Cyber breach response that actually works : organizational approach to managing residual risk / Andrew Gorecki.

By: Gorecki, Andrew [author.]
Language: English Publisher: Indianpolis : John Wiley and Sons, 2020Description: 1 online resourceContent type: text Media type: computer Carrier type: online resourceISBN: 9781119679325Subject(s): Computer security -- ManagementGenre/Form: Electronic books.DDC classification: 005.8 Online resources: Full text is available at Wiley Online Library Click here to view
Contents:
TABLE OF CONTENTS Foreword xxiii Introduction xxv Chapter 1 Understanding the Bigger Picture 1 Evolving Threat Landscape 2 Identifying Threat Actors 2 Cyberattack Lifecycle 4 Cyberattack Preparation Framework 5 Cyberattack Execution Framework 6 Defining Cyber Breach Response 8 Events, Alerts, Observations, Incidents, and Breaches 9 Events 9 Alerts 9 Observations 10 Incidents 10 Breaches 11 What is Cyber Breach Response? 12 Identifying Drivers for Cyber Breach Response 13 Risk Management 13 Conducting Risk Management 13 Risk Assessment Process 14 Managing Residual Risk 17 Cyber Threat Intelligence 18 What is Cyber Threat Intelligence? 18 Importance of Cyber Threat Intelligence 19 Laws and Regulations 20 Compliance Considerations 20 Compliance Requirements for Cyber Breach Response 21 Changing Business Objectives 22 Incorporating Cyber Breach Response into a Cybersecurity Program 23 Strategic Planning 23 Designing a Program 24 Implementing Program Components 25 Program Operations 26 Continual Improvement 27 Strategy Development 27 Strategic Assessment 28 Gap Analysis 28 Maturity Assessment 30 Strategy Definition 32 Vision and Mission Statement 32 Goals and Objectives 33 Establishing Requirements 33 Defining a Target Operating Model 35 Developing a Business Case and Executive Alignment 35 Strategy Execution 37 Enacting an Incident Response Policy 37 Assigning an Incident Response Team 38 Creating an Incident Response Plan 38 Documenting Legal Requirements 38 Roadmap Development 39 Governance 40 Establishing Policies 40 Enterprise Security Policy 41 Issue-Specific Policies 41 Identifying Key Stakeholders 42 Executive Leadership 42 Project Steering Committee 42 Chief Information Security Officer 43 Stakeholders with Interest in Cyber Breach Response 43 Business Alignment 44 Continual Improvement 44 Necessity to Determine if the Program is Effective 45 Changing Threat Landscape 45 Changing Business Objectives 45 Summary 46 Notes 47 Chapter 2 Building a Cybersecurity Incident Response Team 51 Defining a CSIRT 51 CSIRT History 52 The Role of a CSIRT in the Enterprise 52 Defining Incident Response Competencies and Functions 55 Proactive Functions 55 Developing and Maintaining Procedures 56 Conducting Incident Response Exercises 56 Assisting with Vulnerability Identification 57 Deploying, Developing, and Tuning Tools 58 Implementing Lessons Learned 59 Reactive Functions 59 Digital Forensics and Incident Response 59 Cyber Threat Intelligence 60 Malware Analysis 60 Incident Management 61 Creating an Incident Response Team 61 Creating an Incident Response Mission Statement 62 Choosing a Team Model 62 Centralized Team Model 63 Distributed Team Model 64 Hybrid Team Model 65 An Integrated Team 66 Organizing an Incident Response Team 66 Tiered Model 66 Competency Model 68 Hiring and Training Personnel 69 Technical Skills 69 Soft Skills 71 Pros and Cons of Security Certifications 72 Conducting Effective Interviews 73 Retaining Incident Response Talent 74 Establishing Authority 75 Full Authority 75 Shared Authority 76 Indirect Authority 76 No Authority 76 Introducing an Incident Response Team to the Enterprise 77 Enacting a CSIRT 78 Defining a Coordination Model 78 Communication Flow 80 Incident Officer 80 Incident Manager 81 Assigning Roles and Responsibilities 82 Business Functions 82 Human Resources 82 Corporate Communications 83 Corporate Security 83 Finance 84 Other Business Functions 85 Legal and Compliance 85 Legal Counsel 85 Compliance Functions 86 Information Technology Functions 87 Technical Groups 87 Disaster Recovery 88 Outsourcing Partners and Vendors 89 Senior Management 89 Working with Outsourcing Partners 90 Outsourcing Considerations 91 Proven Track Record of Success 91 Offered Services and Capabilities 91 Global Support 92 Skills and Experience 92 Outsourcing Costs and Pricing Models 92 Establishing Successful Relationships with Vendors 93 Summary 94 Notes 95 Chapter 3 Technology Considerations in Cyber Breach Investigations 97 Sourcing Technology 98 Comparing Commercial vs. Open Source Tools 98 Commercial Tools 98 Open Source Software 98 Other Considerations 99 Developing In-House Software Tools 100 Procuring Hardware 101 Acquiring Forensic Data 102 Forensic Acquisition 102 Order of Volatility 103 Disk Imaging 103 System Memory Acquisition 105 Tool Considerations 106 Forensic Acquisition Use Cases 107 Live Response 108 Live Response Considerations 109 Live Response Tools 109 Live Response Use Cases 112 Incident Response Investigations in Virtualized Environments 113 Traditional Virtualization 115 Cloud Computing 115 Forensic Acquisition 115 Log Management in Cloud Computing Environments 117 Leveraging Network Data in Investigations 118 Firewall Logs and Network Flows 118 Proxy Servers and Web Gateways 120 Full-Packet Capture 120 Identifying Forensic Evidence in Enterprise Technology Services 123 Domain Name System 123 Dynamic Host Confi guration Protocol 125 Web Servers 125 Databases 126 Security Tools 127 Intrusion Detection and Prevention Systems 127 Web Application Firewalls 127 Data Loss Prevention Systems 128 Antivirus Software 128 Endpoint Detection and Response 129 Honeypots and Honeynets 129 Log Management 130 What is Logging? 130 What is Log Management? 132 Log Management Lifecycle 133 Collection and Storage 134 Agent-Based vs. Agentless Collection 134 Log Management Architectures 135 Managing Logs with a SIEM 137 What is SIEM? 138 SIEM Considerations 139 Summary 140 Notes 141 Chapter 4 Crafting an Incident Response Plan 143 Incident Response Lifecycle 143 Preparing for an Incident 144 Detecting and Analyzing Incidents 145 Detection and Triage 146 Analyzing Incidents 146 Containment, Eradication, and Recovery 147 Containing a Breach 147 Eradicating a Threat Actor 148 Recovering Business Operations 149 Post-Incident Activities 149 Understanding Incident Management 150 Identifying Process Components 151 Defining a Process 151 Process Controls 153 Process Enablers 155 Process Interfaces 155 Roles and Responsibilities 158 Service Levels 159 Incident Management Workfl ow 160 Sources of Incident Notifi cations 160 Incident Classifi cation and Documentation 162 Incident Categorization 163 Severity Assignment 163 Capturing Incident Information 167 Incident Escalations 169 Hierarchical Escalations 169 Functional Escalation 169 Creating and Managing Tasks 169 Major Incidents 170 Incident Closure 171 Crafting an Incident Response Playbook 171 Playbook Overview 171 Identifying Workfl ow Components 173 Detection 173 Analysis 174 Containment and Eradication 176 Recovery 176 Other Workflow Components 177 Post-Incident Evaluation 177 Vulnerability Management 177 Purpose and Objectives 178 Vulnerability Management Lifecycle 178 Integrating Vulnerability Management and Risk Management 180 Lessons Learned 180 Lessons-Learned Process Components 181 Conducting a Lessons-Learned Meeting 183 Continual Improvement 184 Continual Improvement Principles 184 The Deming Cycle 184 DIKW Hierarchy 185 The Seven-Step Improvement Process 187 Step 1: Define a Vision for Improvement 188 Step 2: Define Metrics 188 Step 3: Collect Data 189 Step 4: Process Data 190 Step 5: Analyze Information 191 Step 6: Assess Findings and Create Plan 191 Step 7: Implement the plan 192 Summary 192 Notes 193 Chapter 5 Investigating and Remediating Cyber Breaches 195 Investigating Incidents 196 Determine Objectives 197 Acquire and Preserve Data 198 Perform Analysis 200 Contain and Eradicate 202 Conducting Analysis 202 Digital Forensics 203 Digital Forensics Disciplines 203 Timeline Analysis 205 Other Considerations in Digital Forensics 206 Cyber Threat Intelligence 207 Cyber Threat Intelligence Lifecycle 208 Identifying Attacker Activity with Cyber Threat Intelligence 209 Categorizing Indicators 212 Malware Analysis 214 Classifying Malware 214 Static Analysis 216 Dynamic Analysis 217 Malware Analysis and Cyber Threat Intelligence 217 Threat Hunting 218 Prerequisites to Threat Hunting 218 Threat Hunting Lifecycle 219 Reporting 221 Evidence Types 223 System Artifacts 223 Persistent Artifacts 223 Volatile Artifacts 225 Network Artifacts 226 Security Alerts 227 Remediating Incidents 228 Remediation Process 229 Establishing a Remediation Team 230 Remediation Lead 231 Remediation Owner 232 Remediation Planning 233 Business Considerations 233 Technology Considerations 234 Logistics 235 Assessing Readiness 235 Consequences of Alerting the Attacker 236 Developing an Execution Plan 237 Containment and Eradication 238 Containment 238 Eradication 239 Monitoring for Attacker Activity 240 Summary 241 Notes 242 Chapter 6 Legal and Regulatory Considerations in Cyber Breach Response 243 Understanding Breaches from a Legal Perspective 244 Laws, Regulations, and Standards 244 United States 245 European Union 246 Standards 246 Materiality in Financial Disclosure 247 Cyber Attribution 248 Motive, Opportunity, Means 248 Attributing a Cyber Attack 249 Engaging Law Enforcement 251 Cyber Insurance 252 Collecting Digital Evidence 252 What is Digital Evidence? 253 Digital Evidence Lifecycle 253 Information Governance 254 Identification 254 Preservation 255 Collection 255 Processing 255 Reviewing 256 Analysis 256 Production 257 Presentation 258 Admissibility of Digital Evidence 258 Federal Rules of Evidence 258 Types of Evidence 260 Direct Evidence 260 Circumstantial Evidence 260 Admission of Digital Evidence in Court 261 Evidence Rules 261 Hearsay Rule 261 Business Records Exemption Rule 262 Best Evidence 262 Working with Legal Counsel 263 Attorney-Client Privilege 263 Attorney Work-Product 264 Non-testifying Expert Privilege 264 Litigation Hold 265 Establishing a Chain of Custody 265 What is a Chain of Custody? 266 Establishing a Defensible Protocol 266 Traditional Forensic Acquisition 267 Live Response and Logical Acquisition 268 Documenting a Defensible Protocol 269 Documentation 269 Accuracy 270 Auditability and Reproducibility 270 Collection Methods 270 Data Privacy and Cyber Breach Investigations 271 What is Data Privacy? 271 Handling Personal Data During Investigations 272 Enacting a Policy to Support Investigations 272 Cyber Breach Investigations and GDPR 273 Data Processing and Cyber Breach Investigations 274 Establishing a Lawful Basis for the Processing of Personal Data 275 Territorial Transfer of Personal Data 276 Summary 277 Notes 278 Index 281
Summary: A cyber breach could cost your organization millions of dollars—in 2019, the average cost of a cyber breach for companies was $3.9M, a figure that is increasing 20-30% annually. But effective planning can lessen the impact and duration of an inevitable cyberattack. Cyber Breach Response That Actually Works provides a business-focused methodology that will allow you to address the aftermath of a cyber breach and reduce its impact to your enterprise. This book goes beyond step-by-step instructions for technical staff, focusing on big-picture planning and strategy that makes the most business impact. Inside, you’ll learn what drives cyber incident response and how to build effective incident response capabilities. Expert author Andrew Gorecki delivers a vendor-agnostic approach based on his experience with Fortune 500 organizations. Understand the evolving threat landscape and learn how to address tactical and strategic challenges to build a comprehensive and cohesive cyber breach response program Discover how incident response fits within your overall information security program, including a look at risk management Build a capable incident response team and create an actionable incident response plan to prepare for cyberattacks and minimize their impact to your organization Effectively investigate small and large-scale incidents and recover faster by leveraging proven industry practices Navigate legal issues impacting incident response, including laws and regulations, criminal cases and civil litigation, and types of evidence and their admissibility in court In addition to its valuable breadth of discussion on incident response from a business strategy perspective, Cyber Breach Response That Actually Works offers information on key technology considerations to aid you in building an effective capability and accelerating investigations to ensure your organization can continue business operations during significant cyber events.
Tags from this library: No tags from this library for this title. Log in to add tags.
    Average rating: 0.0 (0 votes)
Item type Current location Home library Call number Status Date due Barcode Item holds
EBOOK EBOOK COLLEGE LIBRARY
COLLEGE LIBRARY
005.8 G669 2020 (Browse shelf) Available CL-52993
Total holds: 0

ABOUT THE AUTHOR
Andrew Gorecki is a Principal Consultant and Team Lead within IBM X-Force Incident Response & Intelligence Services (X-Force IRIS). Andrew has seven years of experience in the security industry. In his current role, Andrew delivers incident response and proactive services to Fortune 500 organizations primarily focusing on leading incident response investigations, incident response strategy, process development, and facilitating incident response exercises at the operational, tactical, and strategic levels.

PERMISSIONS
Request permission to reuse

TABLE OF CONTENTS
Foreword xxiii

Introduction xxv

Chapter 1 Understanding the Bigger Picture 1

Evolving Threat Landscape 2

Identifying Threat Actors 2

Cyberattack Lifecycle 4

Cyberattack Preparation Framework 5

Cyberattack Execution Framework 6

Defining Cyber Breach Response 8

Events, Alerts, Observations, Incidents, and Breaches 9

Events 9

Alerts 9

Observations 10

Incidents 10

Breaches 11

What is Cyber Breach Response? 12

Identifying Drivers for Cyber Breach Response 13

Risk Management 13

Conducting Risk Management 13

Risk Assessment Process 14

Managing Residual Risk 17

Cyber Threat Intelligence 18

What is Cyber Threat Intelligence? 18

Importance of Cyber Threat Intelligence 19

Laws and Regulations 20

Compliance Considerations 20

Compliance Requirements for Cyber Breach Response 21

Changing Business Objectives 22

Incorporating Cyber Breach Response into a

Cybersecurity Program 23

Strategic Planning 23

Designing a Program 24

Implementing Program Components 25

Program Operations 26

Continual Improvement 27

Strategy Development 27

Strategic Assessment 28

Gap Analysis 28

Maturity Assessment 30

Strategy Definition 32

Vision and Mission Statement 32

Goals and Objectives 33

Establishing Requirements 33

Defining a Target Operating Model 35

Developing a Business Case and Executive Alignment 35

Strategy Execution 37

Enacting an Incident Response Policy 37

Assigning an Incident Response Team 38

Creating an Incident Response Plan 38

Documenting Legal Requirements 38

Roadmap Development 39

Governance 40

Establishing Policies 40

Enterprise Security Policy 41

Issue-Specific Policies 41

Identifying Key Stakeholders 42

Executive Leadership 42

Project Steering Committee 42

Chief Information Security Officer 43

Stakeholders with Interest in Cyber Breach Response 43

Business Alignment 44

Continual Improvement 44

Necessity to Determine if the Program is Effective 45

Changing Threat Landscape 45

Changing Business Objectives 45

Summary 46

Notes 47

Chapter 2 Building a Cybersecurity Incident Response Team 51

Defining a CSIRT 51

CSIRT History 52

The Role of a CSIRT in the Enterprise 52

Defining Incident Response Competencies and Functions 55

Proactive Functions 55

Developing and Maintaining Procedures 56

Conducting Incident Response Exercises 56

Assisting with Vulnerability Identification 57

Deploying, Developing, and Tuning Tools 58

Implementing Lessons Learned 59

Reactive Functions 59

Digital Forensics and Incident Response 59

Cyber Threat Intelligence 60

Malware Analysis 60

Incident Management 61

Creating an Incident Response Team 61

Creating an Incident Response Mission Statement 62

Choosing a Team Model 62

Centralized Team Model 63

Distributed Team Model 64

Hybrid Team Model 65

An Integrated Team 66

Organizing an Incident Response Team 66

Tiered Model 66

Competency Model 68

Hiring and Training Personnel 69

Technical Skills 69

Soft Skills 71

Pros and Cons of Security Certifications 72

Conducting Effective Interviews 73

Retaining Incident Response Talent 74

Establishing Authority 75

Full Authority 75

Shared Authority 76

Indirect Authority 76

No Authority 76

Introducing an Incident Response Team to the Enterprise 77

Enacting a CSIRT 78

Defining a Coordination Model 78

Communication Flow 80

Incident Officer 80

Incident Manager 81

Assigning Roles and Responsibilities 82

Business Functions 82

Human Resources 82

Corporate Communications 83

Corporate Security 83

Finance 84

Other Business Functions 85

Legal and Compliance 85

Legal Counsel 85

Compliance Functions 86

Information Technology Functions 87

Technical Groups 87

Disaster Recovery 88

Outsourcing Partners and Vendors 89

Senior Management 89

Working with Outsourcing Partners 90

Outsourcing Considerations 91

Proven Track Record of Success 91

Offered Services and Capabilities 91

Global Support 92

Skills and Experience 92

Outsourcing Costs and Pricing Models 92

Establishing Successful Relationships with Vendors 93

Summary 94

Notes 95

Chapter 3 Technology Considerations in Cyber Breach Investigations 97

Sourcing Technology 98

Comparing Commercial vs. Open Source Tools 98

Commercial Tools 98

Open Source Software 98

Other Considerations 99

Developing In-House Software Tools 100

Procuring Hardware 101

Acquiring Forensic Data 102

Forensic Acquisition 102

Order of Volatility 103

Disk Imaging 103

System Memory Acquisition 105

Tool Considerations 106

Forensic Acquisition Use Cases 107

Live Response 108

Live Response Considerations 109

Live Response Tools 109

Live Response Use Cases 112

Incident Response Investigations in Virtualized Environments 113

Traditional Virtualization 115

Cloud Computing 115

Forensic Acquisition 115

Log Management in Cloud Computing Environments 117

Leveraging Network Data in Investigations 118

Firewall Logs and Network Flows 118

Proxy Servers and Web Gateways 120

Full-Packet Capture 120

Identifying Forensic Evidence in Enterprise Technology Services 123

Domain Name System 123

Dynamic Host Confi guration Protocol 125

Web Servers 125

Databases 126

Security Tools 127

Intrusion Detection and Prevention Systems 127

Web Application Firewalls 127

Data Loss Prevention Systems 128

Antivirus Software 128

Endpoint Detection and Response 129

Honeypots and Honeynets 129

Log Management 130

What is Logging? 130

What is Log Management? 132

Log Management Lifecycle 133

Collection and Storage 134

Agent-Based vs. Agentless Collection 134

Log Management Architectures 135

Managing Logs with a SIEM 137

What is SIEM? 138

SIEM Considerations 139

Summary 140

Notes 141

Chapter 4 Crafting an Incident Response Plan 143

Incident Response Lifecycle 143

Preparing for an Incident 144

Detecting and Analyzing Incidents 145

Detection and Triage 146

Analyzing Incidents 146

Containment, Eradication, and Recovery 147

Containing a Breach 147

Eradicating a Threat Actor 148

Recovering Business Operations 149

Post-Incident Activities 149

Understanding Incident Management 150

Identifying Process Components 151

Defining a Process 151

Process Controls 153

Process Enablers 155

Process Interfaces 155

Roles and Responsibilities 158

Service Levels 159

Incident Management Workfl ow 160

Sources of Incident Notifi cations 160

Incident Classifi cation and Documentation 162

Incident Categorization 163

Severity Assignment 163

Capturing Incident Information 167

Incident Escalations 169

Hierarchical Escalations 169

Functional Escalation 169

Creating and Managing Tasks 169

Major Incidents 170

Incident Closure 171

Crafting an Incident Response Playbook 171

Playbook Overview 171

Identifying Workfl ow Components 173

Detection 173

Analysis 174

Containment and Eradication 176

Recovery 176

Other Workflow Components 177

Post-Incident Evaluation 177

Vulnerability Management 177

Purpose and Objectives 178

Vulnerability Management Lifecycle 178

Integrating Vulnerability Management and Risk Management 180

Lessons Learned 180

Lessons-Learned Process Components 181

Conducting a Lessons-Learned Meeting 183

Continual Improvement 184

Continual Improvement Principles 184

The Deming Cycle 184

DIKW Hierarchy 185

The Seven-Step Improvement Process 187

Step 1: Define a Vision for Improvement 188

Step 2: Define Metrics 188

Step 3: Collect Data 189

Step 4: Process Data 190

Step 5: Analyze Information 191

Step 6: Assess Findings and Create Plan 191

Step 7: Implement the plan 192

Summary 192

Notes 193

Chapter 5 Investigating and Remediating Cyber Breaches 195

Investigating Incidents 196

Determine Objectives 197

Acquire and Preserve Data 198

Perform Analysis 200

Contain and Eradicate 202

Conducting Analysis 202

Digital Forensics 203

Digital Forensics Disciplines 203

Timeline Analysis 205

Other Considerations in Digital Forensics 206

Cyber Threat Intelligence 207

Cyber Threat Intelligence Lifecycle 208

Identifying Attacker Activity with Cyber Threat Intelligence 209

Categorizing Indicators 212

Malware Analysis 214

Classifying Malware 214

Static Analysis 216

Dynamic Analysis 217

Malware Analysis and Cyber Threat Intelligence 217

Threat Hunting 218

Prerequisites to Threat Hunting 218

Threat Hunting Lifecycle 219

Reporting 221

Evidence Types 223

System Artifacts 223

Persistent Artifacts 223

Volatile Artifacts 225

Network Artifacts 226

Security Alerts 227

Remediating Incidents 228

Remediation Process 229

Establishing a Remediation Team 230

Remediation Lead 231

Remediation Owner 232

Remediation Planning 233

Business Considerations 233

Technology Considerations 234

Logistics 235

Assessing Readiness 235

Consequences of Alerting the Attacker 236

Developing an Execution Plan 237

Containment and Eradication 238

Containment 238

Eradication 239

Monitoring for Attacker Activity 240

Summary 241

Notes 242

Chapter 6 Legal and Regulatory Considerations in Cyber Breach Response 243

Understanding Breaches from a Legal Perspective 244

Laws, Regulations, and Standards 244

United States 245

European Union 246

Standards 246

Materiality in Financial Disclosure 247

Cyber Attribution 248

Motive, Opportunity, Means 248

Attributing a Cyber Attack 249

Engaging Law Enforcement 251

Cyber Insurance 252

Collecting Digital Evidence 252

What is Digital Evidence? 253

Digital Evidence Lifecycle 253

Information Governance 254

Identification 254

Preservation 255

Collection 255

Processing 255

Reviewing 256

Analysis 256

Production 257

Presentation 258

Admissibility of Digital Evidence 258

Federal Rules of Evidence 258

Types of Evidence 260

Direct Evidence 260

Circumstantial Evidence 260

Admission of Digital Evidence in Court 261

Evidence Rules 261

Hearsay Rule 261

Business Records Exemption Rule 262

Best Evidence 262

Working with Legal Counsel 263

Attorney-Client Privilege 263

Attorney Work-Product 264

Non-testifying Expert Privilege 264

Litigation Hold 265

Establishing a Chain of Custody 265

What is a Chain of Custody? 266

Establishing a Defensible Protocol 266

Traditional Forensic Acquisition 267

Live Response and Logical Acquisition 268

Documenting a Defensible Protocol 269

Documentation 269

Accuracy 270

Auditability and Reproducibility 270

Collection Methods 270

Data Privacy and Cyber Breach Investigations 271

What is Data Privacy? 271

Handling Personal Data During Investigations 272

Enacting a Policy to Support Investigations 272

Cyber Breach Investigations and GDPR 273

Data Processing and Cyber Breach Investigations 274

Establishing a Lawful Basis for the Processing of Personal Data 275

Territorial Transfer of Personal Data 276

Summary 277

Notes 278

Index 281

A cyber breach could cost your organization millions of dollars—in 2019, the average cost of a cyber breach for companies was $3.9M, a figure that is increasing 20-30% annually. But effective planning can lessen the impact and duration of an inevitable cyberattack. Cyber Breach Response That Actually Works provides a business-focused methodology that will allow you to address the aftermath of a cyber breach and reduce its impact to your enterprise.

This book goes beyond step-by-step instructions for technical staff, focusing on big-picture planning and strategy that makes the most business impact. Inside, you’ll learn what drives cyber incident response and how to build effective incident response capabilities. Expert author Andrew Gorecki delivers a vendor-agnostic approach based on his experience with Fortune 500 organizations.

Understand the evolving threat landscape and learn how to address tactical and strategic challenges to build a comprehensive and cohesive cyber breach response program
Discover how incident response fits within your overall information security program, including a look at risk management
Build a capable incident response team and create an actionable incident response plan to prepare for cyberattacks and minimize their impact to your organization
Effectively investigate small and large-scale incidents and recover faster by leveraging proven industry practices
Navigate legal issues impacting incident response, including laws and regulations, criminal cases and civil litigation, and types of evidence and their admissibility in court
In addition to its valuable breadth of discussion on incident response from a business strategy perspective, Cyber Breach Response That Actually Works offers information on key technology considerations to aid you in building an effective capability and accelerating investigations to ensure your organization can continue business operations during significant cyber events.

There are no comments for this item.

to post a comment.