Book Image

Incident Response in the Age of Cloud

By : Dr. Erdal Ozkaya
Book Image

Incident Response in the Age of Cloud

By: Dr. Erdal Ozkaya

Overview of this book

Cybercriminals are always in search of new methods to infiltrate systems. Quickly responding to an incident will help organizations minimize losses, decrease vulnerabilities, and rebuild services and processes. In the wake of the COVID-19 pandemic, with most organizations gravitating towards remote working and cloud computing, this book uses frameworks such as MITRE ATT&CK® and the SANS IR model to assess security risks. The book begins by introducing you to the cybersecurity landscape and explaining why IR matters. You will understand the evolution of IR, current challenges, key metrics, and the composition of an IR team, along with an array of methods and tools used in an effective IR process. You will then learn how to apply these strategies, with discussions on incident alerting, handling, investigation, recovery, and reporting. Further, you will cover governing IR on multiple platforms and sharing cyber threat intelligence and the procedures involved in IR in the cloud. Finally, the book concludes with an “Ask the Experts” chapter wherein industry experts have provided their perspective on diverse topics in the IR sphere. By the end of this book, you should become proficient at building and applying IR strategies pre-emptively and confidently.
Table of Contents (18 chapters)
16
Other Books You May Enjoy
17
Index

Reporting to the IR team

The IR team is usually at the forefront of mitigating an incident. It, therefore, has access to all information about an incident. Thus, when an incident has been handled, the team should be given a detailed report for their records that covers various details, which are as follows.

Description of the incident

The IR team will be given a description of the events that led to the incident, the systems or users that were affected, and the time the incident took place. The description should be as succinct and specific as possible as the team members will already be conversant with the whole incident.

Cause of the incident

The report should also explain the cause of the incident. The root cause of the incident needs to be validated before its inclusion in the report. This is because the real cause of a security breach might at times not be easy to discern and using assumptions in the report could create a perilous precedent or possible confusion...