Cybercriminals are always in search of new methods and ways to infiltrate systems. Quickly responding to an incident should help an organization minimize its losses, decrease vulnerabilities, and rebuild services and processes. An organization without knowledge of how to effectively implement key IR best practices is highly prone to cyber-attacks.
In the wake of the COVID-19 pandemic, with most organizations gravitating towards remote working and cloud, this book provides updated IR processes to address the associated security risks.
The book begins by introducing you to the cybersecurity landscape and explaining why IR matters. You will understand the evolution of IR, current challenges, key metrics, and the composition of an IR team, along with an array of methods and tools used in an effective IR process. You will then learn how to apply this conceptual toolkit, with discussions on incident alerting, handling, investigation, recovery, and reporting.
As you progress through the book, you will cover governing IR on multiple platforms and sharing cyber threat intelligence. You will then thoroughly explore the entire spectrum of procedures involved in IR in the cloud – the challenges, opportunities, and how to handle a phishing incident.
Further, you’ll learn how to build a proactive incident readiness culture, learn and implement IR best practices, and explore practical case studies using tools from Keepnet Labs and Binalyze. Finally, the book concludes with an “Ask the Experts” section where industry experts have provided their perspective on diverse topics in the IR sphere.
By the end of this book, you should become proficient at building and applying IR strategies pre-emptively and confidently.
If can get the book via :
What you will learn
- Understand IR and its significance
- Organize an IR team
- Explore best practices for managing attack situations with your IR team
- Form, organize, and operate a product security team to deal with product vulnerabilities and assess their severity
- Organize all the entities involved in product security response
- Respond to a security vulnerability based on Keepnet Labs processes and practices
- Adapt all the above learnings for the cloud
Who This Book Is For
This book is aimed at first-time incident responders, cybersecurity enthusiasts who want to get into IR, and users who deal with the security of an organization. It will also interest CIOs, CISOs, and members of IR, SOC, and CSIRT teams. However, IR is not just about IT or security teams, and anyone with a legal, HR, media, or other active business role would benefit from this book’s discussions on individual and organizational security.
The book assumes you have some admin experience. No prior DFIR experience is required. Some infosec knowledge will be a plus but isn’t mandatory
Announcing the experts of my new book
As most of you are already aware , later this year I will release a brand new book which is called ” Incident Response in the Age of Cloud” and like in many of my books I dedicate the last chapter to some world famous experts
In this book I will have :
Orin Thomas : (Microsoft )
Orin has written more than 40 books for Microsoft Press. He has also authored video- based training for Pluralsight and instructor led training for Microsoft Learning on datacenter and cloud topics. In his spare time, he is completing postgraduate research at Charles Sturt University focused on cloud security compliance accreditations.
Tyler Wrightson (Lead Cyber Security)
Tyler Wrightson is an author, speaker, teacher, instructor and a fanatic for anything security related. Tyler is also a huge fan of speaking in the third person and doesn’t find it creepy or narcissistic in the least.
Mark Simos (Microsoft)
Mark is Lead Architect in Microsoft’s Enterprise Cybersecurity Group where he focuses on cybersecurity guidance to help customers manage cybersecurity threats with Microsoft technology and solutions. Mark’s has contributed to a significant amount of Microsoft cybersecurity guidance – most of which can be found on Mark’s List (check my previous post)
Brian Svidergol (Capital Group)
Brian Svidergol specializes in Microsoft infrastructure and cloud-based solutions around Windows, Active Directory, Microsoft Exchange, System Center, and Microsoft Azure. He holds the Microsoft Certified Trainer (MCT) and Microsoft Certified Solutions Expert (Cloud Platform and Infrastructure) and several other Microsoft and industry certifications. Brian has authored several books related to infrastructure and cloud technologies. When he isn’t working on technology projects, he enjoys family time, basketball, and gaming.
Grzegorz Tworek (Standard Chartered Bank)
Grzegorz likes to share his knowledge with other people, which results in publishing book and articles, active participation in scientific conferences or just telling others what he thinks about the IT. He is obsessed with Security and likes to travel a lot.
Hala ElGhawi (Standard Chartered Bank)
Hala has more than 13 years of experience in banking industry and she is passionate in Risk management, Controls, Information Security, Technology, Business Continuity Management, and IT Governance.
I hold a Master’s degree in Quality Management, and the BSc in Management Information Systems, and I am certified in PMP (Project Management Professional), ISO 27001 Lead Implementer, COBIT Foundation & COBIT Implementation in addition to having a diploma in Risk Management.
Emre Tinaztepe (Binalyze)
Emre is a cyber security expert who has been in the InfoSec field for more than 14 years. He specializes in reverse engineering, malware analysis, driver development, and software engineering. Emre is the founder of Binalyze LLC (www.binalyze.com), which develops next generation incident-response solutions.
Ozan Veranyurt (Sony)
Ozan is focusing on Cyber Security and Artificial Intelligence with a background in Computer Engineering and IT & Security Project Management. He is working on different uses of AI in the field of security academically. Currently he works as a Global Security Program & Project Manager.
Raif Sarica (DIFOSE)
After spending more then 23 years in Turkish Military , Raif recently joined DIFOSE as CIO. DIFOSE stands for Digital Forensic Services which is providing a superior level of investigative, consulting, and training services.
Sukru Durmaz (DIFOSE)
Şükrü is one of the leading experts in the field of cybercrime investigations on a global scale. He is an award-winning speaker & technical expert in worldwide conferences organized by INTERPOL, EUROPOL, FIEP, NATO, and OSCE.
Ahmed Nabil (Standard Chartered Bank)
Ahmed is an industry expert in Information Security and Digital Transformation, public speaker at several international conferences and author. Ahmed was awarded by Microsoft as Most Valuable Professional as well as Regional Director. Beside Microsoft he has several awards from EC Council and magazines.
George Balafoutis (Microsoft)
An expert in cybersecurity, George Balafoutis works for Microsoft’s Global Cybersecurity Practice as a Cybersecurity Architect. He leads the company’s Worldwide Cybersecurity Champion program
George holds an MBA from The University of Chicago Booth School of Business, MSc in Computer Science from Northern Illinois University, and BSc in Mathematics from the National University of Athens.
He also holds the cybersecurity industry’s main certifications – GCIH, CRISC, CISM, CISSP, and GAWN among others.