Details
| Title | Practical cyber intelligence: how action-based intelligence can be an effective response to incidents |
|---|---|
| Creators | Bautista Wilson (Jr.,) |
| Collection | Электронные книги зарубежных издательств ; Общая коллекция |
| Subjects | Cyber intelligence (Computer security) ; Cyberterrorism — Prevention. ; Computer networks — Security measures. ; Information technology — Security measures. ; Computer crimes — Prevention. ; COMPUTERS / Security / General ; EBSCO eBooks |
| Document type | Other |
| File type | |
| Language | English |
| Rights | Доступ по паролю из сети Интернет (чтение, печать, копирование) |
| Record key | on1034015100 |
| Record create date | 5/4/2018 |
Allowed Actions
| pdf/1775073.pdf | – |
Action 'Read' will be available if you login or access site from another network
Action 'Download' will be available if you login or access site from another network
|
|---|---|---|
| epub/1775073.epub | – |
Action 'Download' will be available if you login or access site from another network
|
| Group | Anonymous |
|---|---|
| Network | Internet |
| Network | User group | Action |
|---|---|---|
| ILC SPbPU Local Network | All |
|
| Internet | Authorized users SPbPU |
|
| Internet | Anonymous |
|
- Cover
- Copyright and Credits
- Dedication
- Packt Upsell
- Contributors
- Table of Contents
- Preface
- Chapter 1: The Need for Cyber Intelligence
- Need for cyber intelligence
- The application of intelligence in the military
- Intel stories in history
- The American Revolutionary War
- Napoleon's use of intelligence
- Intel stories in history
- Some types of intelligence
- HUMINT or human intelligence
- IMINT or image intelligence
- MASINT or measurement and signature intelligence
- OSINT or open source intelligence
- SIGINT or signals intelligence
- COMINT or communications intelligence
- ELINT or electronic intelligence
- FISINT or foreign instrumentation signals intelligence
- TECHINT or technical intelligence
- MEDINT or medical intelligence
- All source intelligence
- Intelligence drives operations
- Putting theory into practice isn't simple
- Understanding the maneuver warfare mentality
- Follow the process, the process will save you
- What is maneuver warfare?
- Tempo
- The OODA Loop
- Center of gravity and critical vulnerability
- Surprise – creating and exploiting opportunity
- Combined arms – collaboration
- Flexibility
- Decentralized command
- Tempo
- Summary
- Chapter 2: Intelligence Development
- The information hierarchy
- Introduction to the intelligence cycle
- The intelligence cycle steps
- Step 1 – Planning and direction
- Requirements development
- Requirements management
- Directing the intelligence effort
- Requirements satisfaction
- Planning the intelligence support system
- Step 2 – Collection
- Step 3 – Processing
- Step 4 – Analysis and Production
- Step 5 – Dissemination
- Methods
- Channels
- Modes
- Dissemination architecture
- Step 6 – Utilization
- Summary
- Chapter 3: Integrating Cyber Intel, Security, and Operations
- A different look at operations and security
- Developing a strategic cyber intelligence capability
- Understanding our priorities
- The business architecture
- The data/application architecture
- Technology architecture
- Application of the architectures and cyber intelligence
- A look at strategic cyber intelligence – level 1
- Understanding our priorities
- Introduction to operational security
- OPSEC step 1 – identify critical information
- OPSEC step 2 – analysis of threats
- OPSEC step 3 – analysis of vulnerabilities
- OPSEC step 4 – assessment of risk
- OPSEC step 5 – application of appropriate countermeasures
- OPSEC applicability in a business environment
- Cyber intel program roles
- Strategic level – IT leadership
- Strategic level – cyber intelligence program officer
- Tactical level – IT leadership
- Tactical level – cyber intelligence program manager
- Operational level – IT leadership
- Operational level – cyber intelligence analysts
- Summary
- Chapter 4: Using Cyber Intelligence to Enable Active Defense
- An introduction to Active Defense
- Understanding the Cyber Kill Chain
- General principles of Active Defense
- Active Defense – principle 1: annoyance
- Active Defense – principle 2: attribution
- Enticement and entrapment in Active Defense
- Scenario A
- Scenario B
- Types of Active Defense
- Types of Active Defense – manual
- Types of Active Defense – automatic
- An application of tactical level Active Defense
- Summary
- Chapter 5: F3EAD for You and for Me
- Understanding targeting
- The F3EAD process
- F3EAD in practice
- F3EAD and the Cyber Kill Chain
- Cyber Kill Chain and OODA loop
- Cyber Kill Chain and OPSEC
- Cyber Kill Chain and the intelligence cycle
- Cyber Kill Chain and F3EAD
- Application of F3EAD in the commercial space
- Limitations of F3EAD
- Summary
- Chapter 6: Integrating Threat Intelligence and Operations
- Understanding threat intelligence
- Capability Maturity Model – threat intelligence overview
- Level 1 – threat intelligence collection capability
- Phase initial
- Example 1 – Open Threat Exchange – AlienVault
- Example 2 - Twitter
- Example 3 - Information Sharing and Analysis Centers
- Example 4 - news alert notifications
- Example 5 - Rich Site Summary feeds
- Phase A
- Example 1 - Cisco – GOSINT platform
- Example 2 - The Malware Information Sharing Platform project
- Phase B
- Phase C
- Phase initial
- Level 2 – Threat Information Integration
- Phase initial
- Phase A
- Categorization of items that are applicable to multiple teams
- Phase B
- Phase C
- Level 1 – threat intelligence collection capability
- Summary
- Chapter 7: Creating the Collaboration Capability
- Purpose of collaboration capability
- Formal communications
- Informal communications
- Communication and cyber intelligence process
- Methods and tools for collaboration
- Service level agreements and organizational level agreements
- Responsible accountable supporting consulted informed matrix
- Using key risk indicators
- Collaboration at the Strategic Level
- Executive support
- Policies and procedures
- Architecture
- Understanding dependencies
- Prioritized information
- Intelligence aggregation
- Intelligence reconciliation and presentation
- Collaboration at the Tactical Level
- Breaking down priority information requirements
- Application of the theory
- Theory versus reality
- Creating the tactical dashboard
- Collaboration at the Operational Level
- Summary
- Purpose of collaboration capability
- Chapter 8: The Security Stack
- Purpose of integration – it's just my POV
- Core security service basics
- Security Operations Center
- The spider
- Capabilities among teams
- Capability deep dive – Security Configuration Management
- Security Configuration Management – core processes
- Security Configuration Management – Discovery and Detection
- Security Configuration Management – Risk Mitigation
- Security Configuration Management – Security State Analysis
- Security Configuration Management – Data Exposure and Sharing
- Prelude – integrating like services
- Integrating cyber intel from different services
- Overview – red team methodology
- Red team – testing methods
- White box
- Gray box
- Black box
- Red team constraints
- Red team – graphical representation
- Data integration challenges
- The end user perspective
- The service level perspective – cyber intelligence – Data Exposure and Sharing
- The SOC perspective
- Capability Maturity Model – InfoSec and cyber intel
- Capability Maturity Model - InfoSec and cyber intel – initial phase
- Capability Maturity Model - InfoSec and cyber intel – Phase A
- Capability Maturity Model - InfoSec and cyber intel – Phase B
- Capability Maturity Model - InfoSec and cyber intel – Phase C
- Collaboration + Capability = Active Defense
- Summary
- Chapter 9: Driving Cyber Intel
- The gap
- Another set of eyes
- The logic
- Event
- Incident
- Mapping events and incidents to InfoSec capabilities
- The logic
- Capability Maturity Model – security awareness
- Capability Maturity Model - security awareness Phase - Initial
- Capability Maturity Model - security awareness – Phase A
- Capability Maturity Model - security awareness – Phase B
- Capability Maturity Model - security awareness – Phase C
- Capability Maturity Model - security awareness – Phase C +
- Just another day part 1
- Summary
- Chapter 10: Baselines and Anomalies
- Setting up camp
- Baselines and anomalies
- Continuous monitoring – the challenge
- Part 1
- Part 2
- Part 3
- Capability Maturity Model – continuous monitoring overview
- Level 1 – phase A
- Level 1 – phase B
- Level 1 – phase C
- Capability Maturity Model – continuous monitoring level 2
- Scenario 1 – asset management/vulnerability scanning asset inventory
- Phase initial
- Information gathering
- Developing possible solutions
- Phase A
- Procedure RASCI (example)
- Phase B
- Regional data centers
- Local office environment
- Phase C
- Phase initial
- Scenario 2 – security awareness/continuous monitoring/IT helpdesk
- Phase initial
- Information gathering
- Developing possible solutions
- Phase A
- Procedure RASCI (example)
- Phase B and C – sample questions
- Phase initial
- Just another day part 2
- Scenario 1 – asset management/vulnerability scanning asset inventory
- Summary
- Setting up camp
- Chapter 11: Putting Out the Fires
- Quick review
- Overview – incident response
- Preparation and prevention
- Detection and analysis
- Containment, eradication, and recovery
- Post-incident activity
- Incident response process and F3EAD integration
- Intelligence process tie-in
- Capability Maturity Model – incident response
- Initial phase
- Phase A
- Phase B
- Phase C
- Summary
- Chapter 12: Vulnerability Management
- A quick recap
- The Common Vulnerability Scoring System calculator
- Base metric group
- Temporal metric group
- Environmental metric group
- CVSS base scoring
- Metrics madness
- Vulnerability management overview
- Capability Maturity Model: vulnerability management – scanning
- Initial phase
- Phase A
- Phase B
- Phase C
- Capability Maturity Model: vulnerability management – reporting
- Initial phase
- Phase A
- Phase B
- Phase C
- Capability Maturity Model: vulnerability management – fix
- Initial phase
- Phase A
- Phase B
- Phase C
- Summary
- Chapter 13: Risky Business
- Risk overview
- Treating risk
- Risk tolerance and risk appetite
- Labeling things platinum, gold, silver, and copper
- Differentiating networks
- Taking a different look at risk
- Review of threat intelligence integration
- Capability Maturity Model: risk phase – initial
- Improving risk reporting part 1
- Capability Maturity Model: risk phase – final
- Improving risk reporting part 2
- Open source governance risk and compliance tools
- Binary Risk Assessment
- STREAM cyber risk platform
- Practical threat analysis for information security experts
- SimpleRisk
- Security Officers Management and Analysis Project
- Summary
- Risk overview
- Chapter 14: Assigning Metrics
- Security configuration management
- Developing the risk score
- Working in key risk indicators
- Summary
- Security configuration management
- Chapter 15: Wrapping Up
- Just another day part 3
- Lessons learned
- Other Books You May Enjoy
- Index
