Naperville Public Library
Library Hours
Monday to Friday: 9 a.m. to 9 p.m.
Saturday: 9 a.m. to 5 p.m.
Sunday: 1 p.m. to 9 p.m.
Naper Blvd. 1 p.m. to 5 p.m.
Home Best Sellers Research a Topic Download & Stream Material Request My Account
     
Limit search to available items
Results Page:  Previous Next
Author Brown, Rebekah (Writer on computer security), author.

Title Intelligence-Driven Incident Response : outwitting the adversary / Rebekah Brown and Scott J. Roberts ; foreword by Jeannie L. Johnson and Rob Lee. [O'Reilly electronic resources]

Edition Second edition.
Publication Info. Sebastopol, CA : O'Reilly Media, Inc., 2023.
©2023
To Access:
Available on O'Reilly for Public Libraries
Bookmark link: https://library.naperville-lib.org:444/record=b3194920~S1
QR Code
Description 1 online resource (xxvi, 316 pages ) : color illustrations.
Contents Cover -- Copyright -- Table of Contents -- Foreword to the Second Edition -- Foreword to the First Edition -- Preface -- Why We Wrote This Book -- Who This Book Is For -- How This Book Is Organized -- Conventions Used in This Book -- O'Reilly Online Learning -- How to Contact Us -- Acknowledgments -- Part I. The Fundamentals -- Chapter 1. Introduction -- Intelligence as Part of Incident Response -- History of Cyber Threat Intelligence -- Modern Cyber Threat Intelligence -- The Way Forward -- Incident Response as a Part of Intelligence -- What Is Intelligence-Driven Incident Response?
Why Intelligence-Driven Incident Response? -- Operation SMN -- SolarWinds -- Conclusion -- Chapter 2. Basics of Intelligence -- Intelligence and Research -- Data Versus Intelligence -- Sources and Methods -- Models -- Using Models for Collaboration -- Process Models -- Using the Intelligence Cycle -- Qualities of Good Intelligence -- Collection Method -- Date of Collection -- Context -- Addressing Biases in Analysis -- Levels of Intelligence -- Tactical Intelligence -- Operational Intelligence -- Strategic Intelligence -- Confidence Levels -- Conclusion -- Chapter 3. Basics of Incident Response
Incident-Response Cycle -- Preparation -- Identification -- Containment -- Eradication -- Recovery -- Lessons Learned -- The Kill Chain -- Targeting -- Reconnaissance -- Weaponization -- Delivery -- Exploitation -- Installation -- Command and Control -- Actions on Objective -- Example Kill Chain -- The Diamond Model -- Basic Model -- Extending the Model -- ATT&CK and D3FEND -- ATT&CK -- D3FEND -- Active Defense -- Deny -- Disrupt -- Degrade -- Deceive -- Destroy -- F3EAD -- Find -- Fix -- Finish -- Exploit -- Analyze -- Disseminate -- Using F3EAD -- Picking the Right Model
Scenario: Road Runner -- Conclusion -- Part II. Practical Application -- Chapter 4. Find -- Actor-Centric Targeting -- Starting with Known Information -- Useful Information During the Find Phase -- Using the Kill Chain -- Goals -- Victim-Centric Targeting -- Using Victim-Centric Targeting -- Asset-Centric Targeting -- Using Asset-Centric Targeting -- Capability-Centric Targeting -- Using Capability-Centric Targeting -- Media-Centric Targeting -- Targeting Based on Third-Party Notification -- Prioritizing Targeting -- Immediate Needs -- Past Incidents -- Criticality
Organizing Targeting Activities -- Hard Leads -- Soft Leads -- Grouping Related Leads -- Lead Storage and Documentation -- The Request for Information Process -- Conclusion -- Chapter 5. Fix -- Intrusion Detection -- Network Alerting -- System Alerting -- Fixing Road Runner -- Intrusion Investigation -- Network Analysis -- Live Response -- Memory Analysis -- Disk Analysis -- Enterprise Detection and Response -- Malware Analysis -- Scoping -- Hunting -- Developing Hypotheses -- Testing Hypotheses -- Conclusion -- Chapter 6. Finish -- Finishing Is Not Hacking Back -- Stages of Finish -- Mitigate.
Note Includes index.
Summary Using a well-conceived incident response plan in the aftermath of an online security breach enables your team to identify attackers and learn how they operate. But only when you approach incident response with a cyber threat intelligence mindset will you truly understand the value of that information. In this updated second edition, you'll learn the fundamentals of intelligence analysis as well as the best ways to incorporate these techniques into your incident response process. Each method reinforces the other: threat intelligence supports and augments incident response, while incident response generates useful threat intelligence. This practical guide helps incident managers, malware analysts, reverse engineers, digital forensics specialists, and intelligence analysts understand, implement, and benefit from this relationship. In three parts, this in-depth book includes: The fundamentals: Get an introduction to cyberthreat intelligence, the intelligence process, the incident response process, and how they all work together Practical application: Walk through the intelligence-driven incident response (IDIR) process using the F3EAD process: Find, Fix, Finish, Exploit, Analyze, and Disseminate The way forward: Explore big-picture aspects of IDIR that go beyond individual incident response investigations, including intelligence team building.
Subject Computer crimes -- Investigation.
Criminalité informatique -- Enquêtes.
Computer crimes -- Investigation
Added Author Roberts, Scott J. (Writer on computer security), author.
Johnson, Jeannie L, writer of foreword.
Lee, Rob, writer of foreword.
Other Form: Print version: Brown, Rebekah Intelligence-Driven Incident Response Sebastopol : O'Reilly Media, Incorporated,c2023 9781098120689
ISBN 9781098120641 electronic book
1098120647 electronic book
Patron reviews: add a review
Click for more information
EBOOK
No one has rated this material

You can...
Also...
- Find similar reads
- Add a review
- Sign-up for Newsletter
- Suggest a purchase
- Can't find what you want?
More Information

 
 
© Naperville Public Library 2019.