Crafting the InfoSec Playbook: Security Monitoring and Incident Response Master Plan

by Jeff Bollinger, Brandon Enright, Matthew Valites

Any good attacker will tell you that expensive security monitoring and prevention tools aren’t enough to keep you secure. This practical book demonstrates a data-centric approach to distilling complex security monitoring, incident response, and threat analysis ideas into their most basic elements. You’ll learn how to develop your own threat intelligence and incident detection strategy, rather than depend on security tools alone.

Written by members of Cisco’s Computer Security Incident Response Team, this book shows IT and information security professionals how to create an InfoSec playbook by developing strategy, technique, and architecture.

Learn incident response fundamentals—and the importance of getting back to basicsUnderstand threats you face and what you should be protectingCollect, mine, organize, and analyze as many relevant data sources as possibleBuild your own playbook of repeatable methods for security monitoring and responseLearn how to put your plan into action and keep it running smoothlySelect the right monitoring and detection tools for your environmentDevelop queries to help you sort through data and create valuable reportsKnow what actions to take during the incident response phase

Genres: Computer Science

456 pages, Kindle Edition

First published May 7, 2015

Reviews

[Marjori Pomarole · Rating 3 out of 5]

Nicely written for someone who never had to think of Incident Response before. But it read a bit outdated completely missing topics like mobile application security and cloud computing. Topics which most InfoSec organizations need to deal with in this day and age.
I disliked how much of the work detailed in this book needed to come from a specialized security team when I think most organizations could benefit from a model where the system engineers and developers themselves are in charge of the monitoring and response of their application.