Crafting the InfoSec Playbook: Security Monitoring and Incident Response Master Plan"O'Reilly Media, Inc.", 7 mei 2015 - 276 pagina's Any good attacker will tell you that expensive security monitoring and prevention tools aren’t enough to keep you secure. This practical book demonstrates a data-centric approach to distilling complex security monitoring, incident response, and threat analysis ideas into their most basic elements. You’ll learn how to develop your own threat intelligence and incident detection strategy, rather than depend on security tools alone. Written by members of Cisco’s Computer Security Incident Response Team, this book shows IT and information security professionals how to create an InfoSec playbook by developing strategy, technique, and architecture.
|
Inhoudsopgave
Chapter 1 Incident Response Fundamentals | 1 |
Chapter 2 What Are You Trying to Protect? | 15 |
Chapter 3 What Are the Threats? | 29 |
Chapter 4 A DataCentric Approach to Security Monitoring | 45 |
Chapter 5 Enter the Playbook | 71 |
Chapter 6 Operationalize | 81 |
Chapter 7 Tools of the Trade | 109 |
Overige edities - Alles bekijken
Crafting the InfoSec Playbook: Security Monitoring and Incident Response ... Jeff Bollinger,Brandon Enright,Matthew Valites Gedeeltelijke weergave - 2015 |
Crafting the InfoSec Playbook: Security Monitoring and Incident Response ... Jeff Bollinger,Brandon Enright,Matthew Valites Geen voorbeeld beschikbaar - 2015 |
Veelvoorkomende woorden en zinsdelen
additional analysis analyze application attacks basic behavior block Chapter click fraud client compromised configuration connection context create crimeware CSIRT data sources deploy deployment develop DHCP domain name encryption ensure event data event sources example exploit external false positives fields flow header high-fidelity reports HIPS host hostname identify incident detection incident response team indicators infected InfoSec infrastructure internal Internet investigation IP address log data look malicious activity malware metadata MSIE nameserver NetFlow nodes operations organization organization’s packet capture phishing play playbook port potential protect protocol proxy logs query regular expression request require scanning security event security incident security monitoring signature sinkhole source IP specific targeted there’s threat intelligence timestamp tion traffic true positive tuning understand unique User-Agent victim vulnerabilities web proxy what’s Windows NT