Cyber threat intelligence : the no-nonsense guide for CISOs and Security Managers /

Understand the process of setting up a successful cyber threat intelligence (CTI) practice within an established security team. This book shows you how threat information that has been collected, evaluated, and analyzed is a critical component in protecting your organizations resources. Adopting an...

Descripción completa

Detalles Bibliográficos
Clasificación:Libro Electrónico
Autor principal: Roberts, Aaron
Formato: Electrónico eBook
Idioma:Inglés
Publicado: Berkeley, CA : Apress, 2021.
Temas:
Computer security.
Computer Security
Sécurité informatique.
Computer security
Acceso en línea:Texto completo (Requiere registro previo con correo institucional)

MARC

LEADER 00000cam a2200000 a 4500
001 OR_on1263872951
003 OCoLC
005 20231017213018.0
006 m o d
007 cr un|---aucuu
008 210814s2021 cau o 001 0 eng d
040 |a EBLCP  |b eng  |e pn  |c EBLCP  |d YDX  |d GW5XE  |d OCLCO  |d EBLCP  |d OCLCF  |d N$T  |d ESU  |d UKAHL  |d OCLCQ  |d OCLCO  |d K6U  |d OCLCQ  |d OCLCO 
019 |a 1263663587  |a 1280071334 
020 |a 9781484272206  |q (electronic bk.) 
020 |a 148427220X  |q (electronic bk.) 
020 |z 1484272196 
020 |z 9781484272190 
024 7 |a 10.1007/978-1-4842-7220-6  |2 doi 
029 1 |a AU@  |b 000069704571 
029 1 |a AU@  |b 000070280186 
035 |a (OCoLC)1263872951  |z (OCoLC)1263663587  |z (OCoLC)1280071334 
050 4 |a QA76.9.A25 
072 7 |a COM053000  |2 bisacsh 
082 0 4 |a 005.8  |2 23 
049 |a UAMI 
100 1 |a Roberts, Aaron. 
245 1 0 |a Cyber threat intelligence :  |b the no-nonsense guide for CISOs and Security Managers /  |c Aaron Roberts. 
260 |a Berkeley, CA :  |b Apress,  |c 2021. 
300 |a 1 online resource (221 pages) 
336 |a text  |b txt  |2 rdacontent 
337 |a computer  |b c  |2 rdamedia 
338 |a online resource  |b cr  |2 rdacarrier 
588 0 |a Print version record. 
505 0 |a Intro -- Table of Contents -- About the Author -- Acknowledgments -- Introduction -- Chapter 1: The Cybersecurity Wild West -- Identifying the Wheat from the Chaff -- What Kinds of Vendors Are There? -- Where Do You Even Begin? Always Start with Intelligence Requirements -- What Sectors Is Your Business Operating In? -- What Systems and Services Do You Use and Want to Monitor for Threats? -- What Are the Threats You're Worried About As a Business? -- What Other Security Vendors Do You Use? -- What Is Your Business Planning to Do in the Next X Years? -- Further Considerations for IRs 
505 8 |a What Do You Get for Your Money? -- Key Takeaways -- Chapter 2: Cyber Threat Intelligence -- What Does It Even Mean? -- The Intelligence Cycle -- 1. Planning and Direction -- 2. Collection -- 3. Processing and Exploitation -- 4. Analysis -- 5. Dissemination -- 6. Feedback -- The Diamond Model -- Diamond Model -- Adversary -- Diamond Model -- Victim -- Diamond Model -- Infrastructure -- Diamond Model -- Capabilities/TTPs -- How Do We Apply Intelligence to Existing Security? The Cyber Kill-Chain and MITRE ATT & CK Framework -- Human Behavior Doesn't Change -- The IOC Is Dead. Long Live the IOC 
505 8 |a Security Products Are Evolving -- So Should You -- The Cyber Kill-Chain -- Key Takeaways -- Chapter 3: Structured Intelligence -- What Does It Even Mean? -- OpenIOC -- MITRE ATT & CK -- Using MITRE ATT & CK -- STIX -- Why It's Important -- Aligning STIX with ATT & CK -- Where the Magic Happens -- Threat Actor -- Campaign -- Attack Pattern -- Malware -- Vulnerability -- Course of Action -- Victim -- Report -- Indicators -- The Remaining STIX 2.1 Objects -- Grouping -- Identity -- Infrastructure -- Location -- Malware Analysis -- Note -- Observed Data -- Opinion -- Tool -- Relationship -- Sighting 
505 8 |a What About the Kill-Chain? -- Key Takeaways -- Chapter 4: Determining What Your Business Needs -- Who Are Your Customers? -- Intelligence Reporting -- Tactical Intelligence -- Operational Intelligence -- Strategic Intelligence -- Other Types of Intelligence Reporting -- Awareness Reporting -- Executive/VIP Profile Reporting -- Spot/Flash Reporting -- Summary Reporting -- Intelligence Report Structure -- Key Points -- Summary -- Details -- Recommendations -- Appendices -- I Have Requirements! I Have Report Templates! Now What? -- Business Needs -- Automation -- Can This Help? 
505 8 |a What If the Business Doesn't Know What It Wants? -- Key Takeaways -- Chapter 5: How Do I Implement This? (Regardless of Budget) -- Threat Feeds -- News Reports/Blogs -- Social Media -- Data Breach Notifications -- Patch and Vulnerability Notifications -- Geopolitical Affairs -- Industry Events -- Personal Contacts -- Sharing Groups -- Requirements, Check. Basic Collection Sources, Check. Now, What? -- Prioritizing Areas for Funding -- Intelligence Analysts -- How to Use Them -- Different Analysts for Different Things? -- Key Takeaways -- Chapter 6: Things to Consider When Implementing CTI 
500 |a Your Organization's Footprint. 
520 |a Understand the process of setting up a successful cyber threat intelligence (CTI) practice within an established security team. This book shows you how threat information that has been collected, evaluated, and analyzed is a critical component in protecting your organizations resources. Adopting an intelligence-led approach enables your organization to nimbly react to situations as they develop. Security controls and responses can then be applied as soon as they become available, enabling prevention rather than response. There are a lot of competing approaches and ways of working, but this book cuts through the confusion. Author Aaron Roberts introduces the best practices and methods for using CTI successfully. This book will help not only senior security professionals, but also those looking to break into the industry. You will learn the theories and mindset needed to be successful in CTI. This book covers the cybersecurity wild west, the merits and limitations of structured intelligence data, and how using structured intelligence data can, and should, be the standard practice for any intelligence team. You will understand your organizations risks, based on the industry and the adversaries you are most likely to face, the importance of open-source intelligence (OSINT) to any CTI practice, and discover the gaps that exist with your existing commercial solutions and where to plug those gaps, and much more. You will: Know the wide range of cybersecurity products and the risks and pitfalls aligned with blindly working with a vendor Understand critical intelligence concepts such as the intelligence cycle, setting intelligence requirements, the diamond model, and how to apply intelligence to existing security information Understand structured intelligence (STIX) and why its important, and aligning STIX to ATT & CK and how structured intelligence helps improve final intelligence reporting Know how to approach CTI, depending on your budget Prioritize areas when it comes to funding and the best approaches to incident response, requests for information, or ad hoc reporting Critically evaluate services received from your existing vendors, including what they do well, what they dont do well (or at all), how you can improve on this, the things you should consider moving in-house rather than outsourcing, and the benefits of finding and maintaining relationships with excellent vendors. 
500 |a Includes index. 
590 |a O'Reilly  |b O'Reilly Online Learning: Academic/Public Library Edition 
650 0 |a Computer security. 
650 2 |a Computer Security 
650 6 |a Sécurité informatique. 
650 7 |a Computer security  |2 fast 
776 0 8 |i Print version:  |a Roberts, Aaron.  |t Cyber Threat Intelligence.  |d Berkeley, CA : Apress L.P., ©2021  |z 9781484272190 
856 4 0 |u https://learning.oreilly.com/library/view/~/9781484272206/?ar  |z Texto completo (Requiere registro previo con correo institucional) 
938 |a Askews and Holts Library Services  |b ASKH  |n AH39158626 
938 |a ProQuest Ebook Central  |b EBLB  |n EBL6695869 
938 |a EBSCOhost  |b EBSC  |n 2993376 
938 |a YBP Library Services  |b YANK  |n 302390981 
994 |a 92  |b IZTAP 

Ejemplares similares