Normal view MARC view ISBD view

Cyber breach response that actually works [electronic resource] : organizational approach to managing residual risk / Andrew Gorecki.

By: Gorecki, Andrew.
Material type: materialTypeLabelBookPublisher: Indianapolis : Wiley, 2020Description: 1 online resource (323 p.).ISBN: 9781119679349; 1119679346; 9781119679318; 1119679311.Subject(s): Computer security -- Management | Computer security -- ManagementGenre/Form: Electronic books.Additional physical formats: Print version:: Cyber Breach Response That Actually Works : Organizational Approach to Managing Residual RiskDDC classification: 005.8 Online resources: Wiley Online Library
Contents:
Cover -- Title Page -- Copyright Page -- About the Author -- About the Technical Editors -- Acknowledgments -- Contents at a Glance -- Contents -- Foreword -- Introduction -- Who Should Read This Book -- How This Book Is Organized -- How to Contact Wiley or the Author -- Notes -- Chapter 1 Understanding the Bigger Picture -- Evolving Threat Landscape -- Identifying Threat Actors -- Cyberattack Lifecycle -- Defining Cyber Breach Response -- Events, Alerts, Observations, Incidents, and Breaches -- What Is Cyber Breach Response? -- Identifying Drivers for Cyber Breach Response -- Risk Management
Cyber Threat Intelligence -- Laws and Regulations -- Changing Business Objectives -- Incorporating Cyber Breach Response into a Cybersecurity Program -- Strategic Planning -- Designing a Program -- Implementing Program Components -- Program Operations -- Continual Improvement -- Strategy Development -- Strategic Assessment -- Strategy Definition -- Strategy Execution -- Roadmap Development -- Governance -- Establishing Policies -- Identifying Key Stakeholders -- Business Alignment -- Continual Improvement -- Summary -- Notes -- Chapter 2 Building a Cybersecurity Incident Response Team
Defining a CSIRT -- CSIRT History -- Defining Incident Response Competencies and Functions -- Proactive Functions -- Reactive Functions -- Creating an Incident Response Team -- Creating an Incident Response Mission Statement -- Choosing a Team Model -- Organizing an Incident Response Team -- Hiring and Training Personnel -- Establishing Authority -- Introducing an Incident Response Team to the Enterprise -- Enacting a CSIRT -- Defining a Coordination Model -- Communication Flow -- Assigning Roles and Responsibilities -- Business Functions -- Legal and Compliance
Information Technology Functions -- Senior Management -- Working with Outsourcing Partners -- Outsourcing Considerations -- Establishing Successful Relationships with Vendors -- Summary -- Notes -- Chapter 3 Technology Considerations in Cyber Breach Investigations -- Sourcing Technology -- Comparing Commercial vs. Open Source Tools -- Developing In-House Software Tools -- Procuring Hardware -- Acquiring Forensic Data -- Forensic Acquisition -- Live Response -- Incident Response Investigations in Virtualized Environments -- Traditional Virtualization -- Cloud Computing
Leveraging Network Data in Investigations -- Identifying Forensic Evidence in Enterprise Technology Services -- Domain Name System -- Dynamic Host Configuration Protocol -- Web Servers -- Databases -- Security Tools -- Log Management -- What Is Logging? -- What Is Log Management? -- Log Management Lifecycle -- Collection and Storage -- Managing Logs with a SIEM -- Summary -- Notes -- Chapter 4 Crafting an Incident Response Plan -- Incident Response Lifecycle -- Preparing for an Incident -- Detecting and Analyzing Incidents -- Containment, Eradication, and Recovery -- Post-Incident Activities
    average rating: 0.0 (0 votes)
No physical items for this record

Description based upon print version of record.

Cover -- Title Page -- Copyright Page -- About the Author -- About the Technical Editors -- Acknowledgments -- Contents at a Glance -- Contents -- Foreword -- Introduction -- Who Should Read This Book -- How This Book Is Organized -- How to Contact Wiley or the Author -- Notes -- Chapter 1 Understanding the Bigger Picture -- Evolving Threat Landscape -- Identifying Threat Actors -- Cyberattack Lifecycle -- Defining Cyber Breach Response -- Events, Alerts, Observations, Incidents, and Breaches -- What Is Cyber Breach Response? -- Identifying Drivers for Cyber Breach Response -- Risk Management

Cyber Threat Intelligence -- Laws and Regulations -- Changing Business Objectives -- Incorporating Cyber Breach Response into a Cybersecurity Program -- Strategic Planning -- Designing a Program -- Implementing Program Components -- Program Operations -- Continual Improvement -- Strategy Development -- Strategic Assessment -- Strategy Definition -- Strategy Execution -- Roadmap Development -- Governance -- Establishing Policies -- Identifying Key Stakeholders -- Business Alignment -- Continual Improvement -- Summary -- Notes -- Chapter 2 Building a Cybersecurity Incident Response Team

Defining a CSIRT -- CSIRT History -- Defining Incident Response Competencies and Functions -- Proactive Functions -- Reactive Functions -- Creating an Incident Response Team -- Creating an Incident Response Mission Statement -- Choosing a Team Model -- Organizing an Incident Response Team -- Hiring and Training Personnel -- Establishing Authority -- Introducing an Incident Response Team to the Enterprise -- Enacting a CSIRT -- Defining a Coordination Model -- Communication Flow -- Assigning Roles and Responsibilities -- Business Functions -- Legal and Compliance

Information Technology Functions -- Senior Management -- Working with Outsourcing Partners -- Outsourcing Considerations -- Establishing Successful Relationships with Vendors -- Summary -- Notes -- Chapter 3 Technology Considerations in Cyber Breach Investigations -- Sourcing Technology -- Comparing Commercial vs. Open Source Tools -- Developing In-House Software Tools -- Procuring Hardware -- Acquiring Forensic Data -- Forensic Acquisition -- Live Response -- Incident Response Investigations in Virtualized Environments -- Traditional Virtualization -- Cloud Computing

Leveraging Network Data in Investigations -- Identifying Forensic Evidence in Enterprise Technology Services -- Domain Name System -- Dynamic Host Configuration Protocol -- Web Servers -- Databases -- Security Tools -- Log Management -- What Is Logging? -- What Is Log Management? -- Log Management Lifecycle -- Collection and Storage -- Managing Logs with a SIEM -- Summary -- Notes -- Chapter 4 Crafting an Incident Response Plan -- Incident Response Lifecycle -- Preparing for an Incident -- Detecting and Analyzing Incidents -- Containment, Eradication, and Recovery -- Post-Incident Activities

Understanding Incident Management

Includes index.

John Wiley and Sons Wiley Frontlist Obook All English 2020

There are no comments for this item.

Log in to your account to post a comment.