Log In
Or create an account -> 
Imperial Library
  • Home
  • About
  • News
  • Upload
  • Forum
  • Help
  • Login/SignUp

Index
About This E-Book Title Page Copyright Page About the Authors About the Technical Reviewers Dedications Acknowledgments Contents at a Glance Contents Command Syntax Conventions Introduction
Who Should Read This Book? How This Book Is Organized
Part I: SOC Basics
Chapter 1. Introduction to Security Operations and the SOC
Cybersecurity Challenges
Threat Landscape Business Challenges
Introduction to Information Assurance Introduction to Risk Management Information Security Incident Response
Incident Detection Incident Triage Incident Resolution Incident Closure Post-Incident
SOC Generations
First-Generation SOC Second-Generation SOC Third-Generation SOC Fourth-Generation SOC
Characteristics of an Effective SOC Introduction to Maturity Models Applying Maturity Models to SOC Phases of Building a SOC Challenges and Obstacles Summary References
Chapter 2. Overview of SOC Technologies
Data Collection and Analysis
Data Sources Data Collection Parsing and Normalization Security Analysis
Vulnerability Management
Vulnerability Announcements
Threat Intelligence Compliance Ticketing and Case Management Collaboration SOC Conceptual Architecture Summary References
Part II: The Plan Phase
Chapter 3. Assessing Security Operations Capabilities
Assessment Methodology
Step 1: Identify Business and IT Goals Step 2: Assessing Capabilities Step 3: Collect Information Step 4: Analyze Maturity Levels Step 5: Formalize Findings
Summary References
Chapter 4. SOC Strategy
Strategy Elements
Who Is Involved? SOC Mission SOC Scope Example 1: A Military Organization Example 2: A Financial Organization
SOC Model of Operation
In-House and Virtual SOC
SOC Services SOC Capabilities Roadmap Summary
Part III: The Design Phase
Chapter 5. The SOC Infrastructure
Design Considerations Model of Operation Facilities
SOC Internal Layout Physical Security Video Wall SOC Analyst Services
Active Infrastructure
Network Security Compute Storage Collaboration
Summary References
Chapter 6. Security Event Generation and Collection
Data Collection
Calculating EPS Network Time Protocol Data-Collection Tools Firewalls
Cloud Security
Cisco Meraki Virtual Firewalls
Intrusion Detection and Prevention Systems
Cisco FirePOWER IPS Meraki IPS Snort Host-Based Intrusion Prevention
Routers and Switches Host Systems Mobile Devices Breach Detection
Cisco Advanced Malware Prevention Web Proxies Cloud Proxies
DNS Servers
Exporting DNS
Network Telemetry with Network Flow Monitoring
NetFlow Tools NetFlow from Routers and Switches NetFlow from Security Products NetFlow in the Data Center
Summary References
Chapter 7. Vulnerability Management
Identifying Vulnerabilities Security Services Vulnerability Tools Handling Vulnerabilities
OWASP Risk Rating Methodology The Vulnerability Management Lifecycle
Automating Vulnerability Management
Inventory Assessment Tools Information Management Tools Risk-Assessment Tools Vulnerability-Assessment Tools Report and Remediate Tools Responding Tools
Threat Intelligence
Attack Signatures Threat Feeds Other Threat Intelligence Sources
Summary References
Chapter 8. People and Processes
Key Challenges
Wanted: Rock Stars, Leaders, and Grunts The Weight of Process The Upper and Lower Bounds of Technology
Designing and Building the SOC Team
Starting with the Mission Focusing on Services Determining the Required SOC Roles Working with HR Deciding on Your Resourcing Strategy
Working with Processes and Procedures
Processes Versus Procedures Working with Enterprise Service Management Processes The Positives and Perils of Process Examples of SOC Processes and Procedures
Summary
Part IV: The Build Phase
Chapter 9. The Technology
In-House Versus Virtual SOC Network
Segmentation VPN High Availability Support Contracts
Security
Network Access Control Authentication On-Network Security Encryption
Systems
Operating Systems Hardening Endpoints Endpoint Breach Detection Mobile Devices Servers
Storage
Data-Loss Protection Cloud Storage
Collaboration
Collaboration for Pandemic Events
Technologies to Consider During SOC Design
Firewalls Routers and Switches Network Access Control Web Proxies Intrusion Detection/Prevention
Breach Detection
Honeypots Sandboxes Endpoint Breach Detection Network Telemetry Network Forensics
Final SOC Architecture Summary References
Chapter 10. Preparing to Operate
Key Challenges
People Challenges Process Challenges Technology Challenges
Managing Challenges Through a Well-Managed Transition
Elements of an Effective Service Transition Plan Determining Success Criteria and Managing to Success Managing Project Resources Effectively Marching to Clear and Attainable Requirements Using Simple Checks to Verify That the SOC Is Ready
Summary
Part V: The Operate Phase
Chapter 11. Reacting to Events and Incidents
A Word About Events Event Intake, Enrichment, Monitoring, and Handling
Events in the SIEM Events in the Security Log Management Solution Events in Their Original Habitats Events Through Communications and Collaboration Platforms Working with Events: The Malware Scenario Handling and Investigating the Incident Report Creating and Managing Cases
Closing and Reporting on the Case Summary
Chapter 12. Maintain, Review, and Improve
Reviewing and Assessing the SOC
Determining Scope Scheduled and Ad Hoc Reviews Internal Versus External Assessments Assessment Methodologies
Maintaining and Improving the SOC
Maintaining and Improving Services Maintain and Improving Your Team Maintaining and Improving the SOC Technology Stack
Conclusions
Index Code Snippets
  • ← Prev
  • Back
  • Next →
  • ← Prev
  • Back
  • Next →

Chief Librarian: Las Zenow <zenow@riseup.net>
Fork the source code from gitlab.

This is a mirror of the Tor onion service:
http://kx5thpx2olielkihfyo4jgjqfb7zx7wxr3sd4xzt26ochei4m6f7tayd.onion