Book Description

You will be breached—the only question is whether you'll be ready    

A cyber breach could cost your organization millions of dollars—in 2019, the average cost of a cyber breach for companies was $3.9M, a figure that is increasing 20-30% annually. But effective planning can lessen the impact and duration of an inevitable cyberattack. Cyber Breach Response That Actually Works provides a business-focused methodology that will allow you to address the aftermath of a cyber breach and reduce its impact to your enterprise.

This book goes beyond step-by-step instructions for technical staff, focusing on big-picture planning and strategy that makes the most business impact. Inside, you’ll learn what drives cyber incident response and how to build effective incident response capabilities. Expert author Andrew Gorecki delivers a vendor-agnostic approach based on his experience with Fortune 500 organizations.

  • Understand the evolving threat landscape and learn how to address tactical and strategic challenges to build a comprehensive and cohesive cyber breach response program
  • Discover how incident response fits within your overall information security program, including a look at risk management
  • Build a capable incident response team and create an actionable incident response plan to prepare for cyberattacks and minimize their impact to your organization
  • Effectively investigate small and large-scale incidents and recover faster by leveraging proven industry practices
  • Navigate legal issues impacting incident response, including laws and regulations, criminal cases and civil litigation, and types of evidence and their admissibility in court

In addition to its valuable breadth of discussion on incident response from a business strategy perspective, Cyber Breach Response That Actually Works offers information on key technology considerations to aid you in building an effective capability and accelerating investigations to ensure your organization can continue business operations during significant cyber events.

Table of Contents

  1. Cover
  2. Foreword
  3. Introduction
    1. Who Should Read This Book
    2. How This Book Is Organized
    3. How to Contact Wiley or the Author
    4. Notes
  4. CHAPTER 1: Understanding the Bigger Picture
    1. Evolving Threat Landscape
    2. Defining Cyber Breach Response
    3. Identifying Drivers for Cyber Breach Response
    4. Incorporating Cyber Breach Response into a Cybersecurity Program
    5. Strategy Development
    6. Governance
    7. Summary
    8. Notes
  5. CHAPTER 2: Building a Cybersecurity Incident Response Team
    1. Defining a CSIRT
    2. Defining Incident Response Competencies and Functions
    3. Creating an Incident Response Team
    4. Enacting a CSIRT
    5. Assigning Roles and Responsibilities
    6. Working with Outsourcing Partners
    7. Summary
    8. Notes
  6. CHAPTER 3: Technology Considerations in Cyber Breach Investigations
    1. Sourcing Technology
    2. Acquiring Forensic Data
    3. Incident Response Investigations in Virtualized Environments
    4. Leveraging Network Data in Investigations
    5. Identifying Forensic Evidence in Enterprise Technology Services
    6. Log Management
    7. Summary
    8. Notes
  7. CHAPTER 4: Crafting an Incident Response Plan
    1. Incident Response Lifecycle
    2. Understanding Incident Management
    3. Incident Management Workflow
    4. Crafting an Incident Response Playbook
    5. Post-Incident Evaluation
    6. Continual Improvement
    7. Summary
    8. Notes
  8. CHAPTER 5: Investigating and Remediating Cyber Breaches
    1. Investigating Incidents
    2. Conducting Analysis
    3. Evidence Types
    4. Remediating Incidents
    5. Summary
    6. Notes
  9. CHAPTER 6: Legal and Regulatory Considerations in Cyber Breach Response
    1. Understanding Breaches from a Legal Perspective
    2. Collecting Digital Evidence
    3. Admissibility of Digital Evidence
    4. Establishing a Chain of Custody
    5. Data Privacy and Cyber Breach Investigations
    6. Summary
    7. Notes
  10. Index
  11. End User License Agreement