Agile Security Operations 1st Edition by Hinne Hettema ISBN 9781801812559 1801812551

Agile Security Operations 1st Edition by Hinne Hettema – Ebook PDF Instant Download/Delivery. 9781801812559 ,1801812551
Full download Agile Security Operations 1st Edition after payment

Product details:
ISBN 10: 1801812551
ISBN 13: 9781801812559
Author: Hinne Hettema

Agile security operations allow organizations to survive cybersecurity incidents, deliver key insights into the security posture of an organization, and operate security as an integral part of development and operations. It is, deep down, how security has always operated at its best.

Agile Security Operations will teach you how to implement and operate an agile security operations model in your organization. The book focuses on the culture, staffing, technology, strategy, and tactical aspects of security operations. You’ll learn how to establish and build a team and transform your existing team into one that can execute agile security operations. As you progress through the chapters, you’ll be able to improve your understanding of some of the key concepts of security, align operations with the rest of the business, streamline your operations, learn how to report to senior levels in the organization, and acquire funding.

By the end of this Agile book, you’ll be ready to start implementing agile security operations, using the book as a handy reference.

Agile Security Operations 1st Edition Table of contents:

Section 1: Incidence Response: The Heart of Security

Chapter 1: How Security Operations Are Changing

Why security is hard

Security operations

Cybersecurity, threats, and risk

Five types of cyber defense

Security incidents

Security solutions in search of a problem

The scope of security operations

Where security operations turn agile

Agile incident response

Agile security operations

Summary

Chapter 2: Incident Response – A Key Capability in Security Operations

Facing up to breaches

The incident response cycle

Knowing an incident – detection and analysis

Detection engineering

Repurposing

Analyzing threats

Branches and pivots – how incidents change

The kill chain model

Expanding the options for defense

Lateral movement

Agile incident response

Compromise is eternal

Incidents and compromises

Why incident response needs to be agile

Team structure for incident response

Learning from incidents – from resolution to tactics to strategy

Summary

Chapter 3: Engineering for Incident Response

From incident response to agile security operations engineering

Mapping the incident loop

Feedback – closing the incident loop

The businesslike weaknesses of attackers

A brief discussion of agile frameworks

Lean

Kanban

Scrum

Agile security operations

Key activities in agile security operations

Breach

Detect

Analyze

Contain

Eradicate

Recover

Develop context and TTPs

Updating the architecture, strategy, and risk

Detection engineering

Improvements – prevention, discovery, and prediction

Tooling – defend to respond

Passive defense

Active defense – Mitre ATT&CK and Shield

Summary

Section 2: Defensible Organizations

Chapter 4: Key Concepts in Cyber Defense

What is cyber defense?

Enduring failure

The fit of security operations

Coordination and discoordination

Coordination games

Discoordination games

A framework for uncertainty

A brief overview of the Cynefin framework

Constraints

Resolving crises

Structured analytic techniques

Is this part of the security skillset?

Summary

Chapter 5: Defensible Architecture

The definition of defensible architecture

Pareto optimizable attacks

Understanding the kill chain

Requirements of defensible architecture

Defense in depth

Implied trust in network segments

Trust in the endpoints of the architecture

Defense in depth as an evolution

The new security boundaries

Principles of the defensible architecture

Roots of trust

Identity as a root of trust

Data controls as a root of trust

Algorithmic integrity as a root of trust

Roots of trust and verifiability

Elements of the defensible architecture

Prevention

Visibility and forensic readiness

Threat modeling

Attack path modeling

Defensible architecture tradeoffs

On-premises infrastructure

Cloud

Industrial

Summary

Chapter 6: Active Defense

The role of active defense

Active defense as one of the five types of cyber defense

Compromise is eternal

Agile incident response

An approach to active defense

The agile active defense process

Understanding the adversary

People and processes

Technology

Active defense during a crisis

Active defense for eternal compromise

Assess

Adapt

The pivot or []

Exapt

Transcend

Summary

Chapter 7: How Secure Are You? – Measuring Security Posture

Security as risk reduction

Measuring risk reduction

Description

Financial aspects of risks

Controls

Risk management versus enabling the business

Strategy maps – security as business value

Constructing strategy maps

Strategy map layers

Security strategy maps

Starting a security strategy

Working with the security strategy map

Financial metrics

Customer metrics

Operations metrics

Metrics for capabilities

Summary

Section 3: Advanced Agile Security Operations

Chapter 8: Red, Blue, and Purple Teaming

Red teaming and blue teaming

Why red team?

What is a red team?

What is a blue team?

Threat hunting

Hunt leads

Analytic queries

Alternative hunt leads – alert streams and detections

Implementing a threat hunting practice

Purple teaming concepts

Purple team activities

Characteristics of blue and red teams

Agile approaches to purple teaming

Purple teaming operations

Planning – sources of attack data

Planning – cadence and process

Executing the red side of purple teaming

Feedback – moving to an agile approach

Closing into threat-informed defense

Business value from purple teaming

Security baselining

Security posture improvement

Threat-informed defense

Summary

Chapter 9: Running and Operating Security Services

The essential security services

What is a service?

Service worksheets

Strategy service

Policies

Architecture

Deployment

Monitoring and alerting

Incident response

Other services

Service maturity

Maturity management

Practices – components of a service

Measuring effectiveness

Maturity models

Defining Capability

Maturity does not stand alone

Drawbacks of Maturity

Agile approaches to the six security services

Agile

DevOps cycle

Summary

Chapter 10: Implementing Agile Threat Intelligence

What threat intelligence is and isn’t

A threat intelligence program

Acquiring threat intelligence

Running your own function

Using threat intelligence

Direction

Understanding risk reduction

Using past attacks as a guide

Scoping prospective groups

Business capabilities and operational context

The influence on direction

Collection and collation

The data funnel

External feeds

Feeds meeting internal logs

Interpretation

Using structured analytic techniques

Threat groups

Dissemination

Risk analysis

Alerting, hunting, and detection

Infrastructure hardening

Summary

Appendix

Principles of cybersecurity operations

Further reading

Background

Cynefin framework

Cynefin Field guide

Structured analytic techniques

Architecture

Threat modeling

Organizations

Operations

Principles for operations

SOC operations

People to follow

Why subscribe?

Other Books You May Enjoy

Packt is searching for authors like you

Share Your Thoughts

People also search for Agile Security Operations 1st Edition:

agile practice guide 1st edition

agile devsecops principles

operations security annual refresher course answers

operations security answers