Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Agile Security Operations
  • Table Of Contents Toc
Agile Security Operations

Agile Security Operations

By : Hinne Hettema
5 (5)
Buy this Book
close
close
Agile Security Operations

Agile Security Operations

5 (5)
By: Hinne Hettema
Buy this Book

Overview of this book

Agile security operations allow organizations to survive cybersecurity incidents, deliver key insights into the security posture of an organization, and operate security as an integral part of development and operations. It is, deep down, how security has always operated at its best. Agile Security Operations will teach you how to implement and operate an agile security operations model in your organization. The book focuses on the culture, staffing, technology, strategy, and tactical aspects of security operations. You'll learn how to establish and build a team and transform your existing team into one that can execute agile security operations. As you progress through the chapters, you’ll be able to improve your understanding of some of the key concepts of security, align operations with the rest of the business, streamline your operations, learn how to report to senior levels in the organization, and acquire funding. By the end of this Agile book, you'll be ready to start implementing agile security operations, using the book as a handy reference.
Table of Contents (17 chapters)
close
close
close
Preface
Icon
Preface
Icon
Who this book is for
Icon
What this book covers
Icon
To get the most out of this book
Icon
Download the color images
Icon
Conventions used
Icon
Get in touch
Icon
Share Your Thoughts
1
Section 1: Incidence Response: The Heart of Security
Icon
Section 1: Incidence Response: The Heart of Security
Lock Free Chapter
2
Chapter 1: How Security Operations Are Changing
Icon
Chapter 1: How Security Operations Are Changing
Icon
Why security is hard
Icon
Security incidents
Icon
Security solutions in search of a problem
Icon
The scope of security operations
Icon
Where security operations turn agile
Icon
Summary
3
Chapter 2: Incident Response – A Key Capability in Security Operations
chevron up
Icon
Chapter 2: Incident Response – A Key Capability in Security Operations
Icon
Facing up to breaches
Icon
Knowing an incident – detection and analysis
Icon
Branches and pivots – how incidents change
Icon
Agile incident response
Icon
Learning from incidents – from resolution to tactics to strategy
Icon
Summary
4
Chapter 3: Engineering for Incident Response
Icon
Chapter 3: Engineering for Incident Response
Icon
From incident response to agile security operations engineering
Icon
The businesslike weaknesses of attackers
Icon
A brief discussion of agile frameworks
Icon
Agile security operations
Icon
Key activities in agile security operations
Icon
Tooling – defend to respond
Icon
Summary
5
Section 2: Defensible Organizations
Icon
Section 2: Defensible Organizations
6
Chapter 4: Key Concepts in Cyber Defense
Icon
Chapter 4: Key Concepts in Cyber Defense
Icon
What is cyber defense?
Icon
Coordination and discoordination
Icon
A framework for uncertainty
Icon
Structured analytic techniques
Icon
Is this part of the security skillset?
Icon
Summary
7
Chapter 5: Defensible Architecture
Icon
Chapter 5: Defensible Architecture
Icon
The definition of defensible architecture
Icon
Requirements of defensible architecture
Icon
Defense in depth
Icon
The new security boundaries
Icon
Roots of trust
Icon
Elements of the defensible architecture
Icon
Defensible architecture tradeoffs
Icon
Summary
8
Chapter 6: Active Defense
Icon
Chapter 6: Active Defense
Icon
The role of active defense
Icon
The agile active defense process
Icon
Understanding the adversary
Icon
Active defense during a crisis
Icon
Active defense for eternal compromise
Icon
Summary
9
Chapter 7: How Secure Are You? – Measuring Security Posture
Icon
Chapter 7: How Secure Are You? – Measuring Security Posture
Icon
Security as risk reduction
Icon
Measuring risk reduction
Icon
Strategy maps – security as business value
Icon
Working with the security strategy map
Icon
Summary
10
Section 3: Advanced Agile Security Operations
Icon
Section 3: Advanced Agile Security Operations
11
Chapter 8: Red, Blue, and Purple Teaming
Icon
Chapter 8: Red, Blue, and Purple Teaming
Icon
Red teaming and blue teaming
Icon
Threat hunting
Icon
Purple teaming concepts
Icon
Agile approaches to purple teaming
Icon
Purple teaming operations
Icon
Closing into threat-informed defense
Icon
Summary
12
Chapter 9: Running and Operating Security Services
Icon
Chapter 9: Running and Operating Security Services
Icon
The essential security services
Icon
Service maturity
Icon
Agile approaches to the six security services
Icon
Summary
13
Chapter 10: Implementing Agile Threat Intelligence
Icon
Chapter 10: Implementing Agile Threat Intelligence
Icon
What threat intelligence is and isn't
Icon
A threat intelligence program
Icon
Direction
Icon
Collection and collation
Icon
Interpretation
Icon
Dissemination
Icon
Summary
14
Further reading
Icon
Further reading
Icon
Background
Icon
Operations
Icon
People to follow
Icon
Why subscribe?
15
Other Books You May Enjoy
Icon
Other Books You May Enjoy
Icon
Packt is searching for authors like you
Icon
Share Your Thoughts
1
Appendix
Icon
Principles of cybersecurity operations

Chapter 2: Incident Response – A Key Capability in Security Operations

It is quite common during incident response to find that the indicators of an attack were there long before an incident was declared. It is also a fact that the dwell time of attackers in a victim environment can be in the order of months. Organizations are attempting to keep attackers out, but they don't seem to be succeeding.

In this chapter, I will argue that this is because organizations are not adapting to an assumption of compromise. An assumption of compromise is the result of the realization that adversaries can stay undetected for a long time, and hence it is likely that at any point in time, a part of the network is compromised or under an attack that has not yet been detected. Even in cases where an assumed compromise philosophy is adopted, the necessary lessons are not always learned: assumed compromise involves developing a continuous and advanced process of incident response, where a...

Visually different images
CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
Agile Security Operations
End of Section 3
Next Section
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon