrating Intelligence Program Value -- Conclusion.

Summary: "Using a well-conceived incident response plan in the aftermath of an online security breach enables your team to identify attackers and learn how they operate. But, only when you approach incident response with a cyber threat intelligence mindset will you truly understand the value of that information. With this practical guide, you'll learn the fundamentals of intelligence analysis, as well as the best ways to incorporate these techniques into your incident response process. Each method reinforces the other: threat intelligence supports and augments incident response, while incident response generates useful threat intelligence. This book helps incident managers, malware analysts, reverse engineers, digital forensics specialists, and intelligence analysts understand, implement, and benefit from this relationship."--Back cover.

Tags from this library: No tags from this library for this title. Log in to add tags.

Holdings
Item type	Current library	Call number	Status	Date due	Barcode	Item holds
Books	Learning Resource Centre	364.168 ROB (Browse shelf(Opens below))	Available		13852

Total holds: 0

Browsing Learning Resource Centre shelves Close shelf browser (Hides shelf browser)

Previous			No cover image available No cover image available					Next
Previous	364 RAG The billionaire's apprentice :	364.13230954 BES The best of tehelka 6:	364.168 RAJ Manual for cyber crime awareness scale (CCAS-RS) /	364.168 ROB Intelligence-driven incident response :	364.168092 SHI Take-down :	365 DOS Crime and Punishment	365.6092 CHA Papillon /	Next

Includes index.

Machine generated contents note: pt. I The Fundamentals -- 1. Introduction -- Intelligence as Part of Incident Response -- History of Cyber Threat Intelligence -- Modern Cyber Threat Intelligence -- The Way Forward -- Incident Response as a Part of Intelligence -- What Is Intelligence-Driven Incident Response? -- Why Intelligence-Driven Incident Response? -- Operation SMN -- Operation Aurora -- Conclusion -- 2. Basics of Intelligence -- Data Versus Intelligence -- Sources and Methods -- Process Models -- OODA -- Intelligence Cycle -- Using the Intelligence Cycle -- Qualities of Good Intelligence -- Levels of Intelligence -- Tactical Intelligence -- Operational Intelligence -- Strategic Intelligence -- Confidence Levels -- Conclusion -- 3. Basics of Incident Response -- Incident-Response Cycle -- Preparation -- Identification -- Containment -- Eradication -- Recovery -- Lessons Learned -- Kill Chain -- Targeting -- Reconnaissance -- Weaponization -- Delivery -- Exploitation -- Installation -- Command and Control -- Actions on Objective -- Example Kill Chain -- Diamond Model -- Basic Model -- Extending the Model -- Active Defense -- Deny -- Disrupt -- Degrade -- Deceive -- Destroy -- F3EAD -- Find -- Fix -- Finish -- Exploit -- Analyze -- Disseminate -- Using F3EAD -- Picking the Right Model -- Scenario: GLASS WIZARD -- Conclusion -- pt. II Practical Application -- 4. Find -- Actor-Centric Targeting -- Starting with Known Information -- Useful Find Information -- Asset-Centric Targeting -- Using Asset-Centric Targeting -- News-Centric Targeting -- Targeting Based on Third-Party Notification -- Prioritizing Targeting -- Immediate Needs -- Past Incidents -- Criticality -- Organizing Targeting Activities -- Hard Leads -- Soft Leads -- Grouping Related Leads -- Lead Storage -- The Request for Information Process -- Conclusion -- 5. Fix -- Intrusion Detection -- Network Alerting -- System Alerting -- Fixing GLASS WIZARD -- Intrusion Investigation -- Network Analysis -- Live Response -- Memory Analysis -- Disk Analysis -- Malware Analysis -- Scoping -- Hunting -- Developing Leads -- Testing Leads -- Conclusion -- 6. Finish -- Finishing Is Not Hacking Back -- Stages of Finish -- Mitigate -- Remediate -- Rearchitect -- Taking Action -- Deny -- Disrupt -- Degrade -- Deceive -- Destroy -- Organizing Incident Data -- Tools for Tracking Actions -- Purpose-Built Tools -- Assessing the Damage -- Monitoring Life Cycle -- Conclusion -- 7. Exploit -- What to Exploit? -- Gathering Information -- Storing Threat Information -- Data Standards and Formats for Indicators -- Data Standards and Formats for Strategic Information -- Managing Information -- Threat-Intelligence Platforms -- Conclusion -- 8. Analyze -- The Fundamentals of Analysis -- What to Analyze? -- Conducting the Analysis -- Enriching Your Data -- Developing Your Hypothesis -- Evaluating Key Assumptions -- Judgment and Conclusions -- Analytic Processes and Methods -- Structured Analysis -- Target-Centric Analysis -- Analysis of Competing Hypotheses -- Graph Analysis -- Contrarian Techniques -- Conclusion -- 9. Disseminate -- Intelligence Consumer Goals -- Audience -- Executive/Leadership Consumer -- Internal Technical Consumers -- External Technical Consumers -- Developing Consumer Personas -- Authors -- Actionability -- The Writing Process -- Plan -- Draft -- Edit -- Intelligence Product Formats -- Short-Form Products -- Long-Form Products -- The RFI Process -- Automated Consumption Products -- Establishing a Rhythm -- Distribution -- Feedback -- Regular Products -- Conclusion -- pt. III The Way Forward -- 10. Strategic Intelligence -- What Is Strategic Intelligence? -- Developing Target Models -- The Strategic Intelligence Cycle -- Setting Strategic Requirements -- Collection -- Analysis -- Dissemination -- Conclusion -- 11. Building an Intelligence Program -- Are You Ready? -- Planning the Program -- Defining Stakeholders -- Defining Goals -- Defining Success Criteria -- Identifying Requirements and Constraints -- Defining Metrics -- Stakeholder Personas -- Tactical Use Cases -- SOC Support -- Indicator Management -- Operational Use Cases -- Campaign Tracking -- Strategic Use Cases -- Architecture Support -- Risk Assessment/Strategic Situational Awareness -- Strategic to Tactical or Tactical to Strategic? -- Hiring an Intelligence Team -- Demonstrating Intelligence Program Value -- Conclusion.

"Using a well-conceived incident response plan in the aftermath of an online security breach enables your team to identify attackers and learn how they operate. But, only when you approach incident response with a cyber threat intelligence mindset will you truly understand the value of that information. With this practical guide, you'll learn the fundamentals of intelligence analysis, as well as the best ways to incorporate these techniques into your incident response process. Each method reinforces the other: threat intelligence supports and augments incident response, while incident response generates useful threat intelligence. This book helps incident managers, malware analysts, reverse engineers, digital forensics specialists, and intelligence analysts understand, implement, and benefit from this relationship."--Back cover.

There are no comments on this title.

to post a comment.

Print
Add to your cart (remove)
Save record
BIBTEX Dublin Core ISBD MARC (non-Unicode/MARC-8) MARCXML MODS (XML) RIS MARC (Unicode/UTF-8) MARC (Unicode/UTF-8, Standard)
More searches

Search for this title in:
Other Libraries (WorldCat) Other Databases (Google Scholar) Online Stores (Bookfinder.com)