| Document Type
|
:
|
BL
|
| Record Number
|
:
|
851146
|
| Main Entry
|
:
|
Thompson, Eric C.
|
| Title & Author
|
:
|
Cybersecurity incident response : : how to contain, eradicate, and recover from incidents /\ Eric C. Thompson.
|
| Publication Statement
|
:
|
[Berkeley, CA] :: Apress,, 2018.
|
|
|
:
|
New York, NY :: Distributed to the Book trade worldwide by Springer
|
|
|
:
|
, ©2018
|
| Page. NO
|
:
|
1 online resource (xv, 176 pages) :: illustrations
|
| ISBN
|
:
|
1484238699
|
|
|
:
|
: 1484238702
|
|
|
:
|
: 1484238710
|
|
|
:
|
: 9781484238691
|
|
|
:
|
: 9781484238707
|
|
|
:
|
: 9781484238714
|
|
|
:
|
9781484238691
|
| Notes
|
:
|
Includes index.
|
| Contents
|
:
|
Intro; Table of Contents; About the Author; About the Technical Reviewer; Acknowledgments; Introduction; Chapter 1: The Significance of Incident Response; Why Does This Happen?; Strategy vs. Tactics; Changing the Culture; Summary; Chapter 2: Necessary Prerequisites; Establishing the Identify and Protect Functions; Defined Cybersecurity Program; A Programmatic Approach; Identifying Programs; How Does Each Program Support Incident Response?; Summary; Chapter 3: Incident Response Frameworks; NIST 800-61; Organizing a Computer Incident Response Capability; Incident Response Definitions.
|
|
|
:
|
Detection and AnalysisContainment, Eradication, and Recovery; Post-Incident Activity; NIST CSF Implementations; Detection; Anomalies and Events; Security Monitoring; Detection Processes; Respond; Communication; Analysis; Mitigation; Improvement; Recover; Recovery Planning; Improvement; Communications; From Guidance to Program Implementation; Policy; Procedures; Control Processes Implemented; Measurement; Management Actions; Summary; Chapter 4: Leadership, Teams, and Culture; Leadership Qualities; Passion; Humility; Listening; Decisiveness; Emotional Intelligence; Culture.
|
|
|
:
|
How They Build Culture at Ohio StateImproving Leadership Skills; Improving Technical Skills; Team Skills; Alignment of the Team; Prepare to Handle Incidents; Facilitating Organizational Change; Kotter's Eight-Step Change Model; Lewin's Change Management Model; Unfreeze; Change; Refreeze; Summary; Chapter 5: The Incident Response Strategy; Purpose; Scope; Definitions; How to Respond to Incidents; Incident Response Goals; Roles and Responsibilities; Triage; Escalation; Event and Response Phases; Summary; Chapter 6: Cyber Risks and the Attack Life Cycle; Documenting Cyber Risks; Threat Analysis.
|
|
|
:
|
How Vulnerabilities Become RisksMeasuring Risk Severity; Likelihood; Impact; Review the Risk Assessment; The Mandiant Cyber Attack Life Cycle; Breaking Down the Life Cycle; Phase One; Reconnaissance; Initial Compromise; Establishing a Foothold; Phase Two; Escalating Privileges; Internal Recon; Move Laterally; Maintain Presence; Phase Three-Complete the Mission; How This Helps; Tie the Risk Assessment and Kill Chain; Targeting End Users; Targeting Web Applications; OWASP Top Ten; Summary; Chapter 7: Detection and Identification of Events; Building Detective Capabilities; Data Loss Protection.
|
|
|
:
|
Policy ElementsPlan Elements; The Team; Mission; Goals and Strategy; Senior Management Approval; Handling Internal and External Communication; Road Map for Maturing the Process; Metrics Used to Measure the Incident Response Capability; Procedure Elements; Sharing Information with Outside Parties; The Media; Law Enforcement; Incident Response Team Structure; Team Models; Team Model Selection; Incident Response Personnel; Dependencies Within Organizations; Incident Response Team Services; Handling an Incident; Preparation: Preventing and Preparing to Handle Incidents; Attack Vectors.
|
| Abstract
|
:
|
Create, maintain, and manage a continual cybersecurity incident response program using the practical steps presented in this book. Don't allow your cybersecurity incident responses (IR) to fall short of the mark due to lack of planning, preparation, leadership, and management support. Surviving an incident, or a breach, requires the best response possible. This book provides practical guidance for the containment, eradication, and recovery from cybersecurity events and incidents. The book takes the approach that incident response should be a continual program. Leaders must understand the organizational environment, the strengths and weaknesses of the program and team, and how to strategically respond. Successful behaviors and actions required for each phase of incident response are explored in the book. Straight from NIST 800-61, these actions include: Planning and practicing Detection Containment Eradication Post-incident actions What You'll Learn Know the sub-categories of the NIST Cybersecurity Framework Understand the components of incident response Go beyond the incident response plan Turn the plan into a program that needs vision, leadership, and culture to make it successful Be effective in your role on the incident response team Who This Book Is For Cybersecurity leaders, executives, consultants, and entry-level professionals responsible for executing the incident response plan when something goes wrong.
|
| Subject
|
:
|
Computer crimes.
|
| Subject
|
:
|
Computer security-- Management.
|
| Subject
|
:
|
Computer crimes.
|
| Subject
|
:
|
Computer security-- Management.
|
| Dewey Classification
|
:
|
005.8
|
| LC Classification
|
:
|
QA76.9.A25
|