Cyber threat intelligence : the no-nonsense guide for CISOs and Security Managers /

Understand the process of setting up a successful cyber threat intelligence (CTI) practice within an established security team. This book shows you how threat information that has been collected, evaluated, and analyzed is a critical component in protecting your organizations resources. Adopting an...

Descripción completa

Detalles Bibliográficos
Clasificación:Libro Electrónico
Autor principal: Roberts, Aaron
Formato: Electrónico eBook
Idioma:Inglés
Publicado: Berkeley, CA : Apress, 2021.
Temas:
Computer security.
Computer Security
Sécurité informatique.
Computer security
Acceso en línea:Texto completo (Requiere registro previo con correo institucional)
Tabla de Contenidos:
  • Intro
  • Table of Contents
  • About the Author
  • Acknowledgments
  • Introduction
  • Chapter 1: The Cybersecurity Wild West
  • Identifying the Wheat from the Chaff
  • What Kinds of Vendors Are There?
  • Where Do You Even Begin? Always Start with Intelligence Requirements
  • What Sectors Is Your Business Operating In?
  • What Systems and Services Do You Use and Want to Monitor for Threats?
  • What Are the Threats You're Worried About As a Business?
  • What Other Security Vendors Do You Use?
  • What Is Your Business Planning to Do in the Next X Years?
  • Further Considerations for IRs
  • What Do You Get for Your Money?
  • Key Takeaways
  • Chapter 2: Cyber Threat Intelligence
  • What Does It Even Mean?
  • The Intelligence Cycle
  • 1. Planning and Direction
  • 2. Collection
  • 3. Processing and Exploitation
  • 4. Analysis
  • 5. Dissemination
  • 6. Feedback
  • The Diamond Model
  • Diamond Model
  • Adversary
  • Diamond Model
  • Victim
  • Diamond Model
  • Infrastructure
  • Diamond Model
  • Capabilities/TTPs
  • How Do We Apply Intelligence to Existing Security? The Cyber Kill-Chain and MITRE ATT & CK Framework
  • Human Behavior Doesn't Change
  • The IOC Is Dead. Long Live the IOC
  • Security Products Are Evolving
  • So Should You
  • The Cyber Kill-Chain
  • Key Takeaways
  • Chapter 3: Structured Intelligence
  • What Does It Even Mean?
  • OpenIOC
  • MITRE ATT & CK
  • Using MITRE ATT & CK
  • STIX
  • Why It's Important
  • Aligning STIX with ATT & CK
  • Where the Magic Happens
  • Threat Actor
  • Campaign
  • Attack Pattern
  • Malware
  • Vulnerability
  • Course of Action
  • Victim
  • Report
  • Indicators
  • The Remaining STIX 2.1 Objects
  • Grouping
  • Identity
  • Infrastructure
  • Location
  • Malware Analysis
  • Note
  • Observed Data
  • Opinion
  • Tool
  • Relationship
  • Sighting
  • What About the Kill-Chain?
  • Key Takeaways
  • Chapter 4: Determining What Your Business Needs
  • Who Are Your Customers?
  • Intelligence Reporting
  • Tactical Intelligence
  • Operational Intelligence
  • Strategic Intelligence
  • Other Types of Intelligence Reporting
  • Awareness Reporting
  • Executive/VIP Profile Reporting
  • Spot/Flash Reporting
  • Summary Reporting
  • Intelligence Report Structure
  • Key Points
  • Summary
  • Details
  • Recommendations
  • Appendices
  • I Have Requirements! I Have Report Templates! Now What?
  • Business Needs
  • Automation
  • Can This Help?
  • What If the Business Doesn't Know What It Wants?
  • Key Takeaways
  • Chapter 5: How Do I Implement This? (Regardless of Budget)
  • Threat Feeds
  • News Reports/Blogs
  • Social Media
  • Data Breach Notifications
  • Patch and Vulnerability Notifications
  • Geopolitical Affairs
  • Industry Events
  • Personal Contacts
  • Sharing Groups
  • Requirements, Check. Basic Collection Sources, Check. Now, What?
  • Prioritizing Areas for Funding
  • Intelligence Analysts
  • How to Use Them
  • Different Analysts for Different Things?
  • Key Takeaways
  • Chapter 6: Things to Consider When Implementing CTI

Ejemplares similares