What this book covers
Chapter 1, Establishing a Defense Program, provides a general description of what a blue team is and what its role is in the business. Moreover, it contains a historic review of how blue teams came to be. It also discusses the difference between red teams and blue teams.
Chapter 2, Managing a Defense Security Team, explains the role this team should play in an organization, and also what processes to build up and what responsibilities to give to such a team. Moreover, the chapter discusses how this team would work with the other departments in an organization.
Chapter 3, Risk Assessment, explores risk assessments, how a blue team should go about conducting one, and how to calculate risk for their organization.
Chapter 4, Blue Team Operations, explores the blue team operations that should be considered by an organization when they consider setting up cyber defence capabilities, including what key focus areas to look into and how to avoid any blind spots.
Chapter 5, Threats, explores how a blue team should go about identifying the major threats to their organization, that is, how to classify, assess, and prioritize risks.
Chapter 6, Governance, Compliance, Regulations, and Best Practices, explains what governance is, how to do it correctly, and how to provide visibility to all the stakeholders in the organization. You will also learn why it is important to be aware of any external requirements, to ensure they are based at the right level, and lastly, what to expect from major regulations (such as GDPR).
Chapter 7, Preventive Controls, covers the various controls that a defense team should consider. The chapter is structured as per the NIST framework, which will be touched upon briefly. The intention is to help you understand the full spectrum of controls to consider.
Chapter 8, Detective Controls, goes through why detective controls are needed and how to augment preventive controls. Moreover, the chapter reviews how such controls work in a typical organization, and what processes are needed in tandem with the technology to ensure an adequate level of security.
Chapter 9, Cyber Threat Intelligence, delves into threat intelligence, its foundation, and how it is an important tool in the arsenal of a blue team. Secondly, the chapter explains how a blue team can keep itself updated on the latest threats and methods.
Chapter 10, Incident Response and Recovery, explains how to make incident response plans, how to test those plans, and what to do about cyber-insurance. The chapter also covers the NIST: Respond, Recover methodology and explains it thoroughly with examples from incident response teams.
Chapter 11, Prioritizing and Implementing a Blue Team Strategy, summarizes everything we have learned in this book, and how to prioritize various steps to suit your organization. This chapter also refers to emerging technologies and methodologies that are becoming commonplace in the information security industry.
Chapter 12, Expert Insights, introduces industry experts who will share their views on the book. They will share from their own experience how they went about establishing their own blue-team processes and what tools or frameworks helped them along the way.