Intelligence-Driven Incident Response, 2nd Edition (5th Early Release) [2 ed.] 9781098120689, 9781098120627

Table of contents :
1. Introduction
Intelligence as Part of Incident Response
History of Cyber Threat Intelligence
Modern Cyber-Threat Intelligence
The Way Forward
Incident Response as a Part of Intelligence
What Is Intelligence -Driven Incident Response?
Why Intelligence -Driven Incident Response?
Operation SMN
SolarWinds
Conclusion
Sources :
2. Basics of Intelligence
Intelligence and Research
Data Versus Intelligence
Sources and Methods
Models
Using Models for Collaboration
Process Models
OODA
Intelligence Cycle
Using the Intelligence Cycle
Qualities of Good Intelligence
Levels of Intelligence
Tactical Intelligence
Operational Intelligence
Strategic Intelligence
Confidence Levels
Conclusion
3. Basics of Incident Response
Incident-Response Cycle
Preparation
Identification
Containment
Eradication
Recovery
Lessons Learned
Kill Chain
Targeting
Reconnaissance
Weaponization
Delivery
Exploitation
Installation
Command and Control
Actions on Objective
Example Kill Chain
Diamond Model
Basics of the Diamond Model
Extending the Model
ATT&CK & D3FEND
ATT&CK
D3FEND
Active Defense
Deny
Disrupt
Degrade
Deceive
Destroy
F3EAD
Find
Fix
Finish
Exploit
Analyze
Disseminate
Using F3EAD
Picking the Right Model
Scenario: ROAD RUNNER
Conclusion
4. Exploit
Tactical Versus Strategic OODA Loops
What to Exploit?
Gathering Information
Information Gathering Goals
Mining Previous Incidents
Gathering External Information (aka Conducting a Literature Review)
Extracting and Storing Threat Data
Standards for Storing Threat Data
Data Standards and Formats for Indicators
Data Standards and Formats for Strategic Information
Process for Extracting
Managing Information
Threat-Intelligence Platforms
Conclusion
5. Analyze
The Fundamentals of Analysis
Dual Process thinking
Inductive, Deductive, and Abductive Reasoning
Case Study: The OPM Breach
Analytic Processes and Methods
Structured Analytic Techniques
Target-Centric Analysis
Conducting the Analysis
What to Analyze?
Enriching Your Data
Leverage Information sharing
Developing Your Hypothesis
Evaluating Key Assumptions
Judgment and Conclusions
Things that are Gonna Screw You Up, Aka Analytic Bias
Accounting for biases
Conclusion
6. Strategic Intelligence
What Is Strategic Intelligence?
Sherman Kent: Father of American Intelligence Analysis
The Role of Strategic Intelligence in IDIR
Intelligence Beyond Incident Response
Building a Frame with Strategic Intelligence
The Strategic Intelligence Cycle
Setting Strategic Requirements
Collection
Analysis
Processes for strategic intelligence
Dissemination
Moving towards anticipatory intelligence
Conclusion
About the Authors