Crafting the InfoSec Playbook: Security Monitoring and Incident Response Master Plan 1st Edition

I read this book because it was a requirement for my Cyber Security class at Columbia. I will say that I went in already having a Computer Science degree and 10 years of experience in Software Development, so it was easy for me to navigate the technical concepts that the book touches on without difficulty. Another warning I have about Cyber Security in general is that there are a lot of acronyms to know, and I ended up downloading a flashcard app to help myself memorize them all in order to get through this book and the class itself.If you're thinking about reading it outside of school, I'd recommend it for anyone in a CIO, CISO, or Security Engineer type of role at a company. It's very straightforward and to the point, and it offers specific, detailed, and research backed recommendations for how to establish processes within a company to minimize the risk of a breach. The focus of the book is on how to establish a CIRT (Cyber Incident Response Team), what their responsibilities are and should be, how they should function, how to build a "playbook" for their operations, and ultimately how to best use a dedicated team of analysts and engineers to detect and react to a cyber event within a company. If that's what you're looking for this is a great text. If you want a more general introduction to cyber security then this might not be the only book you want to read.

Very good guide on InfoSec program policy development. I think this should be mandatory for anyone moving 'up the chain' in security. In my role as a consultant, I find that there are smart people doing good things...in silos. This guide is a good foundation for building a program that ties disparate efforts together as a cohesive and effective infosec program. This book continues to be a good reference.I think the book could have been improved with more pictures of alligators and other dangerous reptilian creatures.

This book is kind of old for the tech world and it is a surprise that it has not been updated yet.I gave it 4 stars because: While not cheap, it was not as expensive as other required CyberSec/IT books, the concepts addressed were not hardware specific but rather a learning tool to be used to formulate individualized plans for organizations, and it is written in a well balanced and not so boring manner.

Phenomenal book, chock full of great ideas about how to build and operationalize your SOC. Includes high level concepts as well as detailed technical ideas. Highly recommended for anyone building or improving a security program.

Great book for infosec pros it gives you an advanced insight about the incident response challenges. The idea of a playbook for IR is great.

Excellent.

Great resource, timely and relevant, should be fundamental reading for network security / cyber security professionals. Great job guys!

I'm a DFIR investigator with a fair share of experience in this field and I've always been interested in any books on such topics. As far as I can tell Crafting the InfoSec Playbook wants to be a guideline for how to run a SOC.The first chapters cover very generic facts and best practices around IR and the management of a SOC. During the first 6 chapters I felt like reading Cpt. Obvious notes about running a SOC.The real "action" starts with chapter 7 and it's quite interesting/useful. You can tell the authors have a solid background in IR but the book will be of little help for mature/advanced security teams.

Wer auf der Suche nach einen Buch ist in dem einen viele Tools und Technologien für die Durchführung von Incident Response ist, wird mit diesem Buch nicht glücklich werden.Wer jedoch den Aufbau von einem ganzheitlichen Security Monitoring und Incident Response von der strategischen Seiten her beginnen möchte bekommt mit diesem Buch ein gutes "Playbook" an die Hand.

This is a wonderful book that is of great value to anyone having to do security monitoring. It also wisely determines its direction and sticks to it which is about how to analyse and not about the nuts and bolts technology. Books like Applied Network Security Monitoring can provide a better understanding of that and while the book does not mention specific products or technologies (which it is all the better for) it is wise to make sure however you have the following things in your arsenal to benefit the most from this book's advice:- Intrusion Detection System- Network logs covering different aspects of communications (HTTP, SSL, connections etc). Proxies for instance are valuable for HTTP but if you run bro-ids (now just "BRO") it can provide these logs.- Centalised logging such as with Splunk or elasticsearch/logstash/kibana (ELK) which is free or some other SIEM. Really you need a way to query the data quickly. Into this have your IDS logs, network logs, proxy logs, av logs etc.Now onto the actual book. It provides a great analysis of:- Why to monitor- Methods of ensuring proper monitoring (i.e rather than drilling into the technical basically saying this is what you need to achieve in either technical or process and the path is up to you)- Thought processes about how to analyse data and ensuring you have enough data to quickly confirm or refute a security incident (extra context really can help you eliminate a false positive quickly so as not to waste time).- Ideas for queries, data analysis and so on (without drilling into the technical). This is where having log monitoring in place can be of great use so you can begin applying it.- The book is also more about building and process rather than specific problem/event here is solution. This I feel will allow it to maintain a relevance and not become dated as it teaches you a process in a "teach someone to fish" kind of way and its avoidance of falling into specific technologies, products or problems of the day means it will not become technically irrelevant.The book is very well written and consistent throughout that successfully provides advice, techniques and processes that apply very well to all levels - from someone just starting out, someone setting up a security monitoring program for the first time through to someone with a established and mature security monitoring environment. The book manages to be relevant, informational and insightful to all these groups without feeling like it is leaning towards a certain level or group which is an impressive technical writing feat. I would highly recommend this book to anyone who has to perform security monitoring tasks given its scope

Excellent read, very well written and very useful for benchmarking your own security ops teams.

all good