Intelligence-Driven Incident Response: Outwitting the Adversary 2nd Edition

Brown, Roberts

  • 出版商: O'Reilly
  • 出版日期: 2023-07-18
  • 定價: $2,300
  • 售價: 9.5$2,185
  • 貴賓價: 9.0$2,070
  • 語言: 英文
  • 頁數: 343
  • 裝訂: Quality Paper - also called trade paper
  • ISBN: 109812068X
  • ISBN-13: 9781098120689
  • 相關分類: 資訊安全
  • 立即出貨 (庫存 < 4)

買這商品的人也買了...

相關主題

商品描述

Using a well-conceived incident response plan in the aftermath of an online security breach enables your team to identify attackers and learn how they operate. But only when you approach incident response with a cyber threat intelligence mindset will you truly understand the value of that information. In this updated second edition, you'll learn the fundamentals of intelligence analysis as well as the best ways to incorporate these techniques into your incident response process.

Each method reinforces the other: threat intelligence supports and augments incident response, while incident response generates useful threat intelligence. This practical guide helps incident managers, malware analysts, reverse engineers, digital forensics specialists, and intelligence analysts understand, implement, and benefit from this relationship.

In three parts, this in-depth book includes:

  • The fundamentals: Get an introduction to cyberthreat intelligence, the intelligence process, the incident response process, and how they all work together
  • Practical application: Walk through the intelligence-driven incident response (IDIR) process using the F3EAD process: Find, Fix, Finish, Exploit, Analyze, and Disseminate
  • The way forward: Explore big-picture aspects of IDIR that go beyond individual incident response investigations, including intelligence team building

商品描述(中文翻譯)

在線安全遭受入侵後,使用一個周密的事件應對計劃可以幫助您的團隊識別攻擊者並了解他們的操作方式。但只有當您以網絡威脅情報的思維方式來處理事件應對時,您才能真正理解這些信息的價值。在這本更新的第二版中,您將學習情報分析的基本原理,以及將這些技術應用於事件應對過程的最佳方法。

每種方法都相互補充:威脅情報支持並增強事件應對,而事件應對則產生有用的威脅情報。這本實用指南幫助事件經理、惡意軟件分析師、逆向工程師、數字取證專家和情報分析師理解、實施和從這種關係中受益。

這本深入的書籍分為三個部分,包括:
- 基礎知識:介紹網絡威脅情報、情報處理過程、事件應對過程以及它們之間的相互作用。
- 實際應用:使用F3EAD過程(查找、修復、結束、利用、分析和傳播)來進行基於情報的事件應對(IDIR)過程。
- 未來發展:探索超越個別事件應對調查的IDIR的大局方面,包括情報團隊建設。