Anyone can be hacked. It is just a matter of time. Even the right technology, e.g. the best firewall or anti-virus application, can fall short of protecting your system against cyber-attacks since cybercriminals are always in search of finding new methods and ways to infiltrate into systems. Responding to an incident quickly will help an organization to minimise its losses, decrease vulnerabilities, rebuild services and processes. Therefore, at this very moment, it is significant to know the best practices to respond to a successful cyber attack.

Organization’s should have skilled employees and sophisticated tools to identify the threats or to respond and eliminate them. Without knowing the best practices of an incident response process, the organization will be an easy target for cybercriminals and be vulnerable to a cyber attack.

This book will be a guideline for organizations on how to address and manage the aftermath of a cyber attack, and how to control the cybersecurity breach in a way that decreases damage, recovery time and costs.

Incident Response in the age of cloud
Incident Response in the age of cloud

About this book

Cybercriminals are always in search of new methods to infiltrate systems. Quickly responding to an incident will help organizations minimize losses, decrease vulnerabilities, and rebuild services and processes.

In the wake of the COVID-19 pandemic, with most organizations gravitating towards remote working and cloud computing, this book uses frameworks such as MITRE ATT&CK® and the SANS IR model to assess security risks.

The book begins by introducing you to the cybersecurity landscape and explaining why IR matters. You will understand the evolution of IR, current challenges, key metrics, and the composition of an IR team, along with an array of methods and tools used in an effective IR process. You will then learn how to apply these strategies, with discussions on incident alerting, handling, investigation, recovery, and reporting.

Further, you will cover governing IR on multiple platforms and sharing cyber threat intelligence and the procedures involved in IR in the cloud. Finally, the book concludes with an “Ask the Experts” chapter wherein industry experts have provided their perspective on diverse topics in the IR sphere.

By the end of this book, you should become proficient at building and applying IR strategies pre-emptively and confidently.


The book targets programmers, system administrators and all levels of users who deal with security of an organisation (IT, SOC, CSIRT or other teams). Our book will help them to identify a security incident, to build a series of best practices to stop an attack before it creates serious consequences.


  1. What is an Incident Response and Why it is important
  2. How to organize an incident response (IR) team
  3. Best practices for managing attack situations with your IR team
  4. Learn how to form, organize, and operate a product security team to deal with product vulnerabilities and assess their severity
  5. How to organize all the entities involved in product security response
  6. Responding to a security vulnerability based on Keepnet Labs processes and practices
  7. How to adapt all the above learnings for the cloud

The book is planned to have 17 chapters

1. The Cybersecurity landscape and why Incident Response matters
2. Incident Response – Evolution and Current challenges
3. How to organize an Incident Response Team
4. Understanding the IR lifecycle with a Phishing Incident scenario
5. Key Metrics for a Phishing Incident Response
6. Incident Alerting and Reporting
7. Incident Handling
8. Incident Investigation
9. Incident Response – Containment and Eradication
10. Incident Recovery and Reporting
11. Real World Case Studies
12. Incident Response in the Cloud – Challenges and Opportunities
13. Handling a Phishing Incident in the Cloud
14. Building a Proactive Incident Readiness Culture
16. Incident Response Best Practices
17.Bonus : Ask the Expert Opinion


To buy the book from Amazon

Tp buy the book from Packt Publishing

The experts of my new book

In this book I will have :

Orin Thomas : (Microsoft )

Orin has written more than 40 books for Microsoft Press. He has also authored video- based training for Pluralsight and instructor led training for Microsoft Learning on datacenter and cloud topics. In his spare time, he is completing postgraduate research at Charles Sturt University focused on cloud security compliance accreditations.

Tyler Wrightson (Leed Cyber Security)

Tyler Wrightson is an author, speaker, teacher, instructor and a fanatic for anything security related. Tyler is also a huge fan of speaking in the third person and doesn’t find it creepy or narcissistic in the least.

Mark Simos (Microsoft) 

Mark is Lead Architect in Microsoft’s Enterprise Cybersecurity Group where he focuses on cybersecurity guidance to help customers manage cybersecurity threats with Microsoft technology and solutions. Mark’s has contributed to a significant amount of Microsoft cybersecurity guidance – most of which can be found on Mark’s List (check my previous post)

Brian Svidergol (Capital Group)

Brian Svidergol specializes in Microsoft infrastructure and cloud-based solutions around Windows, Active Directory, Microsoft Exchange, System Center, and Microsoft Azure. He holds the Microsoft Certified Trainer (MCT) and Microsoft Certified Solutions Expert (Cloud Platform and Infrastructure) and several other Microsoft and industry certifications. Brian has authored several books related to infrastructure and cloud technologies. When he isn’t working on technology projects, he enjoys family time, basketball, and gaming.

Grzegorz Tworek (Standard Chartered Bank) 

Grzegorz likes to share his knowledge with other people, which results in publishing book and articles, active participation in scientific conferences or just telling others what he thinks about the IT. He is obsessed with Security and likes to travel a lot.

Hala ElGhawi (Standard Chartered Bank) 

Hala has more than 13 years of experience in banking industry and she is passionate in Risk management, Controls, Information Security, Technology, Business Continuity Management, and IT Governance.
I hold a Master’s degree in Quality Management, and the BSc in Management Information Systems, and I am certified in PMP (Project Management Professional), ISO 27001 Lead Implementer, COBIT Foundation & COBIT Implementation in addition to having a diploma in Risk Management.

Emre Tinaztepe (Binalyze) 

Emre  is a cyber security expert who has been in the InfoSec field for more than 14 years. He specializes in reverse engineering, malware analysis, driver development, and software engineering. Emre is the founder of Binalyze LLC (, which develops next generation incident-response solutions.

Ozan Veranyurt (Sony) 

Ozan is focusing on Cyber Security and Artificial Intelligence with a background in Computer Engineering and IT & Security Project Management. He is working on different uses of AI in the field of security academically. Currently he works as a Global Security Program & Project Manager.

Raif Sarica (DIFOSE)

After spending more then 23 years in Turkish Military , Raif recently joined DIFOSE as CIO. DIFOSE stands for Digital Forensic Services which is providing a superior level of investigative, consulting, and training services.

Sukru Durmaz (DIFOSE)

Şükrü is one of the leading experts in the field of cybercrime investigations on a global scale. He is an award-winning speaker & technical expert in worldwide conferences organized by INTERPOL, EUROPOL, FIEP, NATO, and OSCE.

Ahmed Nabil (Standard Chartered Bank)

Ahmed is an industry expert in Information Security and Digital Transformation, public speaker at several international conferences and author. Ahmed was awarded by Microsoft  as Most Valuable Professional as well as Regional Director. Beside Microsoft he has several awards from EC Council and magazines.

George Balafoutis (Microsoft) 

An expert in cybersecurity, George Balafoutis works for Microsoft’s Global Cybersecurity Practice as a Cybersecurity Architect. He leads the company’s Worldwide Cybersecurity Champion program

George holds an MBA from The University of Chicago Booth School of Business, MSc in Computer Science from Northern Illinois University, and BSc in Mathematics from the National University of Athens.

He also holds the cybersecurity industry’s main certifications – GCIH, CRISC, CISM, CISSP, and GAWN among others.



 Incident Response in the Age of Cloud

Dr Erdal Ozkaya Incident Response in the Age of Cloud Cyber incident response by Erdal                                                                                                   Announcing my new book