skip to content
Intelligence-driven incident response : outwitting the adversary Preview this item
ClosePreview this item
Checking...

Intelligence-driven incident response : outwitting the adversary

Author: Scott J Roberts; Rebekah Brown
Publisher: Sebastopol, CA : O'Reilly Media, [2017] ©2017
Edition/Format:   eBook : Document : English : First editionView all editions and formats
Summary:

With this practical guide, incident managers, malware analysts, reverse engineers, digital forensics specialists, and intelligence analysts will learn the fundamentals of intelligence analysis, as  Read more...

Rating:

(not yet rated) 0 with reviews - Be the first.

Subjects
More like this

Find a copy in the library

&AllPage.SpinnerRetrieving; Finding libraries that hold this item...

Details

Genre/Form: Electronic books
Additional Physical Format: Print version:
Roberts, Scott J.
Intelligence-driven incident response.
©2017
(OCoLC)935986592
Material Type: Document, Internet resource
Document Type: Internet Resource, Computer File
All Authors / Contributors: Scott J Roberts; Rebekah Brown
ISBN: 9781491935200 1491935200
OCLC Number: 1003042356
Notes: Includes index.
Description: 1 online resource (1 volume) : illustrations
Contents: Copyright; Table of Contents; Foreword; Preface; Why We Wrote This Book; Who This Book Is For; How This Book Is Organized; Conventions Used in This Book; O'Reilly Safari; How to Contact Us; Acknowledgments; Part I. The Fundamentals; Chapter 1. Introduction; Intelligence as Part of Incident Response; History of Cyber Threat Intelligence; Modern Cyber Threat Intelligence; The Way Forward; Incident Response as a Part of Intelligence; What Is Intelligence-Driven Incident Response?; Why Intelligence-Driven Incident Response?; Operation SMN; Operation Aurora; Conclusion. Chapter 2. Basics of IntelligenceData Versus Intelligence; Sources and Methods; Process Models; OODA; Intelligence Cycle; Using the Intelligence Cycle; Qualities of Good Intelligence; Levels of Intelligence; Tactical Intelligence; Operational Intelligence; Strategic Intelligence; Confidence Levels; Conclusion; Chapter 3. Basics of Incident Response; Incident-Response Cycle; Preparation; Identification; Containment; Eradication; Recovery; Lessons Learned; Kill Chain; Targeting; Reconnaissance; Weaponization; Delivery; Exploitation; Installation; Command and Control; Actions on Objective. Example Kill ChainDiamond Model; Basic Model; Extending the Model; Active Defense; Deny; Disrupt; Degrade; Deceive; Destroy; F3EAD; Find; Fix; Finish; Exploit; Analyze; Disseminate; Using F3EAD; Picking the Right Model; Scenario: GLASS WIZARD; Conclusion; Part II. Practical Application; Chapter 4. Find; Actor-Centric Targeting; Starting with Known Information; Useful Find Information; Asset-Centric Targeting; Using Asset-Centric Targeting; News-Centric Targeting; Targeting Based on Third-Party Notification; Prioritizing Targeting; Immediate Needs; Past Incidents; Criticality. Organizing Targeting ActivitiesHard Leads; Soft Leads; Grouping Related Leads; Lead Storage; The Request for Information Process; Conclusion; Chapter 5. Fix; Intrusion Detection; Network Alerting; System Alerting; Fixing GLASS WIZARD; Intrusion Investigation; Network Analysis; Live Response; Memory Analysis; Disk Analysis; Malware Analysis; Scoping; Hunting; Developing Leads; Testing Leads; Conclusion; Chapter 6. Finish; Finishing Is Not Hacking Back; Stages of Finish; Mitigate; Remediate; Rearchitect; Taking Action; Deny; Disrupt; Degrade; Deceive; Destroy; Organizing Incident Data. Tools for Tracking ActionsPurpose-Built Tools; Assessing the Damage; Monitoring Life Cycle; Conclusion; Chapter 7. Exploit; What to Exploit?; Gathering Information; Storing Threat Information; Data Standards and Formats for Indicators; Data Standards and Formats for Strategic Information; Managing Information; Threat-Intelligence Platforms; Conclusion; Chapter 8. Analyze; The Fundamentals of Analysis; What to Analyze?; Conducting the Analysis; Enriching Your Data; Developing Your Hypothesis; Evaluating Key Assumptions; Judgment and Conclusions; Analytic Processes and Methods.
Responsibility: Scott J. Roberts and Rebekah Brown.

Reviews

User-contributed reviews
Retrieving GoodReads reviews...
Retrieving DOGObooks reviews...

Tags

Be the first.
Confirm this request

You may have already requested this item. Please select Ok if you would like to proceed with this request anyway.

Linked Data


Primary Entity

<http://www.worldcat.org/oclc/1003042356> # Intelligence-driven incident response : outwitting the adversary
    a schema:Book, schema:MediaObject, schema:CreativeWork ;
    library:oclcnum "1003042356" ;
    library:placeOfPublication <http://id.loc.gov/vocabulary/countries/cau> ;
    schema:about <http://dewey.info/class/364.168/e23/> ;
    schema:about <http://experiment.worldcat.org/entity/work/data/4472017957#Topic/social_science_criminology> ; # SOCIAL SCIENCE--Criminology
    schema:about <http://experiment.worldcat.org/entity/work/data/4472017957#Topic/computer_crimes_investigation> ; # Computer crimes--Investigation
    schema:author <http://experiment.worldcat.org/entity/work/data/4472017957#Person/brown_rebekah> ; # Rebekah Brown
    schema:author <http://experiment.worldcat.org/entity/work/data/4472017957#Person/roberts_scott_j> ; # Scott J. Roberts
    schema:bookEdition "First edition." ;
    schema:bookFormat schema:EBook ;
    schema:datePublished "2017" ;
    schema:description "Copyright; Table of Contents; Foreword; Preface; Why We Wrote This Book; Who This Book Is For; How This Book Is Organized; Conventions Used in This Book; O'Reilly Safari; How to Contact Us; Acknowledgments; Part I. The Fundamentals; Chapter 1. Introduction; Intelligence as Part of Incident Response; History of Cyber Threat Intelligence; Modern Cyber Threat Intelligence; The Way Forward; Incident Response as a Part of Intelligence; What Is Intelligence-Driven Incident Response?; Why Intelligence-Driven Incident Response?; Operation SMN; Operation Aurora; Conclusion."@en ;
    schema:exampleOfWork <http://worldcat.org/entity/work/id/4472017957> ;
    schema:genre "Electronic books"@en ;
    schema:inLanguage "en" ;
    schema:isSimilarTo <http://www.worldcat.org/oclc/935986592> ;
    schema:name "Intelligence-driven incident response : outwitting the adversary"@en ;
    schema:productID "1003042356" ;
    schema:url <http://proquest.safaribooksonline.com/9781491935187> ;
    schema:url <https://proquest.safaribooksonline.com/9781491935187> ;
    schema:url <http://public.eblib.com/choice/publicfullrecord.aspx?p=4981597> ;
    schema:url <http://public.ebookcentral.proquest.com/choice/publicfullrecord.aspx?p=4981597> ;
    schema:url <http://proquestcombo.safaribooksonline.com/9781491935187> ;
    schema:url <https://ezproxy.spl.org/login?url=https://proquest.safaribooksonline.com/9781491935187> ;
    schema:url <http://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&db=nlabk&AN=1578731> ;
    schema:workExample <http://worldcat.org/isbn/9781491935200> ;
    wdrs:describedby <http://www.worldcat.org/title/-/oclc/1003042356> ;
    .


Related Entities

<http://experiment.worldcat.org/entity/work/data/4472017957#Person/brown_rebekah> # Rebekah Brown
    a schema:Person ;
    schema:familyName "Brown" ;
    schema:givenName "Rebekah" ;
    schema:name "Rebekah Brown" ;
    .

<http://experiment.worldcat.org/entity/work/data/4472017957#Person/roberts_scott_j> # Scott J. Roberts
    a schema:Person ;
    schema:familyName "Roberts" ;
    schema:givenName "Scott J." ;
    schema:name "Scott J. Roberts" ;
    .

<http://experiment.worldcat.org/entity/work/data/4472017957#Topic/computer_crimes_investigation> # Computer crimes--Investigation
    a schema:Intangible ;
    schema:name "Computer crimes--Investigation"@en ;
    .

<http://experiment.worldcat.org/entity/work/data/4472017957#Topic/social_science_criminology> # SOCIAL SCIENCE--Criminology
    a schema:Intangible ;
    schema:name "SOCIAL SCIENCE--Criminology"@en ;
    .

<http://worldcat.org/isbn/9781491935200>
    a schema:ProductModel ;
    schema:isbn "1491935200" ;
    schema:isbn "9781491935200" ;
    .

<http://www.worldcat.org/oclc/935986592>
    a schema:CreativeWork ;
    rdfs:label "Intelligence-driven incident response." ;
    schema:description "Print version:" ;
    schema:isSimilarTo <http://www.worldcat.org/oclc/1003042356> ; # Intelligence-driven incident response : outwitting the adversary
    .


Content-negotiable representations

Close Window

Please sign in to WorldCat 

Don't have an account? You can easily create a free account.