The second phase of the incident response process includes two steps: detection and analysis. There are multiple ways that we can detect an incident or event, such as through log analysis, network traffic monitoring, or other security tools. Continuous monitoring on the different attack vectors with various tools provides information for the incident response team members to analyze data for the appropriate actions on incidents and events.
- Title Page
- Copyright and Credits
- Dedication
- Packt Upsell
- Contributors
- Preface
- The Need for Cyber Intelligence
- Need for cyber intelligence
- The application of intelligence in the military
- Some types of intelligence
- HUMINT or human intelligence 
- IMINT or image intelligence
- MASINT or measurement and signature intelligence
- OSINT or open source intelligence
- SIGINT or signals intelligence
- COMINT or communications intelligence
- ELINT or electronic intelligence
- FISINT or foreign instrumentation signals intelligence
- TECHINT or technical intelligence
- MEDINT or medical intelligence
- All source intelligence
- Intelligence drives operations
- Understanding the maneuver warfare mentality
- Summary
- Intelligence Development
- Integrating Cyber Intel, Security, and Operations
- Using Cyber Intelligence to Enable Active Defense
- F3EAD for You and for Me
- Integrating Threat Intelligence and Operations
- Creating the Collaboration Capability
- The Security Stack
- Purpose of integration – it's just my POV
- Core security service basics
- Security Operations Center
- Capability deep dive – Security Configuration Management
- Security Configuration Management – core processes
- Security Configuration Management – Discovery and Detection
- Security Configuration Management – Risk Mitigation
- Security Configuration Management – Security State Analysis
- Security Configuration Management – Data Exposure and Sharing
- Prelude – integrating like services
- Integrating cyber intel from different services
- Capability Maturity Model – InfoSec and cyber intel
- Collaboration + Capability = Active Defense
- Summary
- Driving Cyber Intel
- The gap
- Another set of eyes
- Capability Maturity Model – security awareness
- Capability Maturity Model - security awareness Phase - Initial
- Capability Maturity Model - security awareness – Phase A
- Capability Maturity Model - security awareness – Phase B
- Capability Maturity Model - security awareness – Phase C
- Capability Maturity Model - security awareness – Phase C +
- Summary
- Baselines and Anomalies
- Setting up camp
- Continuous monitoring – the challenge 
- Capability Maturity Model – continuous monitoring overview
- Capability Maturity Model – continuous monitoring level 2
- Summary
- Putting Out the Fires
- Vulnerability Management
- A quick recap
- The Common Vulnerability Scoring System calculator
- Vulnerability management overview
- Capability Maturity Model: vulnerability management – scanning
- Capability Maturity Model: vulnerability management – reporting
- Capability Maturity Model: vulnerability management – fix
- Summary
- Risky Business
- Risk overview
- Labeling things platinum, gold, silver, and copper
- Taking a different look at risk
- Summary
- Assigning Metrics
- Wrapping Up
- Other Books You May Enjoy
Detection and analysis
-
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.