Intelligence-driven incident response: outwitting the adversary [First edition] 9781491934944, 1491934948

Using a well-conceived incident response plan in the aftermath of an online security breach enables your team to identif

248 81 2MB

English Pages xvii, 260 pages: illustrations; 24 cm Year 2017

Report DMCA / Copyright

DOWNLOAD AZW3 FILE

Table of contents :
Machine generated contents note: pt. I The Fundamentals --
1. Introduction --
Intelligence as Part of Incident Response --
History of Cyber Threat Intelligence --
Modern Cyber Threat Intelligence --
The Way Forward --
Incident Response as a Part of Intelligence --
What Is Intelligence-Driven Incident Response? --
Why Intelligence-Driven Incident Response? --
Operation SMN --
Operation Aurora --
Conclusion --
2. Basics of Intelligence --
Data Versus Intelligence --
Sources and Methods --
Process Models --
OODA --
Intelligence Cycle --
Using the Intelligence Cycle --
Qualities of Good Intelligence --
Levels of Intelligence --
Tactical Intelligence --
Operational Intelligence --
Strategic Intelligence --
Confidence Levels --
Conclusion --
3. Basics of Incident Response --
Incident-Response Cycle --
Preparation --
Identification --
Containment --
Eradication --
Recovery --
Lessons Learned --
Kill Chain --
Targeting --
Reconnaissance --
Weaponization --
Delivery --
Exploitation --
Installation --
Command and Control --
Actions on Objective --
Example Kill Chain --
Diamond Model --
Basic Model --
Extending the Model --
Active Defense --
Deny --
Disrupt --
Degrade --
Deceive --
Destroy --
F3EAD --
Find --
Fix --
Finish --
Exploit --
Analyze --
Disseminate --
Using F3EAD --
Picking the Right Model --
Scenario: GLASS WIZARD --
Conclusion --
pt. II Practical Application --
4. Find --
Actor-Centric Targeting --
Starting with Known Information --
Useful Find Information --
Asset-Centric Targeting --
Using Asset-Centric Targeting --
News-Centric Targeting --
Targeting Based on Third-Party Notification --
Prioritizing Targeting --
Immediate Needs --
Past Incidents --
Criticality --
Organizing Targeting Activities --
Hard Leads --
Soft Leads --
Grouping Related Leads --
Lead Storage --
The Request for Information Process --
Conclusion --
5. Fix --
Intrusion Detection --
Network Alerting --
System Alerting --
Fixing GLASS WIZARD --
Intrusion Investigation --
Network Analysis --
Live Response --
Memory Analysis --
Disk Analysis --
Malware Analysis --
Scoping --
Hunting --
Developing Leads --
Testing Leads --
Conclusion --
6. Finish --
Finishing Is Not Hacking Back --
Stages of Finish --
Mitigate --
Remediate --
Rearchitect --
Taking Action --
Deny --
Disrupt --
Degrade --
Deceive --
Destroy --
Organizing Incident Data --
Tools for Tracking Actions --
Purpose-Built Tools --
Assessing the Damage --
Monitoring Life Cycle --
Conclusion --
7. Exploit --
What to Exploit? --
Gathering Information --
Storing Threat Information --
Data Standards and Formats for Indicators --
Data Standards and Formats for Strategic Information --
Managing Information --
Threat-Intelligence Platforms --
Conclusion --
8. Analyze --
The Fundamentals of Analysis --
What to Analyze? --
Conducting the Analysis --
Enriching Your Data --
Developing Your Hypothesis --
Evaluating Key Assumptions --
Judgment and Conclusions --
Analytic Processes and Methods --
Structured Analysis --
Target-Centric Analysis --
Analysis of Competing Hypotheses --
Graph Analysis --
Contrarian Techniques --
Conclusion --
9. Disseminate --
Intelligence Consumer Goals --
Audience --
Executive/Leadership Consumer --
Internal Technical Consumers --
External Technical Consumers --
Developing Consumer Personas --
Authors --
Actionability --
The Writing Process --
Plan --
Draft --
Edit --
Intelligence Product Formats --
Short-Form Products --
Long-Form Products --
The RFI Process --
Automated Consumption Products --
Establishing a Rhythm --
Distribution --
Feedback --
Regular Products --
Conclusion --
pt. III The Way Forward --
10. Strategic Intelligence --
What Is Strategic Intelligence? --
Developing Target Models --
The Strategic Intelligence Cycle --
Setting Strategic Requirements --
Collection --
Analysis --
Dissemination --
Conclusion --
11. Building an Intelligence Program --
Are You Ready? --
Planning the Program --
Defining Stakeholders --
Defining Goals --
Defining Success Criteria --
Identifying Requirements and Constraints --
Defining Metrics --
Stakeholder Personas --
Tactical Use Cases --
SOC Support --
Indicator Management --
Operational Use Cases --
Campaign Tracking --
Strategic Use Cases --
Architecture Support --
Risk Assessment/Strategic Situational Awareness --
Strategic to Tactical or Tactical to Strategic? --
Hiring an Intelligence Team --
Demonstrating Intelligence Program Value --
Conclusion.

Intelligence-driven incident response: outwitting the adversary [First edition]
 9781491934944, 1491934948

  • 0 0 0
  • Like this paper and download? You can publish your own PDF file online for free in a few minutes! Sign Up
Recommend Papers