Cyber threat intelligence / (Record no. 12938)
[ view plain ]
| 000 -LEADER | |
|---|---|
| fixed length control field | 10366cam a2200697 i 4500 |
| 001 - CONTROL NUMBER | |
| control field | on1353818639 |
| 003 - CONTROL NUMBER IDENTIFIER | |
| control field | OCoLC |
| 005 - DATE AND TIME OF LATEST TRANSACTION | |
| control field | 20240523125544.0 |
| 006 - FIXED-LENGTH DATA ELEMENTS--ADDITIONAL MATERIAL CHARACTERISTICS | |
| fixed length control field | m o d |
| 007 - PHYSICAL DESCRIPTION FIXED FIELD--GENERAL INFORMATION | |
| fixed length control field | cr cnu---unuuu |
| 008 - FIXED-LENGTH DATA ELEMENTS--GENERAL INFORMATION | |
| fixed length control field | 221004s2023 enka ob 001 0 eng |
| 010 ## - LIBRARY OF CONGRESS CONTROL NUMBER | |
| LC control number | 2022047003 |
| 040 ## - CATALOGING SOURCE | |
| Original cataloging agency | DLC |
| Language of cataloging | eng |
| Description conventions | rda |
| Transcribing agency | DLC |
| Modifying agency | OCLCF |
| -- | YDX |
| -- | ORMDA |
| -- | DG1 |
| -- | UKAHL |
| -- | SFB |
| -- | N$T |
| -- | IEEEE |
| -- | OCLCQ |
| -- | OCLCO |
| 019 ## - | |
| -- | 1376385580 |
| 020 ## - INTERNATIONAL STANDARD BOOK NUMBER | |
| International Standard Book Number | 1119861764 |
| Qualifying information | electronic book |
| 020 ## - INTERNATIONAL STANDARD BOOK NUMBER | |
| International Standard Book Number | 9781119861751 |
| Qualifying information | electronic book |
| 020 ## - INTERNATIONAL STANDARD BOOK NUMBER | |
| International Standard Book Number | 1119861756 |
| Qualifying information | electronic book |
| 020 ## - INTERNATIONAL STANDARD BOOK NUMBER | |
| International Standard Book Number | 9781119861775 |
| Qualifying information | electronic book |
| 020 ## - INTERNATIONAL STANDARD BOOK NUMBER | |
| International Standard Book Number | 1119861772 |
| Qualifying information | electronic book |
| 020 ## - INTERNATIONAL STANDARD BOOK NUMBER | |
| International Standard Book Number | 9781119861768 |
| Qualifying information | (electronic bk.) |
| 020 ## - INTERNATIONAL STANDARD BOOK NUMBER | |
| Canceled/invalid ISBN | 9781119861744 |
| Qualifying information | hardcover |
| 020 ## - INTERNATIONAL STANDARD BOOK NUMBER | |
| Canceled/invalid ISBN | 1119861748 |
| 024 7# - OTHER STANDARD IDENTIFIER | |
| Standard number or code | 10.1002/9781119861775 |
| Source of number or code | doi |
| 029 1# - OTHER SYSTEM CONTROL NUMBER (OCLC) | |
| OCLC library identifier | AU@ |
| System control number | 000074578709 |
| 035 ## - SYSTEM CONTROL NUMBER | |
| System control number | (OCoLC)1353818639 |
| Canceled/invalid control number | (OCoLC)1376385580 |
| 037 ## - SOURCE OF ACQUISITION | |
| Stock number | 9781119861744 |
| Source of stock number/acquisition | O'Reilly Media |
| 037 ## - SOURCE OF ACQUISITION | |
| Stock number | 10124066 |
| Source of stock number/acquisition | IEEE |
| 042 ## - AUTHENTICATION CODE | |
| Authentication code | pcc |
| 050 04 - LIBRARY OF CONGRESS CALL NUMBER | |
| Classification number | TK5105.59 |
| Item number | .L47 2023 |
| 082 00 - DEWEY DECIMAL CLASSIFICATION NUMBER | |
| Classification number | 005.8/7 |
| Edition number | 23/eng/20221205 |
| 049 ## - LOCAL HOLDINGS (OCLC) | |
| Holding library | MAIN |
| 100 1# - MAIN ENTRY--PERSONAL NAME | |
| Personal name | Lee, Martin |
| Titles and words associated with a name | (Computer security expert), |
| Relator term | author. |
| 245 10 - TITLE STATEMENT | |
| Title | Cyber threat intelligence / |
| Statement of responsibility, etc. | Martin Lee. |
| 264 #1 - PRODUCTION, PUBLICATION, DISTRIBUTION, MANUFACTURE, AND COPYRIGHT NOTICE | |
| Place of production, publication, distribution, manufacture | Hoboken, New Jersey : |
| Name of producer, publisher, distributor, manufacturer | John Wiley & Sons, Inc., |
| Date of production, publication, distribution, manufacture, or copyright notice | [2023] |
| 300 ## - PHYSICAL DESCRIPTION | |
| Extent | 1 online resource (xx, 284 pages) : |
| Other physical details | illustrations (some color) |
| 336 ## - CONTENT TYPE | |
| Content type term | text |
| Content type code | txt |
| Source | rdacontent |
| 337 ## - MEDIA TYPE | |
| Media type term | computer |
| Media type code | c |
| Source | rdamedia |
| 338 ## - CARRIER TYPE | |
| Carrier type term | online resource |
| Carrier type code | cr |
| Source | rdacarrier |
| 504 ## - BIBLIOGRAPHY, ETC. NOTE | |
| Bibliography, etc. note | Includes bibliographical references and index. |
| 520 ## - SUMMARY, ETC. | |
| Summary, etc. | "This book describes the intelligence techniques and models used in cyber threat intelligence. It provides a survey of ideas, views and concepts, rather than offering a hands-on practical guide. It is intended for anyone who wishes to learn more about the domain, possibly because they wish to develop a career in intelligence, and as a reference for those already working in the area. The origins of this book lie in an awkward dinner conversation. On one side of the table was myself, a software engineer who had fallen into the domain of cyber security more or less by accident. On the other was a uniformed senior military intelligence officer. A shared professional interest in cyber threat intelligence had led to us being invited to the same event"-- |
| Assigning source | Provided by publisher. |
| 588 ## - SOURCE OF DESCRIPTION NOTE | |
| Source of description note | Description based on online resource; title from digital title page (viewed on April 25, 2023). |
| 505 0# - FORMATTED CONTENTS NOTE | |
| Formatted contents note | Cover -- Title Page -- Copyright Page -- Contents -- Preface -- About the Author -- Abbreviations -- Endorsements for Martin Lee's Book -- Chapter 1 Introduction -- 1.1 Definitions -- 1.1.1 Intelligence -- 1.1.2 Cyber Threat -- 1.1.3 Cyber Threat Intelligence -- 1.2 History of Threat Intelligence -- 1.2.1 Antiquity -- 1.2.2 Ancient Rome -- 1.2.3 Medieval and Renaissance Age -- 1.2.4 Industrial Age -- 1.2.5 World War I -- 1.2.6 World War II -- 1.2.7 Post War Intelligence -- 1.2.8 Cyber Threat Intelligence -- 1.2.9 Emergence of Private Sector Intelligence Sharing -- 1.3 Utility of Threat Intelligence -- 1.3.1 Developing Cyber Threat Intelligence -- Summary -- References -- Chapter 2 Threat Environment -- 2.1 Threat -- 2.1.1 Threat Classification -- 2.2 Risk and Vulnerability -- 2.2.1 Human Vulnerabilities -- 2.2.1.1 Example -- Business Email Compromise -- 2.2.2 Configuration Vulnerabilities -- 2.2.2.1 Example -- Misconfiguration of Cloud Storage -- 2.2.3 Software Vulnerabilities -- 2.2.3.1 Example -- Log4j Vulnerabilities -- 2.3 Threat Actors -- 2.3.1 Example -- Operation Payback -- 2.3.2 Example -- Stuxnet -- 2.3.3 Tracking Threat Actors -- 2.4 TTPs -- Tactics, Techniques, and Procedures -- 2.5 Victimology -- 2.5.1 Diamond Model -- 2.6 Threat Landscape -- 2.6.1 Example -- Ransomware -- 2.7 Attack Vectors, Vulnerabilities, and Exploits -- 2.7.1 Email Attack Vectors -- 2.7.2 Web-Based Attacks -- 2.7.3 Network Service Attacks -- 2.7.4 Supply Chain Attacks -- 2.8 The Kill Chain -- 2.9 Untargeted versus Targeted Attacks -- 2.10 Persistence -- 2.11 Thinking Like a Threat Actor -- Summary -- References -- Chapter 3 Applying Intelligence -- 3.1 Planning Intelligence Gathering -- 3.1.1 The Intelligence Programme -- 3.1.2 Principles of Intelligence -- 3.1.3 Intelligence Metrics -- 3.2 The Intelligence Cycle -- 3.2.1 Planning, Requirements, and Direction. |
| 505 8# - FORMATTED CONTENTS NOTE | |
| Formatted contents note | 3.2.2 Collection -- 3.2.3 Analysis and Processing -- 3.2.4 Production -- 3.2.5 Dissemination -- 3.2.6 Review -- 3.3 Situational Awareness -- 3.3.1 Example -- 2013 Target Breach -- 3.4 Goal Oriented Security and Threat Modelling -- 3.5 Strategic, Operational, and Tactical Intelligence -- 3.5.1 Strategic Intelligence -- 3.5.1.1 Example -- Lazarus Group -- 3.5.2 Operational Intelligence -- 3.5.2.1 Example -- SamSam -- 3.5.3 Tactical Intelligence -- 3.5.3.1 Example -- WannaCry -- 3.5.4 Sources of Intelligence Reports -- 3.5.4.1 Example -- Shamoon -- 3.6 Incident Preparedness and Response -- 3.6.1 Preparation and Practice -- Summary -- References -- Chapter 4 Collecting Intelligence -- 4.1 Hierarchy of Evidence -- 4.1.1 Example -- Smoking Tobacco Risk -- 4.2 Understanding Intelligence -- 4.2.1 Expressing Credibility -- 4.2.2 Expressing Confidence -- 4.2.3 Understanding Errors -- 4.2.3.1 Example -- the WannaCry Email -- 4.2.3.2 Example -- the Olympic Destroyer False Flags -- 4.3 Third Party Intelligence Reports -- 4.3.1 Tactical and Operational Reports -- 4.3.1.1 Example -- Heartbleed -- 4.3.2 Strategic Threat Reports -- 4.4 Internal Incident Reports -- 4.5 Root Cause Analysis -- 4.6 Active Intelligence Gathering -- 4.6.1 Example -- the Nightingale Floor -- 4.6.2 Example -- the Macron Leaks -- Summary -- References -- Chapter 5 Generating Intelligence -- 5.1 The Intelligence Cycle in Practice -- 5.1.1 See it, Sense it, Share it, Use it -- 5.1.2 F3EAD Cycle -- 5.1.3 D3A Process -- 5.1.4 Applying the Intelligence Cycle -- 5.1.4.1 Planning and Requirements -- 5.1.4.2 Collection, Analysis, and Processing -- 5.1.4.3 Production and Dissemination -- 5.1.4.4 Feedback and Improvement -- 5.1.4.5 The Intelligence Cycle in Reverse -- 5.2 Sources of Data -- 5.3 Searching Data -- 5.4 Threat Hunting -- 5.4.1 Models of Threat Hunting -- 5.4.2 Analysing Data. |
| 505 8# - FORMATTED CONTENTS NOTE | |
| Formatted contents note | 5.4.3 Entity Behaviour Analytics -- 5.5 Transforming Data into Intelligence -- 5.5.1 Structured Geospatial Analytical Method -- 5.5.2 Analysis of Competing Hypotheses -- 5.5.3 Poor Practices -- 5.6 Sharing Intelligence -- 5.6.1 Machine Readable Intelligence -- 5.7 Measuring the Effectiveness of Generated Intelligence -- Summary -- References -- Chapter 6 Attribution -- 6.1 Holding Perpetrators to Account -- 6.1.1 Punishment -- 6.1.2 Legal Frameworks -- 6.1.3 Cyber Crime Legislation -- 6.1.4 International Law -- 6.1.5 Crime and Punishment -- 6.2 Standards of Proof -- 6.2.1 Forensic Evidence -- 6.3 Mechanisms of Attribution -- 6.3.1 Attack Attributes -- 6.3.1.1 Attacker TTPs -- 6.3.1.2 Example -- HAFNIUM -- 6.3.1.3 Attacker Infrastructure -- 6.3.1.4 Victimology -- 6.3.1.5 Malicious Code -- 6.3.2 Asserting Attribution -- 6.4 Anti-Attribution Techniques -- 6.4.1 Infrastructure -- 6.4.2 Malicious Tools -- 6.4.3 False Attribution -- 6.4.4 Chains of Attribution -- 6.5 Third Party Attribution -- 6.6 Using Attribution -- Summary -- References -- Chapter 7 Professionalism -- 7.1 Notions of Professionalism -- 7.1.1 Professional Ethics -- 7.2 Developing a New Profession -- 7.2.1 Professional Education -- 7.2.2 Professional Behaviour and Ethics -- 7.2.2.1 Professionalism in Medicine -- 7.2.2.2 Professionalism in Accountancy -- 7.2.2.3 Professionalism in Engineering -- 7.2.3 Certifications and Codes of Ethics -- 7.3 Behaving Ethically -- 7.3.1 The Five Philosophical Approaches -- 7.3.2 The Josephson Model -- 7.3.3 PMI Ethical Decision Making Framework -- 7.4 Legal and Ethical Environment -- 7.4.1 Planning -- 7.4.1.1 Responsible Vulnerability Disclosure -- 7.4.1.2 Vulnerability Hoarding -- 7.4.2 Collection, Analysis, and Processing -- 7.4.2.1 PRISM Programme -- 7.4.2.2 Open and Closed Doors -- 7.4.3 Dissemination -- 7.4.3.1 Doxxing -- 7.5 Managing the Unexpected. |
| 505 8# - FORMATTED CONTENTS NOTE | |
| Formatted contents note | 7.6 Continuous Improvement -- Summary -- References -- Chapter 8 Future Threats and Conclusion -- 8.1 Emerging Technologies -- 8.1.1 Smart Buildings -- 8.1.1.1 Software Errors -- 8.1.1.2 Example -- Maroochy Shire Incident -- 8.1.2 Health Care -- 8.1.2.1 Example -- Conti Attack Against Irish Health Sector -- 8.1.3 Transport Systems -- 8.2 Emerging Attacks -- 8.2.1 Threat Actor Evolutions -- 8.2.1.1 Criminal Threat Actors -- 8.2.1.2 Nation State Threat Actors -- 8.2.1.3 Other Threat Actors -- 8.3 Emerging Workforce -- 8.3.1 Job Roles and Skills -- 8.3.2 Diversity in Hiring -- 8.3.3 Growing the Profession -- 8.4 Conclusion -- References -- Chapter 9 Case Studies -- 9.1 Target Compromise 2013 -- 9.1.1 Background -- 9.1.2 The Attack -- 9.2 WannaCry 2017 -- 9.2.1 Background -- 9.2.1.1 Guardians of Peace -- 9.2.1.2 The Shadow Brokers -- 9.2.1.3 Threat Landscape -- Worms and Ransomware -- 9.2.2 The Attack -- 9.2.2.1 Prelude -- 9.2.2.2 Malware -- 9.3 NotPetya 2017 -- 9.3.1 Background -- 9.3.2 The Attack -- 9.3.2.1 Distribution -- 9.3.2.2 Payload -- 9.3.2.3 Spread and Consequences -- 9.4 VPNFilter 2018 -- 9.4.1 Background -- 9.4.2 The Attack -- 9.5 SUNBURST and SUNSPOT 2020 -- 9.5.1 Background -- 9.5.2 The Attack -- 9.6 Macron Leaks 2017 -- 9.6.1 Background -- 9.6.2 The Attack -- References -- Index -- EULA. |
| 590 ## - LOCAL NOTE (RLIN) | |
| Local note | John Wiley and Sons |
| Provenance (VM) [OBSOLETE] | Wiley Online Library: Complete oBooks |
| 650 #0 - SUBJECT ADDED ENTRY--TOPICAL TERM | |
| Topical term or geographic name entry element | Cyber intelligence (Computer security) |
| 650 #0 - SUBJECT ADDED ENTRY--TOPICAL TERM | |
| Topical term or geographic name entry element | Cyberterrorism |
| General subdivision | Prevention. |
| 650 #0 - SUBJECT ADDED ENTRY--TOPICAL TERM | |
| Topical term or geographic name entry element | Cyberspace operations (Military science) |
| 650 #6 - SUBJECT ADDED ENTRY--TOPICAL TERM | |
| Topical term or geographic name entry element | Surveillance des menaces informatiques. |
| 650 #6 - SUBJECT ADDED ENTRY--TOPICAL TERM | |
| Topical term or geographic name entry element | Cyberguerre (Science militaire) |
| 650 #7 - SUBJECT ADDED ENTRY--TOPICAL TERM | |
| Topical term or geographic name entry element | Cyber intelligence (Computer security) |
| Source of heading or term | fast |
| 650 #7 - SUBJECT ADDED ENTRY--TOPICAL TERM | |
| Topical term or geographic name entry element | Cyberspace operations (Military science) |
| Source of heading or term | fast |
| 650 #7 - SUBJECT ADDED ENTRY--TOPICAL TERM | |
| Topical term or geographic name entry element | Cyberterrorism |
| General subdivision | Prevention |
| Source of heading or term | fast |
| 776 08 - ADDITIONAL PHYSICAL FORM ENTRY | |
| Relationship information | Print version: |
| Main entry heading | Lee, Martin |
| Title | Cyber threat intelligence |
| Place, publisher, and date of publication | Oxford, UK ; Hoboken, NJ, USA : Wiley, 2023 |
| International Standard Book Number | 9781119861744 |
| Record control number | (DLC) 2022047002 |
| 856 40 - ELECTRONIC LOCATION AND ACCESS | |
| Uniform Resource Identifier | <a href="https://onlinelibrary.wiley.com/doi/book/10.1002/9781119861775">https://onlinelibrary.wiley.com/doi/book/10.1002/9781119861775</a> |
| 938 ## - | |
| -- | YBP Library Services |
| -- | YANK |
| -- | 19686271 |
| 938 ## - | |
| -- | Askews and Holts Library Services |
| -- | ASKH |
| -- | AH41341395 |
| 938 ## - | |
| -- | EBSCOhost |
| -- | EBSC |
| -- | 3590772 |
| 994 ## - | |
| -- | 92 |
| -- | INLUM |
No items available.
