The Intelligence Handbook: A Roadmap for Building an Intelligence-Led Security Program [4 ed.] 9781737161820, 9781737161837
The Intelligence Handbook: A Roadmap for Building an Intelligence-Led Security Program.
254 62 14MB
English Pages 198 Year 2022
![The Intelligence Handbook: A Roadmap for Building an Intelligence-Led Security Program [4 ed.]
9781737161820, 9781737161837](https://dokumen.pub/img/200x200/the-intelligence-handbook-a-roadmap-for-building-an-intelligence-led-security-program-4nbsped-9781737161820-9781737161837.jpg)
- Author / Uploaded
- CyberEdge Group
- LLC
- Commentary
- decrypted from E3770494CC5CB4E9C3ECF609C3292F25 source file
Table of contents :
The Intelligence Handbook, Fourth Edition
Acknowledgements
Table of Contents
Foreword to the Fourth Edition
Introduction
Section 1: What Is Intelligence for Security Teams?
Chapter 1: What Is Intelligence for Security Teams?
Visibility Into Threats Before They Strike
Intelligence: Actionable Facts and Insights
Intelligence: The Process
Who Benefits From Intelligence?
Chapter 2: Types and Sources
Two Types of Intelligence
The Role of Threat Data Feeds
The Role of Private Channels and the Dark Web
Chapter 3: The Intelligence Life Cycle
The Six Phases of the Intelligence Life Cycle
Tools and People
Section 2: Applications of Intelligence for Security Teams
Chapter 4: SecOps Intelligence Part 1 – Triage
Responsibilities of the SecOps Team
The Overwhelming Volume of Alerts
Context Is King
Shortening the “Time to No”
Chapter 5: SecOps Intelligence Part 2 – Response
Continuing Challenges
The Reactivity Problem
Minimizing Reactivity in Incident Response
Strengthening Incident Response With Intelligence
SecOps Intelligence in Action
Essential Characteristics of SecOps Intelligence for Incident Response
Chapter 6: Vulnerability Intelligence
The Vulnerability Problem by the Numbers
Assess Risk Based on Exploitability
The Genesis of Intelligence for Security Teams: Vulnerability Databases
Vulnerability Intelligence and Real Risk
Sources of Intelligence
Use Cases for Cross-Referencing Intelligence
Bridging the Risk Gaps Among Security, Operations, and Business Leadership
Chapter 7: Threat Intelligence Part 1 – Knowing Attackers
Our Definition of “Threat Intelligence”
Understand Your Enemy
Criminal Communities and the Dark Web
Connecting the Dots
Use Case: More Comprehensive Incident Response
Use Case: Proactive Threat Hunting
Use Case: Advance Warning of Payment Fraud
Chapter 8: Threat Intelligence Part 2 – Risk Analysis
The FAIR Risk Model
Intelligence and Threat Probabilities
Intelligence and the Financial Cost of Attacks
Chapter 9: Third-Party Intelligence
Third-Party Risk Looms Large
Traditional Risk Assessments Fall Short
What to Look for in Third-Party Intelligence
Monitor Third Parties for These Five Critical Risks
Responding to High Third-Party Risk Scores
Chapter 10: Brand Intelligence
A Different Kind of Detection
Uncovering Evidence of Brand Impersonation and Abuse
Uncovering Evidence of Breaches on the Web
Critical Qualities for Brand Intelligence Solutions
Chapter 11: Geopolitical Intelligence
What Is Geopolitical Risk?
Geopolitical Intelligence
Who Uses Geopolitical Intelligence?
Data Collection With Geofencing
Data and Information Sources
Automation, Analytics, and Expertise
Interacting With Geopolitical Intelligence
Geopolitics and Cyber Threats
Chapter 12: Fraud Intelligence
Fraud Intelligence and Risk Assessment
Monitor Card Portfolio Exposure and Leaked Credentials
Identify Compromised Common Points of Purchase
Monitor Websites for Magecart and Other Attacks
Identify Signals
The ROI of Fraud Intelligence
Chapter 13: Identity Intelligence
Protecting Authentication
A Plan to Protect Identities
Sources for Stolen Identities
High-Volume Triage
Using Identity Information
Chapter 14: Attack Surface Intelligence
Your Digital Attack Surface Is Bigger Than You Think
Discovering Internet-Facing Assets
Analyzing the Exposed Assets
Continuously Monitoring the Attack Surface
Who Uses Attack Surface Intelligence?
Chapter 15: Intelligence for Security Leaders
Risk Management
Mitigation: People, Processes, and Tools
Investment
Communication
Supporting Security Leaders
The Security Skills Gap
Chapter 16: Intelligence for Prioritizing Emerging Threats
Planning for Next Year Today
Using Attack Life Cycles to Assess Risks
Deepfakes: Fraud’s Next Frontier
Insider Recruitment for Fraud
Databases and Network Access for Sale
Section 3: Creating and Scaling Your Intelligence Program
Chapter 17: Analytical Frameworks for Intelligence
The Lockheed Martin Cyber Kill Chain®
The Diamond Model
The MITRE ATT&CK™ Framework
Chapter 18: Intelligence Data Sources and Types: A Framework
A Framework for Intelligence Data
Initial Access
Lateral Movement, Escalation, and Reconnaissance
Data Exfiltration
Ransomware Payload Drop
A Flexible Framework
Chapter 19: Your Intelligence Journey
Don’t Start With Threat Feeds
Clarify Your Intelligence Needs and Goals
Key Success Factors
Start Simple and Scale Up
Chapter 20: Developing Your Core Intelligence Team
Dedicated, but Not Necessarily Separate
Core Competencies
Collecting and Enriching Threat Data
Engaging With Intelligence Communities
Conclusion: Using Intelligence to Disrupt Adversaries
Key Takeaways From the Book
Back cover
![The Startup Players Handbook: A Roadmap to Building SaaS and Software Companies [1st ed.]
9781484293171, 1484293177](https://dokumen.pub/img/200x200/the-startup-players-handbook-a-roadmap-to-building-saas-and-software-companies-1st-ed-9781484293171-1484293177.jpg)
