Print version record.

Cover -- Title Page -- Copyright Page -- About the Author -- About the Technical Editors -- Acknowledgments -- Contents at a Glance -- Contents -- Foreword -- Introduction -- Who Should Read This Book -- How This Book Is Organized -- How to Contact Wiley or the Author -- Notes -- Chapter 1 Understanding the Bigger Picture -- Evolving Threat Landscape -- Identifying Threat Actors -- Cyberattack Lifecycle -- Defining Cyber Breach Response -- Events, Alerts, Observations, Incidents, and Breaches -- What Is Cyber Breach Response? -- Identifying Drivers for Cyber Breach Response -- Risk Management

Cyber Threat Intelligence -- Laws and Regulations -- Changing Business Objectives -- Incorporating Cyber Breach Response into a Cybersecurity Program -- Strategic Planning -- Designing a Program -- Implementing Program Components -- Program Operations -- Continual Improvement -- Strategy Development -- Strategic Assessment -- Strategy Definition -- Strategy Execution -- Roadmap Development -- Governance -- Establishing Policies -- Identifying Key Stakeholders -- Business Alignment -- Continual Improvement -- Summary -- Notes -- Chapter 2 Building a Cybersecurity Incident Response Team

Defining a CSIRT -- CSIRT History -- Defining Incident Response Competencies and Functions -- Proactive Functions -- Reactive Functions -- Creating an Incident Response Team -- Creating an Incident Response Mission Statement -- Choosing a Team Model -- Organizing an Incident Response Team -- Hiring and Training Personnel -- Establishing Authority -- Introducing an Incident Response Team to the Enterprise -- Enacting a CSIRT -- Defining a Coordination Model -- Communication Flow -- Assigning Roles and Responsibilities -- Business Functions -- Legal and Compliance

Information Technology Functions -- Senior Management -- Working with Outsourcing Partners -- Outsourcing Considerations -- Establishing Successful Relationships with Vendors -- Summary -- Notes -- Chapter 3 Technology Considerations in Cyber Breach Investigations -- Sourcing Technology -- Comparing Commercial vs. Open Source Tools -- Developing In-House Software Tools -- Procuring Hardware -- Acquiring Forensic Data -- Forensic Acquisition -- Live Response -- Incident Response Investigations in Virtualized Environments -- Traditional Virtualization -- Cloud Computing

Leveraging Network Data in Investigations -- Identifying Forensic Evidence in Enterprise Technology Services -- Domain Name System -- Dynamic Host Configuration Protocol -- Web Servers -- Databases -- Security Tools -- Log Management -- What Is Logging? -- What Is Log Management? -- Log Management Lifecycle -- Collection and Storage -- Managing Logs with a SIEM -- Summary -- Notes -- Chapter 4 Crafting an Incident Response Plan -- Incident Response Lifecycle -- Preparing for an Incident -- Detecting and Analyzing Incidents -- Containment, Eradication, and Recovery -- Post-Incident Activities

Understanding Incident Management

Includes index.

You will be breached'the only question is whether you'll be ready'''' A cyber breach could cost your organization millions of dollars'in 2019, the average cost of a cyber breach for companies was $3.9M, a figure that is increasing 20-30% annually. But effective planning can lessen the impact and duration of an inevitable cyberattack. Cyber Breach Response That Actually Works provides a business-focused methodology that will allow you to address the aftermath of a cyber breach and reduce its impact to your enterprise. This book goes beyond step-by-step instructions for technical staff, focusing on big-picture planning and strategy that makes the most business impact. Inside, you'll learn what drives cyber incident response and how to build effective incident response capabilities. Expert author Andrew Gorecki delivers a vendor-agnostic approach based on his experience with Fortune 500 organizations.-Understand the evolving threat landscape and learn how to address tactical and strategic challenges to build a comprehensive and cohesive cyber breach response program -Discover how incident response fits within your overall information security program, including a look at risk management -Build a capable incident response team and create an actionable incident response plan to prepare for cyberattacks and minimize their impact to your organization -Effectively investigate small and large-scale incidents and recover faster by leveraging proven industry practices -Navigate legal issues impacting incident response, including laws and regulations, criminal cases and civil litigation, and types of evidence and their admissibility in court In addition to its valuable breadth of discussion on incident response from a business strategy perspective, Cyber Breach Response That Actually Works offers information on key technology considerations to aid you in building an effective capability and accelerating investigations to ensure your organization can continue business operations during significant cyber events.

John Wiley and Sons Wiley Online Library: Complete oBooks