Agile Security Operations: Engineering for agility in cyber defense, detection, and response

Get to grips with security operations through incident response, the ATT&CK framework, active defense, and agile threat intelligence

Key Features:

• Explore robust and predictable security operations based on measurable service performance
• Learn how to improve the security posture and work on security audits
• Discover ways to integrate agile security operations into development and operations

Book Description:

Agile security operations allow organizations to survive cybersecurity incidents, deliver key insights into the security posture of an organization, and operate security as an integral part of development and operations. It is, deep down, how security has always operated at its best.

Agile Security Operations will teach you how to implement and operate an agile security operations model in your organization. The book focuses on the culture, staffing, technology, strategy, and tactical aspects of security operations. You'll learn how to establish and build a team and transform your existing team into one that can execute agile security operations. As you progress through the chapters, you'll be able to improve your understanding of some of the key concepts of security, align operations with the rest of the business, streamline your operations, learn how to report to senior levels in the organization, and acquire funding.

By the end of this Agile book, you'll be ready to start implementing agile security operations, using the book as a handy reference.

What You Will Learn:

• Get acquainted with the changing landscape of security operations
• Understand how to sense an attacker's motives and capabilities
• Grasp key concepts of the kill chain, the ATT&CK framework, and the Cynefin framework
• Get to grips with designing and developing a defensible security architecture
• Explore detection and response engineering
• Overcome challenges in measuring the security posture
• Derive and communicate business values through security operations
• Discover ways to implement security as part of development and business operations

Who this book is for:

This book is for new and established CSOC managers as well as CISO, CDO, and CIO-level decision-makers. If you work as a cybersecurity engineer or analyst, you'll find this book useful. Intermediate-level knowledge of incident response, cybersecurity, and threat intelligence is necessary to get started with the book.

透過事件回應、ATT&CK框架、主動防禦和敏捷威脅情報，深入了解安全運營。

主要特點：
- 探索基於可衡量服務性能的強大且可預測的安全運營。
- 學習如何改善安全姿態並進行安全審計。
- 發現將敏捷安全運營整合到開發和運營中的方法。

書籍描述：
敏捷安全運營使組織能夠在發生網絡安全事件時生存下來，提供對組織安全姿態的關鍵洞察，並將安全作為開發和運營的一部分運作。從根本上講，這就是安全一直以來的最佳運作方式。

《敏捷安全運營》將教你如何在組織中實施和運營敏捷安全運營模型。本書關注安全運營的文化、人員配置、技術、策略和戰術方面。你將學習如何建立和構建一個團隊，並將現有團隊轉變為能夠執行敏捷安全運營的團隊。隨著章節的進展，你將能夠提高對安全的一些關鍵概念的理解，將運營與業務的其他部分對齊，簡化運營流程，學習如何向組織的高層報告並獲得資金支持。

通過閱讀本書，你將準備好開始實施敏捷安全運營，並將本書作為一個方便的參考工具。

你將學到什麼：
- 熟悉安全運營的變化風景。
- 理解如何感知攻擊者的動機和能力。
- 掌握殺伐鏈、ATT&CK框架和Cynefin框架的關鍵概念。
- 熟悉設計和開發可防禦的安全架構。
- 探索檢測和響應工程。
- 克服衡量安全姿態的挑戰。
- 通過安全運營衍生和傳達業務價值。
- 發現將安全作為開發和業務運營的一部分實施的方法。

本書適合對CSOC管理人員以及CISO、CDO和CIO級決策者有興趣的新舊讀者。如果你是一名網絡安全工程師或分析師，你會發現本書很有用。開始閱讀本書需要具備中級級別的事件回應、網絡安全和威脅情報知識。