Eric C. Thompson
Lisle, Illinois, USA
Any source code or other supplementary material referenced by the author in this book is available to readers on GitHub via the books product page, located at www.apress.com/9781484238691 . For more detailed information, please visit http://www.apress.com/source-code .
ISBN 978-1-4842-3869-1 e-ISBN 978-1-4842-3870-7
https://doi.org/10.1007/978-1-4842-3870-7
Library of Congress Control Number: 2018957666
Eric C. Thompson 2018
This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed.
Trademarked names, logos, and images may appear in this book. Rather than use a trademark symbol with every occurrence of a trademarked name, logo, or image we use the names, logos, and images only in an editorial fashion and to the benefit of the trademark owner, with no intention of infringement of the trademark. The use in this publication of trade names, trademarks, service marks, and similar terms, even if they are not identified as such, is not to be taken as an expression of opinion as to whether or not they are subject to proprietary rights.
While the advice and information in this book are believed to be true and accurate at the date of publication, neither the authors nor the editors nor the publisher can accept any legal responsibility for any errors or omissions that may be made. The publisher makes no warranty, express or implied, with respect to the material contained herein.
Distributed to the book trade worldwide by Springer Science+Business Media New York, 233 Spring Street, 6th Floor, New York, NY 10013. Phone 1-800-SPRINGER, fax (201) 348-4505, e-mail orders-ny@springer-sbm.com, or visit www.springeronline.com. Apress Media, LLC is a California LLC and the sole member (owner) is Springer Science + Business Media Finance Inc (SSBM Finance Inc). SSBM Finance Inc is a Delaware corporation.
Introduction
There are two reasons I wrote this book. The first, Ive sat through several incident response table-top exercises and witnessed firsthand how uncomfortable the process is when one does not feel prepared. Second, I read Urban Meyers book above the line, which I felt spoke to me about how to create a culture of preparation, teamwork and no excuses.
This book is not a technical book with deep dives into incident response forensics. You will not learn how to perform and analyze memory dumps here. This work focuses on how to establish an incident response program. It focuses on policy, strategy, people and process. It was written for members of incident response teams building and enhancing the program and for executives and members of management. Stakeholder in incident response not part of IT can read this book and get a sense of what the incident response program should look like.
This book begins by discussing the need for strong incident response capabilities. In this current landscape, cybersecurity programs are judged by the ability to respond to incidents. Necessary protective capabilities must exist and a framework for responding to incidents established. Leadership qualities, strategy development and pre-planning are covered. Each phase of incident response: identification, containment, eradication and recovery are outlined in detail before discussion how to monitor the program using NIST 800-137 is presented.
The book is ends with a story about an incident designed to show how unplanned and unfocused responses leads to worse outcomes.
The reader is left with thoughts on how take action toward building and enhancing the incident response program, and knowledge of how much effort it takes to be successful.