There are two reasons I wrote this book. The first, I’ve sat through several incident response table-top exercises and witnessed firsthand how uncomfortable the process is when one does not feel prepared. Second, I read Urban Meyer’s book above the line, which I felt spoke to me about how to create a culture of preparation, teamwork and no excuses.
This book is not a technical book with deep dives into incident response forensics. You will not learn how to perform and analyze memory dumps here. This work focuses on how to establish an incident response program. It focuses on policy, strategy, people and process. It was written for members of incident response teams building and enhancing the program and for executives and members of management. Stakeholder in incident response not part of IT can read this book and get a sense of what the incident response program should look like.
This book begins by discussing the need for strong incident response capabilities. In this current landscape, cybersecurity programs are judged by the ability to respond to incidents. Necessary protective capabilities must exist and a framework for responding to incidents established. Leadership qualities, strategy development and pre-planning are covered. Each phase of incident response: identification, containment, eradication and recovery are outlined in detail before discussion how to monitor the program using NIST 800-137 is presented.
The book is ends with a story about an incident designed to show how unplanned and unfocused responses leads to worse outcomes.
The reader is left with thoughts on how take action toward building and enhancing the incident response program, and knowledge of how much effort it takes to be successful.
Again, I want to thank Susan McDermott and Rita Fernando for making this project come to life. Also, thank you to Andy Reeder for his help as technical editor.
Prior to BHI, Eric spent seven years at Ernst & Young in the Advisory practice where he specialized in helping healthcare organizations (providers, payers, and business associates) solve problems related to information security, risk management, and compliance when dealing with electronic medical records. Eric led the HITRUST Common Security Framework (CSF) cybersecurity program management and third-party risk management assessments.
Eric is also a proud member of the SANS Mentor team.
3.144.227.72