Custom cover image
Blue team handbook: incident responsek / Don Murdoch
Resource type: Ressourcentyp: Buch (Online)Book (Online)Language: English Publisher: Santa Rosa : O'Reilly, February 2026Description: 1 Online-Ressource (359 p.)ISBN:- 9798341661288
Contents:
Summary: As cyberthreats grow and infrastructure evolves, organizations must prioritize effective, dynamic, and adaptable incident response.Following the success of the original edition, Blue Team Handbook: Incident Response has been updated to reflect today's evolving cybersecurity landscapePPN: PPN: 1969502487Package identifier: Produktsigel: ZDB-4-NLEBK
Cover -- Copyright -- Table of Contents -- Preface -- Who Should Read This Book -- Why I Wrote This Book -- Navigating This Book -- Conventions Used in This Book -- Using Code Examples -- O'Reilly Online Learning -- How to Contact Us -- Acknowledgments -- Chapter 1. Practical Incident Response Defined -- The NIST Incident Response Lifecycle -- The SANS Incident Response Lifecycle -- Dynamic Incident Response and Intelligence Lifecycles -- Time Based Security -- Leveraging MITRE ATT&CK for Incident Response -- Prioritizing Data Collection Using ATT&CK -- Threat-Informed Defense
Need a Place to Start? -- Adapting IR Lifecycles to Your Organization -- The Changing Adversarial Landscape -- Chapter 2. The Six Phases of Modern Incident Response -- Phase 1, Preparation: Know Thy Network and the Identities of Those Who Use It -- Preparation: Tools and Techniques Survey and Checklist -- Preparation: Visibility Tools and Techniques -- Preparation: Command-Line Auditing -- Preparation: Data Breach Rules of the Road -- Preparation: Policy and Procedure -- Preparation: Enable Early Warning Indicators -- Phase 2, Identification: How Serious Is It?
Phase 3, Containment: Stopping the Adversary -- Phase 4, Eradication: Revert Adversary Actions -- Phase 5, Recovery: Back Up and Running -- Phase 6, Lessons Learned: Reporting and Follow-Up -- Incident-Driven Countermeasures -- Chapter 3. Incident Response Skills and Practices -- Finding Metrics That Matter -- The Golden Rules of IR Metrics -- Incident Response Metrics -- Improving Investigations -- Understanding the Alexiou Principle -- Externalization -- Controlling Your Theories -- Awareness of Confirmation Bias -- Following Scene Safe Practices -- The Incident Commander Role
Indicator of Attack Versus Indicator of Compromise -- IoA Examples -- IoC Examples -- Using the OODA Loop -- Assessing the Impact of a Cyber Attack -- Avoiding Analysis Paralysis -- Essential IR Business Process and Paperwork -- Regulatory Considerations -- Ed Skoudis's Pentest Authorization Letter -- "Trap and Trace" Authorization Letter -- End User-Focused Data Collection Form(s) -- Chain of Custody and Evidence Topics -- Suggestions for Organizing Evidence Data -- The Traffic Light Protocol -- Computer Security Incident Response Plan -- CSIRP Sample Table of Contents
Incident Response Templates -- PICERL Six-Phase Incident Response Template -- Commercial Incident Response Template -- Countermeasures and the SBAR Format -- Secure IR Communications -- Using GnuPG for Free Encrypted Email -- Incident Response and Forensics Are Partners -- Order of Volatility -- Triage Forensics: 5% of the Data Tells Most of the Story -- System Forensics: Dig Deep and Dissect at a Cost -- Derailing IR and DFIR: Mistakes to Avoid -- Goals and Objectives -- Packaged Cyber Threat Intelligence for IR -- Bootable Linux Distributions and Blue Team Platforms
No physical items for this record