Practical cyber intelligence how action-based intelligence can be an effective response to incidents
Your one stop solution to implement a Cyber Defense Intelligence program in to your organisation. About This Book Intelligence processes and procedures for response mechanisms Master F3EAD to drive processes based on intelligence Threat modeling and intelligent frameworks Case studies and how to go...
| Otros Autores: | |
|---|---|
| Formato: | Libro electrónico |
| Idioma: | Inglés |
| Publicado: |
Birmingham ; Mumbai :
Packt Publishing
2018.
|
| Edición: | 1st edition |
| Materias: | |
| Ver en Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009631607106719 |
Tabla de Contenidos:
- Cover
- Copyright and Credits
- Dedication
- Packt Upsell
- Contributors
- Table of Contents
- Preface
- Chapter 1: The Need for Cyber Intelligence
- Need for cyber intelligence
- The application of intelligence in the military
- Intel stories in history
- The American Revolutionary War
- Napoleon's use of intelligence
- Some types of intelligence
- HUMINT or human intelligence
- IMINT or image intelligence
- MASINT or measurement and signature intelligence
- OSINT or open source intelligence
- SIGINT or signals intelligence
- COMINT or communications intelligence
- ELINT or electronic intelligence
- FISINT or foreign instrumentation signals intelligence
- TECHINT or technical intelligence
- MEDINT or medical intelligence
- All source intelligence
- Intelligence drives operations
- Putting theory into practice isn't simple
- Understanding the maneuver warfare mentality
- Follow the process, the process will save you
- What is maneuver warfare?
- Tempo
- The OODA Loop
- Center of gravity and critical vulnerability
- Surprise - creating and exploiting opportunity
- Combined arms - collaboration
- Flexibility
- Decentralized command
- Summary
- Chapter 2: Intelligence Development
- The information hierarchy
- Introduction to the intelligence cycle
- The intelligence cycle steps
- Step 1 - Planning and direction
- Requirements development
- Requirements management
- Directing the intelligence effort
- Requirements satisfaction
- Planning the intelligence support system
- Step 2 - Collection
- Step 3 - Processing
- Step 4 - Analysis and Production
- Step 5 - Dissemination
- Methods
- Channels
- Modes
- Dissemination architecture
- Step 6 - Utilization
- Summary
- Chapter 3: Integrating Cyber Intel, Security, and Operations
- A different look at operations and security.
- Developing a strategic cyber intelligence capability
- Understanding our priorities
- The business architecture
- The data/application architecture
- Technology architecture
- Application of the architectures and cyber intelligence
- A look at strategic cyber intelligence - level 1
- Introduction to operational security
- OPSEC step 1 - identify critical information
- OPSEC step 2 - analysis of threats
- OPSEC step 3 - analysis of vulnerabilities
- OPSEC step 4 - assessment of risk
- OPSEC step 5 - application of appropriate countermeasures
- OPSEC applicability in a business environment
- Cyber intel program roles
- Strategic level - IT leadership
- Strategic level - cyber intelligence program officer
- Tactical level - IT leadership
- Tactical level - cyber intelligence program manager
- Operational level - IT leadership
- Operational level - cyber intelligence analysts
- Summary
- Chapter 4: Using Cyber Intelligence to Enable Active Defense
- An introduction to Active Defense
- Understanding the Cyber Kill Chain
- General principles of Active Defense
- Active Defense - principle 1: annoyance
- Active Defense - principle 2: attribution
- Enticement and entrapment in Active Defense
- Scenario A
- Scenario B
- Types of Active Defense
- Types of Active Defense - manual
- Types of Active Defense - automatic
- An application of tactical level Active Defense
- Summary
- Chapter 5: F3EAD for You and for Me
- Understanding targeting
- The F3EAD process
- F3EAD in practice
- F3EAD and the Cyber Kill Chain
- Cyber Kill Chain and OODA loop
- Cyber Kill Chain and OPSEC
- Cyber Kill Chain and the intelligence cycle
- Cyber Kill Chain and F3EAD
- Application of F3EAD in the commercial space
- Limitations of F3EAD
- Summary
- Chapter 6: Integrating Threat Intelligence and Operations.
- Understanding threat intelligence
- Capability Maturity Model - threat intelligence overview
- Level 1 - threat intelligence collection capability
- Phase initial
- Example 1 - Open Threat Exchange - AlienVault
- Example 2 - Twitter
- Example 3 - Information Sharing and Analysis Centers
- Example 4 - news alert notifications
- Example 5 - Rich Site Summary feeds
- Phase A
- Example 1 - Cisco - GOSINT platform
- Example 2 - The Malware Information Sharing Platform project
- Phase B
- Phase C
- Level 2 - Threat Information Integration
- Phase initial
- Phase A
- Categorization of items that are applicable to multiple teams
- Phase B
- Phase C
- Summary
- Chapter 7: Creating the Collaboration Capability
- Purpose of collaboration capability
- Formal communications
- Informal communications
- Communication and cyber intelligence process
- Methods and tools for collaboration
- Service level agreements and organizational level agreements
- Responsible accountable supporting consulted informed matrix
- Using key risk indicators
- Collaboration at the Strategic Level
- Executive support
- Policies and procedures
- Architecture
- Understanding dependencies
- Prioritized information
- Intelligence aggregation
- Intelligence reconciliation and presentation
- Collaboration at the Tactical Level
- Breaking down priority information requirements
- Application of the theory
- Theory versus reality
- Creating the tactical dashboard
- Collaboration at the Operational Level
- Summary
- Chapter 8: The Security Stack
- Purpose of integration - it's just my POV
- Core security service basics
- Security Operations Center
- The spider
- Capabilities among teams
- Capability deep dive - Security Configuration Management
- Security Configuration Management - core processes.
- Security Configuration Management - Discovery and Detection
- Security Configuration Management - Risk Mitigation
- Security Configuration Management - Security State Analysis
- Security Configuration Management - Data Exposure and Sharing
- Prelude - integrating like services
- Integrating cyber intel from different services
- Overview - red team methodology
- Red team - testing methods
- White box
- Gray box
- Black box
- Red team constraints
- Red team - graphical representation
- Data integration challenges
- The end user perspective
- The service level perspective - cyber intelligence - Data Exposure and Sharing
- The SOC perspective
- Capability Maturity Model - InfoSec and cyber intel
- Capability Maturity Model - InfoSec and cyber intel - initial phase
- Capability Maturity Model - InfoSec and cyber intel - Phase A
- Capability Maturity Model - InfoSec and cyber intel - Phase B
- Capability Maturity Model - InfoSec and cyber intel - Phase C
- Collaboration + Capability = Active Defense
- Summary
- Chapter 9: Driving Cyber Intel
- The gap
- Another set of eyes
- The logic
- Event
- Incident
- Mapping events and incidents to InfoSec capabilities
- Capability Maturity Model - security awareness
- Capability Maturity Model - security awareness Phase - Initial
- Capability Maturity Model - security awareness - Phase A
- Capability Maturity Model - security awareness - Phase B
- Capability Maturity Model - security awareness - Phase C
- Capability Maturity Model - security awareness - Phase C +
- Just another day part 1
- Summary
- Chapter 10: Baselines and Anomalies
- Setting up camp
- Baselines and anomalies
- Continuous monitoring - the challenge
- Part 1
- Part 2
- Part 3
- Capability Maturity Model - continuous monitoring overview
- Level 1 - phase A
- Level 1 - phase B
- Level 1 - phase C.
- Capability Maturity Model - continuous monitoring level 2
- Scenario 1 - asset management/vulnerability scanning asset inventory
- Phase initial
- Information gathering
- Developing possible solutions
- Phase A
- Procedure RASCI (example)
- Phase B
- Regional data centers
- Local office environment
- Phase C
- Scenario 2 - security awareness/continuous monitoring/IT helpdesk
- Phase initial
- Information gathering
- Developing possible solutions
- Phase A
- Procedure RASCI (example)
- Phase B and C - sample questions
- Just another day part 2
- Summary
- Chapter 11: Putting Out the Fires
- Quick review
- Overview - incident response
- Preparation and prevention
- Detection and analysis
- Containment, eradication, and recovery
- Post-incident activity
- Incident response process and F3EAD integration
- Intelligence process tie-in
- Capability Maturity Model - incident response
- Initial phase
- Phase A
- Phase B
- Phase C
- Summary
- Chapter 12: Vulnerability Management
- A quick recap
- The Common Vulnerability Scoring System calculator
- Base metric group
- Temporal metric group
- Environmental metric group
- CVSS base scoring
- Metrics madness
- Vulnerability management overview
- Capability Maturity Model: vulnerability management - scanning
- Initial phase
- Phase A
- Phase B
- Phase C
- Capability Maturity Model: vulnerability management - reporting
- Initial phase
- Phase A
- Phase B
- Phase C
- Capability Maturity Model: vulnerability management - fix
- Initial phase
- Phase A
- Phase B
- Phase C
- Summary
- Chapter 13: Risky Business
- Risk overview
- Treating risk
- Risk tolerance and risk appetite
- Labeling things platinum, gold, silver, and copper
- Differentiating networks
- Taking a different look at risk
- Review of threat intelligence integration.
- Capability Maturity Model: risk phase - initial.
