Cybersecurity incident response : how to contain, eradicate, and recover from incidents /: how to contain, eradicate, and recover from incidents. (2018)
- Record Type:
- Book
- Title:
- Cybersecurity incident response : how to contain, eradicate, and recover from incidents /: how to contain, eradicate, and recover from incidents. (2018)
- Main Title:
- Cybersecurity incident response : how to contain, eradicate, and recover from incidents
- Further Information:
- Note: Eric C. Thompson.
- Authors:
- Thompson, Eric C
- Contents:
- Intro; Table of Contents; About the Author; About the Technical Reviewer; Acknowledgments; Introduction; Chapter 1: The Significance of Incident Response; Why Does This Happen?; Strategy vs. Tactics; Changing the Culture; Summary; Chapter 2: Necessary Prerequisites; Establishing the Identify and Protect Functions; Defined Cybersecurity Program; A Programmatic Approach; Identifying Programs; How Does Each Program Support Incident Response?; Summary; Chapter 3: Incident Response Frameworks; NIST 800-61; Organizing a Computer Incident Response Capability; Incident Response Definitions. Policy ElementsPlan Elements; The Team; Mission; Goals and Strategy; Senior Management Approval; Handling Internal and External Communication; Road Map for Maturing the Process; Metrics Used to Measure the Incident Response Capability; Procedure Elements; Sharing Information with Outside Parties; The Media; Law Enforcement; Incident Response Team Structure; Team Models; Team Model Selection; Incident Response Personnel; Dependencies Within Organizations; Incident Response Team Services; Handling an Incident; Preparation: Preventing and Preparing to Handle Incidents; Attack Vectors. Detection and AnalysisContainment, Eradication, and Recovery; Post-Incident Activity; NIST CSF Implementations; Detection; Anomalies and Events; Security Monitoring; Detection Processes; Respond; Communication; Analysis; Mitigation; Improvement; Recover; Recovery Planning; Improvement; Communications; From Guidance toIntro; Table of Contents; About the Author; About the Technical Reviewer; Acknowledgments; Introduction; Chapter 1: The Significance of Incident Response; Why Does This Happen?; Strategy vs. Tactics; Changing the Culture; Summary; Chapter 2: Necessary Prerequisites; Establishing the Identify and Protect Functions; Defined Cybersecurity Program; A Programmatic Approach; Identifying Programs; How Does Each Program Support Incident Response?; Summary; Chapter 3: Incident Response Frameworks; NIST 800-61; Organizing a Computer Incident Response Capability; Incident Response Definitions. Policy ElementsPlan Elements; The Team; Mission; Goals and Strategy; Senior Management Approval; Handling Internal and External Communication; Road Map for Maturing the Process; Metrics Used to Measure the Incident Response Capability; Procedure Elements; Sharing Information with Outside Parties; The Media; Law Enforcement; Incident Response Team Structure; Team Models; Team Model Selection; Incident Response Personnel; Dependencies Within Organizations; Incident Response Team Services; Handling an Incident; Preparation: Preventing and Preparing to Handle Incidents; Attack Vectors. Detection and AnalysisContainment, Eradication, and Recovery; Post-Incident Activity; NIST CSF Implementations; Detection; Anomalies and Events; Security Monitoring; Detection Processes; Respond; Communication; Analysis; Mitigation; Improvement; Recover; Recovery Planning; Improvement; Communications; From Guidance to Program Implementation; Policy; Procedures; Control Processes Implemented; Measurement; Management Actions; Summary; Chapter 4: Leadership, Teams, and Culture; Leadership Qualities; Passion; Humility; Listening; Decisiveness; Emotional Intelligence; Culture. How They Build Culture at Ohio StateImproving Leadership Skills; Improving Technical Skills; Team Skills; Alignment of the Team; Prepare to Handle Incidents; Facilitating Organizational Change; Kotter's Eight-Step Change Model; Lewin's Change Management Model; Unfreeze; Change; Refreeze; Summary; Chapter 5: The Incident Response Strategy; Purpose; Scope; Definitions; How to Respond to Incidents; Incident Response Goals; Roles and Responsibilities; Triage; Escalation; Event and Response Phases; Summary; Chapter 6: Cyber Risks and the Attack Life Cycle; Documenting Cyber Risks; Threat Analysis. How Vulnerabilities Become RisksMeasuring Risk Severity; Likelihood; Impact; Review the Risk Assessment; The Mandiant Cyber Attack Life Cycle; Breaking Down the Life Cycle; Phase One; Reconnaissance; Initial Compromise; Establishing a Foothold; Phase Two; Escalating Privileges; Internal Recon; Move Laterally; Maintain Presence; Phase Three-Complete the Mission; How This Helps; Tie the Risk Assessment and Kill Chain; Targeting End Users; Targeting Web Applications; OWASP Top Ten; Summary; Chapter 7: Detection and Identification of Events; Building Detective Capabilities; Data Loss Protection. … (more)
- Publisher Details:
- Berkeley, CA : Apress
- Publication Date:
- 2018
- Copyright Date:
- 2018
- Extent:
- 1 online resource (xv, 176 pages), illustrations
- Subjects:
- 005.8
Computer security -- Management
Computer crimes
Computer crimes
Computer security -- Management
Electronic books - Languages:
- English
- ISBNs:
- 9781484238707
1484238702
1484238699
9781484238691
9781484238714
1484238710 - Related ISBNs:
- 9781484238691
- Notes:
- Note: Online resource; title from PDF title page (SpringerLink, viewed September 28, 2018).
- Access Rights:
- Legal Deposit; Only available on premises controlled by the deposit library and to one user at any one time; The Legal Deposit Libraries (Non-Print Works) Regulations (UK).
- Access Usage:
- Restricted: Printing from this resource is governed by The Legal Deposit Libraries (Non-Print Works) Regulations (UK) and UK copyright law currently in force.
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library HMNTS - ELD.DS.379022
- Ingest File:
- 02_360.xml