Название: Cybersecurity Operations and Fusion Centers: A Comprehensive Guide to SOC and TIC Strategy Автор: Kevin Lynn McLaughlin Издательство: CRC Press Год: 2024 Страниц: 137 Язык: английский Формат: pdf (true) Размер: 10.1 MB
Cybersecurity Operations and Fusion Centers: A Comprehensive Guide to SOC and TIC Strategy by Dr. Kevin Lynn McLaughlin is a must-have resource for anyone involved in the establishment and operation of a Cybersecurity Operations and Fusion Center (SOFC). Think of a combination cybersecurity SOC and cybersecurity Threat Intelligence Center (TIC). In this book, Dr. McLaughlin, who is a well-respected cybersecurity expert, provides a comprehensive guide to the critical importance of having an SOFC and the various options available to organizations to either build one from scratch or purchase a ready-made solution. The author takes the reader through the crucial steps of designing an SOFC model, offering expert advice on selecting the right partner, allocating resources, and building a strong and effective team. The book also provides an in-depth exploration of the design and implementation of the SOFC infrastructure and toolset, including the use of virtual tools, the physical security of the SOFC, and the impact of COVID-19 on remote workforce operations. A bit of gamification is described in the book as a way to motivate and maintain teams of high-performing and well-trained cybersecurity professionals.
The day-to-day operations of an SOFC are also thoroughly examined, including the monitoring and detection process, security operations (SecOps), and incident response and remediation. The book highlights the significance of effective reporting in driving improvements in an organization’s security posture.
With its comprehensive analysis of all aspects of the SOFC, from team building to incident response, this book is an invaluable resource for anyone looking to establish and operate a successful SOFC. Whether you are a security analyst, senior analyst, or executive, this book will provide you with the necessary insights and strategies to ensure maximum performance and long-term success for your SOFC. By having this book as your guide, you can rest assured that you have the knowledge and skills necessary to protect an organization’s data, assets, and operations.
The cybersecurity analyst toolkit is a collection of tools and resources that SOFC analysts and team leaders use daily. These tools include various software applications, scripts, and command- line utilities that are used to monitor and detect potential threats. They also include various reference materials such as threat intelligence feeds, intrusion detection system, intrusion prevention system rules, and incident response plans. To maximize the efficiency and effectiveness of their work, a cybersecurity analyst toolkit should do the following:
• Include a comprehensive suite of cybersecurity tools. These tools should be able to collect, analyze, and visualize data from various sources, such as network traffic, endpoints, and cloud services. Some examples of tools that could be included in such a toolkit include: • Network traffic analyzers such as Wireshark, Netcat, or Tcpdump. • Endpoint protection solutions such as Windows Defender or McAfee. • Cloud security tools such as AWS GuardDuty, Orca, or Google Cloud Security Command Center. • Security Information and Event Management solutions such as Splunk or LogRhythm or Sentinel. • Threat intelligence platforms such as ThreatConnect or Recorded Future. • Comprehensive platforms such as Palo Alto or Tanium. • Employ advanced analytics, such as Machine Learning algorithms, and Artificial Intelligence capabilities to detect anomalies, identify potential threats, and alert incident response teams. • Implement effective incident response processes and procedures to ensure incidents are quickly and effectively contained and mitigated.
Preface Part 1 Building and Deployment 1. Cybersecurity Operations & Fusion Center: Why Do You Need One. 2. Designing the Model. 3. Building the Core Team. Part 2 Tools & Operations 4. Infrastructure and Toolset. 5. Cybersecurity Operations & Fusion Center: Why Do You Need One. 6. Security Operations or SecOps. 7. Detection, Response and Remediation. Part 3 Reporting & Metrics 8. Reporting. 9. Metrics. Part 4 Leadership Alignment & Support 10. Alignment and Support. 11. Key Components of a Turnkey Solution. 12. Conclusion. Appendix A: Templates. Appendix B: List of Acronyms. Appendix C: References. Index
Скачать Cybersecurity Operations and Fusion Centers: A Comprehensive Guide to SOC and TIC Strategy
Внимание
Уважаемый посетитель, Вы зашли на сайт как незарегистрированный пользователь.
Мы рекомендуем Вам зарегистрироваться либо войти на сайт под своим именем.