Book Image

Agile Security Operations

By : Hinne Hettema
Book Image

Agile Security Operations

By: Hinne Hettema

Overview of this book

Agile security operations allow organizations to survive cybersecurity incidents, deliver key insights into the security posture of an organization, and operate security as an integral part of development and operations. It is, deep down, how security has always operated at its best. Agile Security Operations will teach you how to implement and operate an agile security operations model in your organization. The book focuses on the culture, staffing, technology, strategy, and tactical aspects of security operations. You'll learn how to establish and build a team and transform your existing team into one that can execute agile security operations. As you progress through the chapters, you’ll be able to improve your understanding of some of the key concepts of security, align operations with the rest of the business, streamline your operations, learn how to report to senior levels in the organization, and acquire funding. By the end of this Agile book, you'll be ready to start implementing agile security operations, using the book as a handy reference.

Related Content you might be interested in

Current Title:

Small book image
Agile Security Operations
Hinne Hettema
Feb, 2022 | 254 pages
Small book image
Purple Team Strategies
Samuel Rossier | David Routin | Simon Thoores
Jun, 2022 | 450 pages
Small book image
Cybersecurity Blue Team Strategies
Kunal Sehgal | Nikolaos Thymianis
Feb, 2023 | 208 pages
Small book image
Operationalizing Threat Intelligence
Joseph Opacki | Kyle Wilhoit
Jun, 2022 | 460 pages
Table of Contents (17 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the color images
Conventions used
Get in touch
Share Your Thoughts
1
Section 1: Incidence Response: The Heart of Security
Section 1: Incidence Response: The Heart of Security
Free Chapter
2
Chapter 1: How Security Operations Are Changing
Chapter 1: How Security Operations Are Changing
Why security is hard
Security incidents
Security solutions in search of a problem
The scope of security operations
Where security operations turn agile
Summary
3
Chapter 2: Incident Response – A Key Capability in Security Operations
Chapter 2: Incident Response – A Key Capability in Security Operations
Facing up to breaches
Knowing an incident – detection and analysis
Branches and pivots – how incidents change
Agile incident response
Learning from incidents – from resolution to tactics to strategy
Summary
4
Chapter 3: Engineering for Incident Response
Chapter 3: Engineering for Incident Response
From incident response to agile security operations engineering
The businesslike weaknesses of attackers
A brief discussion of agile frameworks
Agile security operations
Key activities in agile security operations
Tooling – defend to respond
Summary
5
Section 2: Defensible Organizations
Section 2: Defensible Organizations
6
Chapter 4: Key Concepts in Cyber Defense
Chapter 4: Key Concepts in Cyber Defense
What is cyber defense?
Coordination and discoordination
A framework for uncertainty
Structured analytic techniques
Is this part of the security skillset?
Summary
7
Chapter 5: Defensible Architecture
Chapter 5: Defensible Architecture
The definition of defensible architecture
Requirements of defensible architecture
Defense in depth
The new security boundaries
Roots of trust
Elements of the defensible architecture
Defensible architecture tradeoffs
Summary
8
Chapter 6: Active Defense
Chapter 6: Active Defense
The role of active defense
The agile active defense process
Understanding the adversary
Active defense during a crisis
Active defense for eternal compromise
Summary
9
Chapter 7: How Secure Are You? – Measuring Security Posture
Chapter 7: How Secure Are You? – Measuring Security Posture
Security as risk reduction
Measuring risk reduction
Strategy maps – security as business value
Working with the security strategy map
Summary
10
Section 3: Advanced Agile Security Operations
Section 3: Advanced Agile Security Operations
11
Chapter 8: Red, Blue, and Purple Teaming
Chapter 8: Red, Blue, and Purple Teaming
Red teaming and blue teaming
Threat hunting
Purple teaming concepts
Agile approaches to purple teaming
Purple teaming operations
Closing into threat-informed defense
Summary
12
Chapter 9: Running and Operating Security Services
Chapter 9: Running and Operating Security Services
The essential security services
Service maturity
Agile approaches to the six security services
Summary
13
Chapter 10: Implementing Agile Threat Intelligence
Chapter 10: Implementing Agile Threat Intelligence
What threat intelligence is and isn't
A threat intelligence program
Direction
Collection and collation
Interpretation
Dissemination
Summary
14
Further reading
Further reading
Background
Operations
People to follow
Why subscribe?
15
Other Books You May Enjoy
Other Books You May Enjoy
Packt is searching for authors like you
Share Your Thoughts
Appendix
Principles of cybersecurity operations

Summary

In this chapter, we have laid the groundwork for understanding why incident response is the key security capability under an assumption of continuous compromise. We have adapted the incident response cycle to deal with conditions where security teams are responding to incidents in a continuous manner.

Specifically, this chapter has covered why a philosophy of assumed compromise requires changes to the incident response practice. In the assumed compromise model, incidents are constant and hence incident response becomes a continuous process.

We have discussed the kill chain model for cyber-attacks and argued that the reality of lateral movement implies that the kill chain model must be extended to include lateral movement. Moreover, the reality of lateral movement drives a preference for an agile incident response process.

We have also introduced a model for detection engineering, which we will return to in Chapter 3, Engineering for Incident Response.

We concluded...

Previous Section
End of Chapter 3
Next Chapter