Cyber breach response that actually works organizational approach to managing residual risk / [electronic resource] :
Andrew Gorecki.
- Indianapolis : Wiley, 2020.
- 1 online resource (323 p.)
Description based upon print version of record. Understanding Incident Management Includes index.
Cover -- Title Page -- Copyright Page -- About the Author -- About the Technical Editors -- Acknowledgments -- Contents at a Glance -- Contents -- Foreword -- Introduction -- Who Should Read This Book -- How This Book Is Organized -- How to Contact Wiley or the Author -- Notes -- Chapter 1 Understanding the Bigger Picture -- Evolving Threat Landscape -- Identifying Threat Actors -- Cyberattack Lifecycle -- Defining Cyber Breach Response -- Events, Alerts, Observations, Incidents, and Breaches -- What Is Cyber Breach Response? -- Identifying Drivers for Cyber Breach Response -- Risk Management Cyber Threat Intelligence -- Laws and Regulations -- Changing Business Objectives -- Incorporating Cyber Breach Response into a Cybersecurity Program -- Strategic Planning -- Designing a Program -- Implementing Program Components -- Program Operations -- Continual Improvement -- Strategy Development -- Strategic Assessment -- Strategy Definition -- Strategy Execution -- Roadmap Development -- Governance -- Establishing Policies -- Identifying Key Stakeholders -- Business Alignment -- Continual Improvement -- Summary -- Notes -- Chapter 2 Building a Cybersecurity Incident Response Team Defining a CSIRT -- CSIRT History -- Defining Incident Response Competencies and Functions -- Proactive Functions -- Reactive Functions -- Creating an Incident Response Team -- Creating an Incident Response Mission Statement -- Choosing a Team Model -- Organizing an Incident Response Team -- Hiring and Training Personnel -- Establishing Authority -- Introducing an Incident Response Team to the Enterprise -- Enacting a CSIRT -- Defining a Coordination Model -- Communication Flow -- Assigning Roles and Responsibilities -- Business Functions -- Legal and Compliance Information Technology Functions -- Senior Management -- Working with Outsourcing Partners -- Outsourcing Considerations -- Establishing Successful Relationships with Vendors -- Summary -- Notes -- Chapter 3 Technology Considerations in Cyber Breach Investigations -- Sourcing Technology -- Comparing Commercial vs. Open Source Tools -- Developing In-House Software Tools -- Procuring Hardware -- Acquiring Forensic Data -- Forensic Acquisition -- Live Response -- Incident Response Investigations in Virtualized Environments -- Traditional Virtualization -- Cloud Computing Leveraging Network Data in Investigations -- Identifying Forensic Evidence in Enterprise Technology Services -- Domain Name System -- Dynamic Host Configuration Protocol -- Web Servers -- Databases -- Security Tools -- Log Management -- What Is Logging? -- What Is Log Management? -- Log Management Lifecycle -- Collection and Storage -- Managing Logs with a SIEM -- Summary -- Notes -- Chapter 4 Crafting an Incident Response Plan -- Incident Response Lifecycle -- Preparing for an Incident -- Detecting and Analyzing Incidents -- Containment, Eradication, and Recovery -- Post-Incident Activities