دانلود کتاب Cybersecurity Blue Team Strategies: Uncover the secrets of blue teams to combat cyber threats in your organization

فهرست مطالب :

Cover
Title Page
Copyrights and Credits
Contributors
About the reviewers
Table of Contents
Preface
Part 1:Establishing the Blue
Chapter 1: Establishing a Defense Program
How do organizations benefit from implementing the blue teaming approach?
Risk assessment
Monitoring and surveillance
Security controls
Reporting and recommendation to management
A blue team’s composition
Analysts
Incident responder
Threat hunter
Security consultant
Security administrator
Identity and Access Management (IAM) administrator
Compliance analyst
Red team
Purple team
Cyber threat intelligence
Skills required to be in a blue team
Eager to learn and detail-oriented
In-depth knowledge of networks and systems
Outside-the-box and innovative thinking
Ability to cross conventional barriers to perform tasks
Academics, qualifications, and certifications
Talent development and retention
Cyber labs
Capture-the-Flag and hackathons
Research and development projects
Community outreach
Mentoring
Continuous unhindered learning
Summary
Chapter 2: Managing a Defense Security Team
Why must organizations consider metricizing cybersecurity?
Blue team KRIs
How does a blue team initiate designing KRIs for their team?
Selecting essential cybersecurity metrics
Why and how organizations can automate this process
What pitfalls to avoid when automating the workflows of the blue team
Automating how KRIs are collected and presented
Summary
Chapter 3: Risk Assessment
Following the NIST methodology
NIST risk assessment methodology
Asset inventory
Risk management methods
Threat identification
Risk calculation
Risk management responsibilities
Summary
References
Chapter 4: Blue Team Operations
Understanding defense strategy
Blue team operations – infrastructure
Blue team operations – applications
Blue team operations – systems
Blue team operations – endpoints
Blue team operations – cloud
Defense planning against insiders
Responsibilities in blue team operations
Summary
Chapter 5: Threats
What are cyber threats?
The Cyber Kill Chain
Phase 1 – reconnaissance
Phase 2 – weaponization
Phase 3 – delivery
Phase 4 – exploitation
Phase 5 – installation
Phase 6 – command and control
Phase 7 – actions on objective
Internal attacks
Different types of cyber threat actors
Impacts of cybercrime
An approach to security that is proactive rather than reactive
Summary
Chapter 6: Governance, Compliance, Regulations, and Best Practices
Definition of stakeholders and their needs
Building risk indicators
Compliance needs and the identification of compliance requirements
Assurance of compliance and the right level of governance
Summary
Part 2:Controlling the Fray
What are security controls?
Preventive controls
Detective controls
Deterrent controls
Compensating controls
Corrective controls
Defense-in-depth
Chapter 7: Preventive Controls
What are preventive controls?
Benefits
Types of preventive controls
Administrative
Physical
Technical/logical
Layers of preventive controls
Policy control
Perimeter/physical controls
Network controls
Data security controls
Application security controls
Endpoint security controls
User security
Summary
Chapter 8: Detective Controls
What are detective controls?
Types of detective controls
SOC
How does a SOC work?
What are the benefits of a SOC?
Vulnerability testing
Penetration testing
Red teams
Bug bounty
Source code scanning
Compliance scanning or hardening scans
Tools for detective controls
Threat Intelligence Platform (TIP)
Security Orchestration, Automation, and Response (SOAR) tools
Security Information and Event Management (SIEM) tools
Digital Forensics (DF) tools
Summary
Chapter 9: Cyber Threat Intelligence
What is CTI?
The quality of CTI
Types of threat intelligence
Strategic threat intelligence
Tactical threat intelligence
Operational threat intelligence
Threat intelligence implementation
1 – Developing a plan
2 – Collection
3 – Processing
4 – Analysis
5 – Dissemination
6 – Feedback
Threat hunting
The importance of threat hunting
Using CTI effectively
The MITRE ATT&CK framework
The MITRE ATT&CK Matrix
How to implement the ATT&CK framework
Summary
Chapter 10: Incident Response and Recovery
Incident response planning
Testing incident response plans
Incident response playbooks
Ransomware attacks Playbook
Data loss/theft attacks playbook
Phishing attacks playbook
Disaster recovery planning
Cyber insurance
Summary
Chapter 11: Prioritizing and Implementing a Blue Team Strategy
Emerging detection and prevention technologies and techniques
Adversary emulation
VCISO services
Context-aware security
Defensive AI
Extended Detection and Response (XDR)
Manufacturer Usage Description (MUD)
Zero Trust
Pitfalls to avoid while setting up a blue team
Getting started on your blue team journey
Summary
Part 3:Ask the Experts
Chapter 12: Expert Insights
Anthony Desvernois
William B. Nelson
Career
Non-profit and volunteer work
Laurent Gerardin
Peter Sheppard, BSc (Hons), MBCS, CITP, CISA
Pieter Danhieux, CEO and Co-Founder, Secure Code Warrior
Index
Other Books You May Enjoy