Muutke küpsiste eelistusi

E-raamat: Cyber Breach Response That Actually Works: Organizational Approach to Managing Residual Risk

3.75/5 (7 hinnangut Goodreads-ist)
  • Formaat: PDF+DRM
  • Ilmumisaeg: 10-Jun-2020
  • Kirjastus: John Wiley & Sons Inc
  • Keel: eng
  • ISBN-13: 9781119679356
Teised raamatud teemal:
  • Formaat - PDF+DRM
  • Hind: 34,12 €*
  • * hind on lõplik, st. muud allahindlused enam ei rakendu
  • Lisa ostukorvi
  • Lisa soovinimekirja
  • See e-raamat on mõeldud ainult isiklikuks kasutamiseks. E-raamatuid ei saa tagastada.
  • Raamatukogudele
Cyber Breach Response That Actually Works: Organizational Approach to Managing Residual RiskSuurem pilt
  • Formaat: PDF+DRM
  • Ilmumisaeg: 10-Jun-2020
  • Kirjastus: John Wiley & Sons Inc
  • Keel: eng
  • ISBN-13: 9781119679356
Teised raamatud teemal:

DRM piirangud

  • Kopeerimine (copy/paste):

    ei ole lubatud

  • Printimine:

    ei ole lubatud

  • Kasutamine:

    Digitaalõiguste kaitse (DRM)
    Kirjastus on väljastanud selle e-raamatu krüpteeritud kujul, mis tähendab, et selle lugemiseks peate installeerima spetsiaalse tarkvara. Samuti peate looma endale  Adobe ID Rohkem infot siin. E-raamatut saab lugeda 1 kasutaja ning alla laadida kuni 6'de seadmesse (kõik autoriseeritud sama Adobe ID-ga).

    Vajalik tarkvara
    Mobiilsetes seadmetes (telefon või tahvelarvuti) lugemiseks peate installeerima selle tasuta rakenduse: PocketBook Reader (iOS / Android)

    PC või Mac seadmes lugemiseks peate installima Adobe Digital Editionsi (Seeon tasuta rakendus spetsiaalselt e-raamatute lugemiseks. Seda ei tohi segamini ajada Adober Reader'iga, mis tõenäoliselt on juba teie arvutisse installeeritud )

    Seda e-raamatut ei saa lugeda Amazon Kindle's. 

You will be breached—the only question is whether you'll be ready    

A cyber breach could cost your organization millions of dollars—in 2019, the average cost of a cyber breach for companies was $3.9M, a figure that is increasing 20-30% annually. But effective planning can lessen the impact and duration of an inevitable cyberattack. Cyber Breach Response That Actually Works provides a business-focused methodology that will allow you to address the aftermath of a cyber breach and reduce its impact to your enterprise.

This book goes beyond step-by-step instructions for technical staff, focusing on big-picture planning and strategy that makes the most business impact. Inside, you’ll learn what drives cyber incident response and how to build effective incident response capabilities. Expert author Andrew Gorecki delivers a vendor-agnostic approach based on his experience with Fortune 500 organizations.

  • Understand the evolving threat landscape and learn how to address tactical and strategic challenges to build a comprehensive and cohesive cyber breach response program
  • Discover how incident response fits within your overall information security program, including a look at risk management
  • Build a capable incident response team and create an actionable incident response plan to prepare for cyberattacks and minimize their impact to your organization
  • Effectively investigate small and large-scale incidents and recover faster by leveraging proven industry practices
  • Navigate legal issues impacting incident response, including laws and regulations, criminal cases and civil litigation, and types of evidence and their admissibility in court

In addition to its valuable breadth of discussion on incident response from a business strategy perspective, Cyber Breach Response That Actually Works offers information on key technology considerations to aid you in building an effective capability and accelerating investigations to ensure your organization can continue business operations during significant cyber events.

Foreword xxiii
Introduction xxv
Chapter 1 Understanding the Bigger Picture
1(50)
Evolving Threat Landscape
2(6)
Identifying Threat Actors
2(2)
Cyberattack Lifecycle
4(1)
Cyberattack Preparation Framework
5(1)
Cyberattack Execution Framework
6(2)
Defining Cyber Breach Response
8(5)
Events, Alerts, Observations, Incidents, and Breaches
9(1)
Events
9(1)
Alerts
9(1)
Observations
10(1)
Incidents
10(1)
Breaches
11(1)
What Is Cyber Breach Response?
12(1)
Identifying Drivers for Cyber Breach Response
13(10)
Risk Management
13(1)
Conducting Risk Management
13(1)
Risk Assessment Process
14(3)
Managing Residual Risk
17(1)
Cyber Threat Intelligence
18(1)
What Is Cyber Threat Intelligence?
18(1)
Importance of Cyber Threat Intelligence
19(1)
Laws and Regulations
20(1)
Compliance Considerations
20(1)
Compliance Requirements for Cyber Breach Response
21(1)
Changing Business Objectives
22(1)
Incorporating Cyber Breach Response into a Cybersecurity Program
23(4)
Strategic Planning
23(1)
Designing a Program
24(1)
Implementing Program Components
25(1)
Program Operations
26(1)
Continual Improvement
27(1)
Strategy Development
27(13)
Strategic Assessment
28(1)
Gap Analysis
28(2)
Maturity Assessment
30(2)
Strategy Definition
32(1)
Vision and Mission Statement
32(1)
Goals and Objectives
33(1)
Establishing Requirements
33(2)
Defining a Target Operating Model
35(1)
Developing a Business Case and Executive Alignment
35(2)
Strategy Execution
37(1)
Enacting an Incident Response Policy
37(1)
Assigning an Incident Response Team
38(1)
Creating an Incident Response Plan
38(1)
Documenting Legal Requirements
38(1)
Roadmap Development
39(1)
Governance
40(6)
Establishing Policies
40(1)
Enterprise Security Policy
41(1)
Issue-Specific Policies
41(1)
Identifying Key Stakeholders
42(1)
Executive Leadership
42(1)
Project Steering Committee
42(1)
Chief Information Security Officer
43(1)
Stakeholders with Interest in Cyber Breach Response
43(1)
Business Alignment
44(1)
Continual Improvement
44(1)
Necessity to Determine if the Program Is Effective
45(1)
Changing Threat Landscape
45(1)
Changing Business Objectives
45(1)
Summary
46(1)
Notes
47(4)
Chapter 2 Building a Cybersecurity Incident Response Team
51(46)
Defining a CSIRT
51(4)
CSIRT History
52(1)
The Role of a CSIRT in the Enterprise
52(3)
Defining Incident Response Competencies and Functions
55(6)
Proactive Functions
55(1)
Developing and Maintaining Procedures
56(1)
Conducting Incident Response Exercises
56(1)
Assisting with Vulnerability Identification
57(1)
Deploying, Developing, and Tuning Tools
58(1)
Implementing Lessons Learned
59(1)
Reactive Functions
59(1)
Digital Forensics and Incident Response
59(1)
Cyber Threat Intelligence
60(1)
Malware Analysis
60(1)
Incident Management
61(1)
Creating an Incident Response Team
61(17)
Creating an Incident Response Mission Statement
62(1)
Choosing a Team Model
62(1)
Centralized Team Model
63(1)
Distributed Team Model
64(1)
Hybrid Team Model
65(1)
An Integrated Team
66(1)
Organizing an Incident Response Team
66(1)
Tiered Model
66(2)
Competency Model
68(1)
Hiring and Training Personnel
69(1)
Technical Skills
69(2)
Soft Skills
71(1)
Pros and Cons of Security Certifications
72(1)
Conducting Effective Interviews
73(1)
Retaining Incident Response Talent
74(1)
Establishing Authority
75(1)
Full Authority
75(1)
Shared Authority
76(1)
Indirect Authority
76(1)
No Authority
76(1)
Introducing an Incident Response Team to the Enterprise
77(1)
Enacting a CSIRT
78(4)
Defining a Coordination Model
78(2)
Communication Flow
80(1)
Incident Officer
80(1)
Incident Manager
81(1)
Assigning Roles and Responsibilities
82(8)
Business Functions
82(1)
Human Resources
82(1)
Corporate Communications
83(1)
Corporate Security
83(1)
Finance
84(1)
Other Business Functions
85(1)
Legal and Compliance
85(1)
Legal Counsel
85(1)
Compliance Functions
86(1)
Information Technology Functions
87(1)
Technical Groups
87(1)
Disaster Recovery
88(1)
Outsourcing Partners and Vendors
89(1)
Senior Management
89(1)
Working with Outsourcing Partners
90(4)
Outsourcing Considerations
91(1)
Proven Track Record of Success
91(1)
Offered Services and Capabilities
91(1)
Global Support
92(1)
Skills and Experience
92(1)
Outsourcing Costs and Pricing Models
92(1)
Establishing Successful Relationships with Vendors
93(1)
Summary
94(1)
Notes
95(2)
Chapter 3 Technology Considerations in Cyber Breach Investigations
97(46)
Sourcing Technology
98(4)
Comparing Commercial vs. Open Source Tools
98(1)
Commercial Tools
98(1)
Open Source Software
98(1)
Other Considerations
99(1)
Developing In-House Software Tools
100(1)
Procuring Hardware
101(1)
Acquiring Forensic Data
102(11)
Forensic Acquisition
102(1)
Order of Volatility
103(1)
Disk Imaging
103(2)
System Memory Acquisition
105(1)
Tool Considerations
106(1)
Forensic Acquisition Use Cases
107(1)
Live Response
108(1)
Live Response Considerations
109(1)
Live Response Tools
109(3)
Live Response Use Cases
112(1)
Incident Response Investigations in Virtualized Environments
113(5)
Traditional Virtualization
115(1)
Cloud Computing
115(1)
Forensic Acquisition
115(2)
Log Management in Cloud Computing Environments
117(1)
Leveraging Network Data in Investigations
118(5)
Firewall Logs and Network Flows
118(2)
Proxy Servers and Web Gateways
120(1)
Full-Packet Capture
120(3)
Identifying Forensic Evidence in Enterprise Technology Services
123(7)
Domain Name System
123(2)
Dynamic Host Configuration Protocol
125(1)
Web Servers
125(1)
Databases
126(1)
Security Tools
127(1)
Intrusion Detection and Prevention Systems
127(1)
Web Application Firewalls
127(1)
Data Loss Prevention Systems
128(1)
Antivirus Software
128(1)
Endpoint Detection and Response
129(1)
Honeypots and Honeynets
129(1)
Log Management
130(10)
What Is Logging?
130(2)
What Is Log Management?
132(1)
Log Management Lifecycle
133(1)
Collection and Storage
134(1)
Agent-Based vs. Agentless Collection
134(1)
Log Management Architectures
135(2)
Managing Logs with a SIEM
137(1)
What Is SIEM?
138(1)
SIEM Considerations
139(1)
Summary
140(1)
Notes
141(2)
Chapter 4 Crafting an Incident Response Plan
143(52)
Incident Response Lifecycle
143(7)
Preparing for an Incident
144(1)
Detecting and Analyzing Incidents
145(1)
Detection and Triage
146(1)
Analyzing Incidents
146(1)
Containment, Eradication, and Recovery
147(1)
Containing a Breach
147(1)
Eradicating a Threat Actor
148(1)
Recovering Business Operations
149(1)
Post-Incident Activities
149(1)
Understanding Incident Management
150(10)
Identifying Process Components
151(1)
Defining a Process
151(2)
Process Controls
153(2)
Process Enablers
155(1)
Process Interfaces
155(3)
Roles and Responsibilities
158(1)
Service Levels
159(1)
Incident Management Workflow
160(11)
Sources of Incident Notifications
160(2)
Incident Classification and Documentation
162(1)
Incident Categorization
163(1)
Severity Assignment
163(4)
Capturing Incident Information
167(2)
Incident Escalations
169(1)
Hierarchical Escalations
169(1)
Functional Escalation
169(1)
Creating and Managing Tasks
169(1)
Major Incidents
170(1)
Incident Closure
171(1)
Crafting an Incident Response Playbook
171(6)
Playbook Overview
171(2)
Identifying Workflow Components
173(1)
Detection
173(1)
Analysis
174(2)
Containment and Eradication
176(1)
Recovery
176(1)
Other Workflow Components
177(1)
Post-Incident Evaluation
177(7)
Vulnerability Management
177(1)
Purpose and Objectives
178(1)
Vulnerability Management Lifecycle
178(2)
Integrating Vulnerability Management and Risk Management
180(1)
Lessons Learned
180(1)
Lessons-Learned Process Components
181(2)
Conducting a Lessons-Learned Meeting
183(1)
Continual Improvement
184(3)
Continual Improvement Principles
184(1)
The Deming Cycle
184(1)
DIKW Hierarchy
185(2)
The Seven-Step Improvement Process
187(5)
Step 1 Define a Vision for Improvement
188(1)
Step 2 Define Metrics
188(1)
Step 3 Collect Data
189(1)
Step 4 Process Data
190(1)
Step 5 Analyze Information
191(1)
Step 6 Assess Findings and Create Plan
191(1)
Step 7 Implement the plan
192(1)
Summary
192(1)
Notes
193(2)
Chapter 5 Investigating and Remediating Cyber Breaches
195(48)
Investigating Incidents
196(6)
Determine Objectives
197(1)
Acquire and Preserve Data
198(2)
Perform Analysis
200(2)
Contain and Eradicate
202(1)
Conducting Analysis
202(21)
Digital Forensics
203(1)
Digital Forensics Disciplines
203(2)
Timeline Analysis
205(1)
Other Considerations in Digital Forensics
206(1)
Cyber Threat Intelligence
207(1)
Cyber Threat Intelligence Lifecycle
208(1)
Identifying Attacker Activity with Cyber Threat Intelligence
209(3)
Categorizing Indicators
212(2)
Malware Analysis
214(1)
Classifying Malware
214(2)
Static Analysis
216(1)
Dynamic Analysis
217(1)
Malware Analysis and Cyber Threat Intelligence
217(1)
Threat Hunting
218(1)
Prerequisites to Threat Hunting
218(1)
Threat Hunting Lifecycle
219(2)
Reporting
221(2)
Evidence Types
223(5)
System Artifacts
223(1)
Persistent Artifacts
223(2)
Volatile Artifacts
225(1)
Network Artifacts
226(1)
Security Alerts
227(1)
Remediating Incidents
228(13)
Remediation Process
229(1)
Establishing a Remediation Team
230(1)
Remediation Lead
231(1)
Remediation Owner
232(1)
Remediation Planning
233(1)
Business Considerations
233(1)
Technology Considerations
234(1)
Logistics
235(1)
Assessing Readiness
235(1)
Consequences of Alerting the Attacker
236(1)
Developing an Execution Plan
237(1)
Containment and Eradication
238(1)
Containment
238(1)
Eradication
239(1)
Monitoring for Attacker Activity
240(1)
Summary
241(1)
Notes
242(1)
Chapter 6 Legal and Regulatory Considerations in Cyber Breach Response
243(38)
Understanding Breaches from a Legal Perspective
244(8)
Laws, Regulations, and Standards
244(1)
United States
245(1)
European Union
246(1)
Standards
246(1)
Materiality in Financial Disclosure
247(1)
Cyber Attribution
248(1)
Motive, Opportunity, Means
248(1)
Attributing a Cyber Attack
249(2)
Engaging Law Enforcement
251(1)
Cyber Insurance
252(1)
Collecting Digital Evidence
252(6)
What Is Digital Evidence?
253(1)
Digital Evidence Lifecycle
253(1)
Information Governance
254(1)
Identification
254(1)
Preservation
255(1)
Collection
255(1)
Processing
255(1)
Reviewing
256(1)
Analysis
256(1)
Production
257(1)
Presentation
258(1)
Admissibility of Digital Evidence
258(3)
Federal Rules of Evidence
258(2)
Types of Evidence
260(1)
Direct Evidence
260(1)
Circumstantial Evidence
260(1)
Admission of Digital Evidence in Court
261(1)
Evidence Rules
261(2)
Hearsay Rule
261(1)
Business Records Exemption Rule
262(1)
Best Evidence
262(1)
Working with Legal Counsel
263(2)
Attorney-Client Privilege
263(1)
Attorney Work-Product
264(1)
Non-testifying Expert Privilege
264(1)
Litigation Hold
265(1)
Establishing a Chain of Custody
265(6)
What Is a Chain of Custody?
266(1)
Establishing a Defensible Protocol
266(1)
Traditional Forensic Acquisition
267(1)
Live Response and Logical Acquisition
268(1)
Documenting a Defensible Protocol
269(1)
Documentation
269(1)
Accuracy
270(1)
Auditability and Reproducibility
270(1)
Collection Methods
270(1)
Data Privacy and Cyber Breach Investigations
271(6)
What Is Data Privacy?
271(1)
Handling Personal Data During Investigations
272(1)
Enacting a Policy to Support Investigations
272(1)
Cyber Breach Investigations and GDPR
273(1)
Data Processing and Cyber Breach Investigations
274(1)
Establishing a Lawful Basis for the Processing of Personal Data
275(1)
Territorial Transfer of Personal Data
276(1)
Summary
277(1)
Notes
278(3)
Index 281
Andrew Gorecki is a cybersecurity professional with experience across various IT and cybersecurity disciplines, including engineering, operations, and incident response. Originally from Europe, he provided consulting services across various industry sectors in the U.S., the UK, and other European countries. At the time of writing, he manages a team of incident response consultants within the X-Force IRIS competency of IBM Security where he leads investigations into large-scale breaches for Fortune 500 organizations, delivers proactive incident response services, and provides executive-level consulting on building and optimizing incident response programs.
Lisainfo e-raamatute kohta Lisainfo e-raamatute kohta
Püsilink: https://www.kriso.ee/db/97811196793562e.html
Märksõnad: