Description
Building an Intelligence-Led Security Program
Author: Liska Allan
Language: EnglishSubjects for Building an Intelligence-Led Security Program:
Keywords
access control; advanced persistent threat; advanced persistent threat (APT); Air Domain Intelligence Integration Center; Big Data Security Analytics; Bletchley Park; business intelligence; CERT; Collaborative research into threats (CRITs); Common Platform Enumeration (CPE); Common Vulnerabilities and Exposures (CVE); Continuous monitoring; CSIRT; Cuckoo; cyber threat intelligence; CyBOX; DDoS; denial and deception; DISA; Exploitation; finished intelligence (FINTEL); Firewall; firewalls; FS-ISAC; George Washington; Governance Risk and Compliance; Hadoop; Honeynets; Honeypots; Honeytokens; ICS-ISAC; IDS; incident response; increasing the cost of attacks; indicators of compromise (IOCs); Intelligence; intelligence cycle; intrusion deception; ISAC; IT-ISAC; Julius Caesar; Malware analysis; Malware; Creeper; Managed Security Services; Morris Worm; MS-ISAC; network scanning; NH-ISAC; NIST Cybersecurity Framework; open source intelligence (OSINT); Open Web Application Security Project (OWASP); OpenIOC; operational intelligence; phishing; pivot; Proxy; R-ISAC; reverse engineering; sandboxes; SARA; security automation; Security awareness training; Security Content Automation Protocol (SCAP); Security Information and Event Management; situational awareness; Soltra; spear phishing; STIX; strategic intelligence; Sun Tzu; tactical intelligence; Tactics; Techniques; and Procedures (TTPs); TAXII; threat intelligence management platforms; ThreatConnect; underground economy; Virus; Vorstack; Web application firewalls; Worm; YARA; zero-day
200 p. · 19x23.4 cm · Paperback
Description
/li>Contents
/li>Biography
/li>Comment
/li>
As recently as five years ago, securing a network meant putting in a firewall, intrusion detection system, and installing antivirus software on the desktop. Unfortunately, attackers have grown more nimble and effective, meaning that traditional security programs are no longer effective.
Today's effective cyber security programs take these best practices and overlay them with intelligence. Adding cyber threat intelligence can help security teams uncover events not detected by traditional security platforms and correlate seemingly disparate events across the network. Properly-implemented intelligence also makes the life of the security practitioner easier by helping him more effectively prioritize and respond to security incidents.
The problem with current efforts is that many security practitioners don't know how to properly implement an intelligence-led program, or are afraid that it is out of their budget. Building an Intelligence-Led Security Program is the first book to show how to implement an intelligence-led program in your enterprise on any budget. It will show you how to implement a security information a security information and event management system, collect and analyze logs, and how to practice real cyber threat intelligence. You'll learn how to understand your network in-depth so that you can protect it in the best possible way.
I. Defining Intelligence
Chapter 1: Understanding the Threat
Chapter 2: What is Intelligence?
Chapter 3: Creating an Intelligence Model for Network Security
II. Applying Intelligence toYour Network
Chapter 4: Gathering Intelligence
Chapter 5: Internal Intelligence Sources
Chapter 6: External Intelligence Sources
Chapter 7: Internal and External Intelligence
III. Using Outside Resources
Chapter 8: CERTs, ISACs, and Other Threat Sources
Chapter 9: Advanced Intelligence Capabilities
In addition to security experience, Mr. Liska also authored the book The Practice of Network Security and contributed the security-focused chapters to The Apache Administrators Handbook.
- Provides a roadmap and direction on how to build an intelligence-led information security program to protect your company.
- Learn how to understand your network through logs and client monitoring, so you can effectively evaluate threat intelligence.
- Learn how to use popular tools such as BIND, SNORT, squid, STIX, TAXII, CyBox, and splunk to conduct network intelligence.