Chapter 3: Engineering for Incident Response
In the previous two chapters, we discussed security operations and incident response and looked at some of the key elements that come into play in incident response, such as the incident response cycle and the kill chain. We have also argued, albeit somewhat loosely, that agile is the best approach for both security operations and incident response. In this chapter, the aim is to tighten up that argument and develop an agile framework in more detail, as well as outline what relationships exist between existing agile approaches and agile security operations.
In this chapter, we will discuss the engineering aspects of incident response, from the viewpoint that incident response is a continuing operational activity that defines agile security operations.
We will primarily build on the incident response loop to develop an agile framework for security operations and discuss some of the engineering aspects. This will be the final chapter...