{"product_id":"cyber-breach-response-that-actually-works-isbn-9781119679325","title":"Cyber Breach Response That Actually Works","description":"\u003cp\u003e\u003cb\u003eYou will be breached—the only question is whether you'll be ready     \u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eA cyber breach could cost your organization millions of dollars—in 2019, the average cost of a cyber breach for companies was $3.9M, a figure that is increasing 20-30% annually. But effective planning can lessen the impact and duration of an inevitable cyberattack. \u003ci\u003eCyber Breach Response That Actually Works\u003c\/i\u003e provides a business-focused methodology that will allow you to address the aftermath of a cyber breach and reduce its impact to your enterprise.\u003c\/p\u003e \u003cp\u003eThis book goes beyond step-by-step instructions for technical staff, focusing on big-picture planning and strategy that makes the most business impact. Inside, you’ll learn what drives cyber incident response and how to build effective incident response capabilities. Expert author Andrew Gorecki delivers a vendor-agnostic approach based on his experience with Fortune 500 organizations.\u003c\/p\u003e \u003cul\u003e \u003cli\u003eUnderstand the evolving threat landscape and learn how to address tactical and strategic challenges to build a comprehensive and cohesive cyber breach response program\u003c\/li\u003e \u003cli\u003eDiscover how incident response fits within your overall information security program, including a look at risk management\u003c\/li\u003e \u003cli\u003eBuild a capable incident response team and create an actionable incident response plan to prepare for cyberattacks and minimize their impact to your organization\u003c\/li\u003e \u003cli\u003eEffectively investigate small and large-scale incidents and recover faster by leveraging proven industry practices\u003c\/li\u003e \u003cli\u003eNavigate legal issues impacting incident response, including laws and regulations, criminal cases and civil litigation, and types of evidence and their admissibility in court\u003c\/li\u003e \u003c\/ul\u003e \u003cp\u003eIn addition to its valuable breadth of discussion on incident response from a business strategy perspective, \u003ci\u003eCyber Breach Response That Actually Works \u003c\/i\u003eoffers information on key technology considerations to aid you in building an effective capability and accelerating investigations to ensure your organization can continue business operations during significant cyber events.\u003c\/p\u003e \u003cp\u003eForeword xxiii\u003c\/p\u003e \u003cp\u003eIntroduction xxv\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 1 Understanding the Bigger Picture 1\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eEvolving Threat Landscape 2\u003c\/p\u003e \u003cp\u003eIdentifying Threat Actors 2\u003c\/p\u003e \u003cp\u003eCyberattack Lifecycle 4\u003c\/p\u003e \u003cp\u003eCyberattack Preparation Framework 5\u003c\/p\u003e \u003cp\u003eCyberattack Execution Framework 6\u003c\/p\u003e \u003cp\u003eDefining Cyber Breach Response 8\u003c\/p\u003e \u003cp\u003eEvents, Alerts, Observations, Incidents, and Breaches 9\u003c\/p\u003e \u003cp\u003eEvents 9\u003c\/p\u003e \u003cp\u003eAlerts 9\u003c\/p\u003e \u003cp\u003eObservations 10\u003c\/p\u003e \u003cp\u003eIncidents 10\u003c\/p\u003e \u003cp\u003eBreaches 11\u003c\/p\u003e \u003cp\u003eWhat is Cyber Breach Response? 12\u003c\/p\u003e \u003cp\u003eIdentifying Drivers for Cyber Breach Response 13\u003c\/p\u003e \u003cp\u003eRisk Management 13\u003c\/p\u003e \u003cp\u003eConducting Risk Management 13\u003c\/p\u003e \u003cp\u003eRisk Assessment Process 14\u003c\/p\u003e \u003cp\u003eManaging Residual Risk 17\u003c\/p\u003e \u003cp\u003eCyber Threat Intelligence 18\u003c\/p\u003e \u003cp\u003eWhat is Cyber Threat Intelligence? 18\u003c\/p\u003e \u003cp\u003eImportance of Cyber Threat Intelligence 19\u003c\/p\u003e \u003cp\u003eLaws and Regulations 20\u003c\/p\u003e \u003cp\u003eCompliance Considerations 20\u003c\/p\u003e \u003cp\u003eCompliance Requirements for Cyber Breach Response 21\u003c\/p\u003e \u003cp\u003eChanging Business Objectives 22\u003c\/p\u003e \u003cp\u003eIncorporating Cyber Breach Response into a\u003c\/p\u003e \u003cp\u003eCybersecurity Program 23\u003c\/p\u003e \u003cp\u003eStrategic Planning 23\u003c\/p\u003e \u003cp\u003eDesigning a Program 24\u003c\/p\u003e \u003cp\u003eImplementing Program Components 25\u003c\/p\u003e \u003cp\u003eProgram Operations 26\u003c\/p\u003e \u003cp\u003eContinual Improvement 27\u003c\/p\u003e \u003cp\u003eStrategy Development 27\u003c\/p\u003e \u003cp\u003eStrategic Assessment 28\u003c\/p\u003e \u003cp\u003eGap Analysis 28\u003c\/p\u003e \u003cp\u003eMaturity Assessment 30\u003c\/p\u003e \u003cp\u003eStrategy Definition 32\u003c\/p\u003e \u003cp\u003eVision and Mission Statement 32\u003c\/p\u003e \u003cp\u003eGoals and Objectives 33\u003c\/p\u003e \u003cp\u003eEstablishing Requirements 33\u003c\/p\u003e \u003cp\u003eDefining a Target Operating Model 35\u003c\/p\u003e \u003cp\u003eDeveloping a Business Case and Executive Alignment 35\u003c\/p\u003e \u003cp\u003eStrategy Execution 37\u003c\/p\u003e \u003cp\u003eEnacting an Incident Response Policy 37\u003c\/p\u003e \u003cp\u003eAssigning an Incident Response Team 38\u003c\/p\u003e \u003cp\u003eCreating an Incident Response Plan 38\u003c\/p\u003e \u003cp\u003eDocumenting Legal Requirements 38\u003c\/p\u003e \u003cp\u003eRoadmap Development 39\u003c\/p\u003e \u003cp\u003eGovernance 40\u003c\/p\u003e \u003cp\u003eEstablishing Policies 40\u003c\/p\u003e \u003cp\u003eEnterprise Security Policy 41\u003c\/p\u003e \u003cp\u003eIssue-Specific Policies 41\u003c\/p\u003e \u003cp\u003eIdentifying Key Stakeholders 42\u003c\/p\u003e \u003cp\u003eExecutive Leadership 42\u003c\/p\u003e \u003cp\u003eProject Steering Committee 42\u003c\/p\u003e \u003cp\u003eChief Information Security Officer 43\u003c\/p\u003e \u003cp\u003eStakeholders with Interest in Cyber Breach Response 43\u003c\/p\u003e \u003cp\u003eBusiness Alignment 44\u003c\/p\u003e \u003cp\u003eContinual Improvement 44\u003c\/p\u003e \u003cp\u003eNecessity to Determine if the Program is Effective 45\u003c\/p\u003e \u003cp\u003eChanging Threat Landscape 45\u003c\/p\u003e \u003cp\u003eChanging Business Objectives 45\u003c\/p\u003e \u003cp\u003eSummary 46\u003c\/p\u003e \u003cp\u003eNotes 47\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 2 Building a Cybersecurity Incident Response Team 51\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eDefining a CSIRT 51\u003c\/p\u003e \u003cp\u003eCSIRT History 52\u003c\/p\u003e \u003cp\u003eThe Role of a CSIRT in the Enterprise 52\u003c\/p\u003e \u003cp\u003eDefining Incident Response Competencies and Functions 55\u003c\/p\u003e \u003cp\u003eProactive Functions 55\u003c\/p\u003e \u003cp\u003eDeveloping and Maintaining Procedures 56\u003c\/p\u003e \u003cp\u003eConducting Incident Response Exercises 56\u003c\/p\u003e \u003cp\u003eAssisting with Vulnerability Identification 57\u003c\/p\u003e \u003cp\u003eDeploying, Developing, and Tuning Tools 58\u003c\/p\u003e \u003cp\u003eImplementing Lessons Learned 59\u003c\/p\u003e \u003cp\u003eReactive Functions 59\u003c\/p\u003e \u003cp\u003eDigital Forensics and Incident Response 59\u003c\/p\u003e \u003cp\u003eCyber Threat Intelligence 60\u003c\/p\u003e \u003cp\u003eMalware Analysis 60\u003c\/p\u003e \u003cp\u003eIncident Management 61\u003c\/p\u003e \u003cp\u003eCreating an Incident Response Team 61\u003c\/p\u003e \u003cp\u003eCreating an Incident Response Mission Statement 62\u003c\/p\u003e \u003cp\u003eChoosing a Team Model 62\u003c\/p\u003e \u003cp\u003eCentralized Team Model 63\u003c\/p\u003e \u003cp\u003eDistributed Team Model 64\u003c\/p\u003e \u003cp\u003eHybrid Team Model 65\u003c\/p\u003e \u003cp\u003eAn Integrated Team 66\u003c\/p\u003e \u003cp\u003eOrganizing an Incident Response Team 66\u003c\/p\u003e \u003cp\u003eTiered Model 66\u003c\/p\u003e \u003cp\u003eCompetency Model 68\u003c\/p\u003e \u003cp\u003eHiring and Training Personnel 69\u003c\/p\u003e \u003cp\u003eTechnical Skills 69\u003c\/p\u003e \u003cp\u003eSoft Skills 71\u003c\/p\u003e \u003cp\u003ePros and Cons of Security Certifications 72\u003c\/p\u003e \u003cp\u003eConducting Effective Interviews 73\u003c\/p\u003e \u003cp\u003eRetaining Incident Response Talent 74\u003c\/p\u003e \u003cp\u003eEstablishing Authority 75\u003c\/p\u003e \u003cp\u003eFull Authority 75\u003c\/p\u003e \u003cp\u003eShared Authority 76\u003c\/p\u003e \u003cp\u003eIndirect Authority 76\u003c\/p\u003e \u003cp\u003eNo Authority 76\u003c\/p\u003e \u003cp\u003eIntroducing an Incident Response Team to the Enterprise 77\u003c\/p\u003e \u003cp\u003eEnacting a CSIRT 78\u003c\/p\u003e \u003cp\u003eDefining a Coordination Model 78\u003c\/p\u003e \u003cp\u003eCommunication Flow 80\u003c\/p\u003e \u003cp\u003eIncident Officer 80\u003c\/p\u003e \u003cp\u003eIncident Manager 81\u003c\/p\u003e \u003cp\u003eAssigning Roles and Responsibilities 82\u003c\/p\u003e \u003cp\u003eBusiness Functions 82\u003c\/p\u003e \u003cp\u003eHuman Resources 82\u003c\/p\u003e \u003cp\u003eCorporate Communications 83\u003c\/p\u003e \u003cp\u003eCorporate Security 83\u003c\/p\u003e \u003cp\u003eFinance 84\u003c\/p\u003e \u003cp\u003eOther Business Functions 85\u003c\/p\u003e \u003cp\u003eLegal and Compliance 85\u003c\/p\u003e \u003cp\u003eLegal Counsel 85\u003c\/p\u003e \u003cp\u003eCompliance Functions 86\u003c\/p\u003e \u003cp\u003eInformation Technology Functions 87\u003c\/p\u003e \u003cp\u003eTechnical Groups 87\u003c\/p\u003e \u003cp\u003eDisaster Recovery 88\u003c\/p\u003e \u003cp\u003eOutsourcing Partners and Vendors 89\u003c\/p\u003e \u003cp\u003eSenior Management 89\u003c\/p\u003e \u003cp\u003eWorking with Outsourcing Partners 90\u003c\/p\u003e \u003cp\u003eOutsourcing Considerations 91\u003c\/p\u003e \u003cp\u003eProven Track Record of Success 91\u003c\/p\u003e \u003cp\u003eOffered Services and Capabilities 91\u003c\/p\u003e \u003cp\u003eGlobal Support 92\u003c\/p\u003e \u003cp\u003eSkills and Experience 92\u003c\/p\u003e \u003cp\u003eOutsourcing Costs and Pricing Models 92\u003c\/p\u003e \u003cp\u003eEstablishing Successful Relationships with Vendors 93\u003c\/p\u003e \u003cp\u003eSummary 94\u003c\/p\u003e \u003cp\u003eNotes 95\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 3 Technology Considerations in Cyber Breach Investigations 97\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eSourcing Technology 98\u003c\/p\u003e \u003cp\u003eComparing Commercial vs. Open Source Tools 98\u003c\/p\u003e \u003cp\u003eCommercial Tools 98\u003c\/p\u003e \u003cp\u003eOpen Source Software 98\u003c\/p\u003e \u003cp\u003eOther Considerations 99\u003c\/p\u003e \u003cp\u003eDeveloping In-House Software Tools 100\u003c\/p\u003e \u003cp\u003eProcuring Hardware 101\u003c\/p\u003e \u003cp\u003eAcquiring Forensic Data 102\u003c\/p\u003e \u003cp\u003eForensic Acquisition 102\u003c\/p\u003e \u003cp\u003eOrder of Volatility 103\u003c\/p\u003e \u003cp\u003eDisk Imaging 103\u003c\/p\u003e \u003cp\u003eSystem Memory Acquisition 105\u003c\/p\u003e \u003cp\u003eTool Considerations 106\u003c\/p\u003e \u003cp\u003eForensic Acquisition Use Cases 107\u003c\/p\u003e \u003cp\u003eLive Response 108\u003c\/p\u003e \u003cp\u003eLive Response Considerations 109\u003c\/p\u003e \u003cp\u003eLive Response Tools 109\u003c\/p\u003e \u003cp\u003eLive Response Use Cases 112\u003c\/p\u003e \u003cp\u003eIncident Response Investigations in Virtualized Environments 113\u003c\/p\u003e \u003cp\u003eTraditional Virtualization 115\u003c\/p\u003e \u003cp\u003eCloud Computing 115\u003c\/p\u003e \u003cp\u003eForensic Acquisition 115\u003c\/p\u003e \u003cp\u003eLog Management in Cloud Computing Environments 117\u003c\/p\u003e \u003cp\u003eLeveraging Network Data in Investigations 118\u003c\/p\u003e \u003cp\u003eFirewall Logs and Network Flows 118\u003c\/p\u003e \u003cp\u003eProxy Servers and Web Gateways 120\u003c\/p\u003e \u003cp\u003eFull-Packet Capture 120\u003c\/p\u003e \u003cp\u003eIdentifying Forensic Evidence in Enterprise Technology Services 123\u003c\/p\u003e \u003cp\u003eDomain Name System 123\u003c\/p\u003e \u003cp\u003eDynamic Host Confi guration Protocol 125\u003c\/p\u003e \u003cp\u003eWeb Servers 125\u003c\/p\u003e \u003cp\u003eDatabases 126\u003c\/p\u003e \u003cp\u003eSecurity Tools 127\u003c\/p\u003e \u003cp\u003eIntrusion Detection and Prevention Systems 127\u003c\/p\u003e \u003cp\u003eWeb Application Firewalls 127\u003c\/p\u003e \u003cp\u003eData Loss Prevention Systems 128\u003c\/p\u003e \u003cp\u003eAntivirus Software 128\u003c\/p\u003e \u003cp\u003eEndpoint Detection and Response 129\u003c\/p\u003e \u003cp\u003eHoneypots and Honeynets 129\u003c\/p\u003e \u003cp\u003eLog Management 130\u003c\/p\u003e \u003cp\u003eWhat is Logging? 130\u003c\/p\u003e \u003cp\u003eWhat is Log Management? 132\u003c\/p\u003e \u003cp\u003eLog Management Lifecycle 133\u003c\/p\u003e \u003cp\u003eCollection and Storage 134\u003c\/p\u003e \u003cp\u003eAgent-Based vs. Agentless Collection 134\u003c\/p\u003e \u003cp\u003eLog Management Architectures 135\u003c\/p\u003e \u003cp\u003eManaging Logs with a SIEM 137\u003c\/p\u003e \u003cp\u003eWhat is SIEM? 138\u003c\/p\u003e \u003cp\u003eSIEM Considerations 139\u003c\/p\u003e \u003cp\u003eSummary 140\u003c\/p\u003e \u003cp\u003eNotes 141\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 4 Crafting an Incident Response Plan 143\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eIncident Response Lifecycle 143\u003c\/p\u003e \u003cp\u003ePreparing for an Incident 144\u003c\/p\u003e \u003cp\u003eDetecting and Analyzing Incidents 145\u003c\/p\u003e \u003cp\u003eDetection and Triage 146\u003c\/p\u003e \u003cp\u003eAnalyzing Incidents 146\u003c\/p\u003e \u003cp\u003eContainment, Eradication, and Recovery 147\u003c\/p\u003e \u003cp\u003eContaining a Breach 147\u003c\/p\u003e \u003cp\u003eEradicating a Threat Actor 148\u003c\/p\u003e \u003cp\u003eRecovering Business Operations 149\u003c\/p\u003e \u003cp\u003ePost-Incident Activities 149\u003c\/p\u003e \u003cp\u003eUnderstanding Incident Management 150\u003c\/p\u003e \u003cp\u003eIdentifying Process Components 151\u003c\/p\u003e \u003cp\u003eDefining a Process 151\u003c\/p\u003e \u003cp\u003eProcess Controls 153\u003c\/p\u003e \u003cp\u003eProcess Enablers 155\u003c\/p\u003e \u003cp\u003eProcess Interfaces 155\u003c\/p\u003e \u003cp\u003eRoles and Responsibilities 158\u003c\/p\u003e \u003cp\u003eService Levels 159\u003c\/p\u003e \u003cp\u003eIncident Management Workfl ow 160\u003c\/p\u003e \u003cp\u003eSources of Incident Notifi cations 160\u003c\/p\u003e \u003cp\u003eIncident Classifi cation and Documentation 162\u003c\/p\u003e \u003cp\u003eIncident Categorization 163\u003c\/p\u003e \u003cp\u003eSeverity Assignment 163\u003c\/p\u003e \u003cp\u003eCapturing Incident Information 167\u003c\/p\u003e \u003cp\u003eIncident Escalations 169\u003c\/p\u003e \u003cp\u003eHierarchical Escalations 169\u003c\/p\u003e \u003cp\u003eFunctional Escalation 169\u003c\/p\u003e \u003cp\u003eCreating and Managing Tasks 169\u003c\/p\u003e \u003cp\u003eMajor Incidents 170\u003c\/p\u003e \u003cp\u003eIncident Closure 171\u003c\/p\u003e \u003cp\u003eCrafting an Incident Response Playbook 171\u003c\/p\u003e \u003cp\u003ePlaybook Overview 171\u003c\/p\u003e \u003cp\u003eIdentifying Workfl ow Components 173\u003c\/p\u003e \u003cp\u003eDetection 173\u003c\/p\u003e \u003cp\u003eAnalysis 174\u003c\/p\u003e \u003cp\u003eContainment and Eradication 176\u003c\/p\u003e \u003cp\u003eRecovery 176\u003c\/p\u003e \u003cp\u003eOther Workflow Components 177\u003c\/p\u003e \u003cp\u003ePost-Incident Evaluation 177\u003c\/p\u003e \u003cp\u003eVulnerability Management 177\u003c\/p\u003e \u003cp\u003ePurpose and Objectives 178\u003c\/p\u003e \u003cp\u003eVulnerability Management Lifecycle 178\u003c\/p\u003e \u003cp\u003eIntegrating Vulnerability Management and Risk Management 180\u003c\/p\u003e \u003cp\u003eLessons Learned 180\u003c\/p\u003e \u003cp\u003eLessons-Learned Process Components 181\u003c\/p\u003e \u003cp\u003eConducting a Lessons-Learned Meeting 183\u003c\/p\u003e \u003cp\u003eContinual Improvement 184\u003c\/p\u003e \u003cp\u003eContinual Improvement Principles 184\u003c\/p\u003e \u003cp\u003eThe Deming Cycle 184\u003c\/p\u003e \u003cp\u003eDIKW Hierarchy 185\u003c\/p\u003e \u003cp\u003eThe Seven-Step Improvement Process 187\u003c\/p\u003e \u003cp\u003eStep 1: Define a Vision for Improvement 188\u003c\/p\u003e \u003cp\u003eStep 2: Define Metrics 188\u003c\/p\u003e \u003cp\u003eStep 3: Collect Data 189\u003c\/p\u003e \u003cp\u003eStep 4: Process Data 190\u003c\/p\u003e \u003cp\u003eStep 5: Analyze Information 191\u003c\/p\u003e \u003cp\u003eStep 6: Assess Findings and Create Plan 191\u003c\/p\u003e \u003cp\u003eStep 7: Implement the plan 192\u003c\/p\u003e \u003cp\u003eSummary 192\u003c\/p\u003e \u003cp\u003eNotes 193\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 5 Investigating and Remediating Cyber Breaches 195\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eInvestigating Incidents 196\u003c\/p\u003e \u003cp\u003eDetermine Objectives 197\u003c\/p\u003e \u003cp\u003eAcquire and Preserve Data 198\u003c\/p\u003e \u003cp\u003ePerform Analysis 200\u003c\/p\u003e \u003cp\u003eContain and Eradicate 202\u003c\/p\u003e \u003cp\u003eConducting Analysis 202\u003c\/p\u003e \u003cp\u003eDigital Forensics 203\u003c\/p\u003e \u003cp\u003eDigital Forensics Disciplines 203\u003c\/p\u003e \u003cp\u003eTimeline Analysis 205\u003c\/p\u003e \u003cp\u003eOther Considerations in Digital Forensics 206\u003c\/p\u003e \u003cp\u003eCyber Threat Intelligence 207\u003c\/p\u003e \u003cp\u003eCyber Threat Intelligence Lifecycle 208\u003c\/p\u003e \u003cp\u003eIdentifying Attacker Activity with Cyber Threat Intelligence 209\u003c\/p\u003e \u003cp\u003eCategorizing Indicators 212\u003c\/p\u003e \u003cp\u003eMalware Analysis 214\u003c\/p\u003e \u003cp\u003eClassifying Malware 214\u003c\/p\u003e \u003cp\u003eStatic Analysis 216\u003c\/p\u003e \u003cp\u003eDynamic Analysis 217\u003c\/p\u003e \u003cp\u003eMalware Analysis and Cyber Threat Intelligence 217\u003c\/p\u003e \u003cp\u003eThreat Hunting 218\u003c\/p\u003e \u003cp\u003ePrerequisites to Threat Hunting 218\u003c\/p\u003e \u003cp\u003eThreat Hunting Lifecycle 219\u003c\/p\u003e \u003cp\u003eReporting 221\u003c\/p\u003e \u003cp\u003eEvidence Types 223\u003c\/p\u003e \u003cp\u003eSystem Artifacts 223\u003c\/p\u003e \u003cp\u003ePersistent Artifacts 223\u003c\/p\u003e \u003cp\u003eVolatile Artifacts 225\u003c\/p\u003e \u003cp\u003eNetwork Artifacts 226\u003c\/p\u003e \u003cp\u003eSecurity Alerts 227\u003c\/p\u003e \u003cp\u003eRemediating Incidents 228\u003c\/p\u003e \u003cp\u003eRemediation Process 229\u003c\/p\u003e \u003cp\u003eEstablishing a Remediation Team 230\u003c\/p\u003e \u003cp\u003eRemediation Lead 231\u003c\/p\u003e \u003cp\u003eRemediation Owner 232\u003c\/p\u003e \u003cp\u003eRemediation Planning 233\u003c\/p\u003e \u003cp\u003eBusiness Considerations 233\u003c\/p\u003e \u003cp\u003eTechnology Considerations 234\u003c\/p\u003e \u003cp\u003eLogistics 235\u003c\/p\u003e \u003cp\u003eAssessing Readiness 235\u003c\/p\u003e \u003cp\u003eConsequences of Alerting the Attacker 236\u003c\/p\u003e \u003cp\u003eDeveloping an Execution Plan 237\u003c\/p\u003e \u003cp\u003eContainment and Eradication 238\u003c\/p\u003e \u003cp\u003eContainment 238\u003c\/p\u003e \u003cp\u003eEradication 239\u003c\/p\u003e \u003cp\u003eMonitoring for Attacker Activity 240\u003c\/p\u003e \u003cp\u003eSummary 241\u003c\/p\u003e \u003cp\u003eNotes 242\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 6 Legal and Regulatory Considerations in Cyber Breach Response 243\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eUnderstanding Breaches from a Legal Perspective 244\u003c\/p\u003e \u003cp\u003eLaws, Regulations, and Standards 244\u003c\/p\u003e \u003cp\u003eUnited States 245\u003c\/p\u003e \u003cp\u003eEuropean Union 246\u003c\/p\u003e \u003cp\u003eStandards 246\u003c\/p\u003e \u003cp\u003eMateriality in Financial Disclosure 247\u003c\/p\u003e \u003cp\u003eCyber Attribution 248\u003c\/p\u003e \u003cp\u003eMotive, Opportunity, Means 248\u003c\/p\u003e \u003cp\u003eAttributing a Cyber Attack 249\u003c\/p\u003e \u003cp\u003eEngaging Law Enforcement 251\u003c\/p\u003e \u003cp\u003eCyber Insurance 252\u003c\/p\u003e \u003cp\u003eCollecting Digital Evidence 252\u003c\/p\u003e \u003cp\u003eWhat is Digital Evidence? 253\u003c\/p\u003e \u003cp\u003eDigital Evidence Lifecycle 253\u003c\/p\u003e \u003cp\u003eInformation Governance 254\u003c\/p\u003e \u003cp\u003eIdentification 254\u003c\/p\u003e \u003cp\u003ePreservation 255\u003c\/p\u003e \u003cp\u003eCollection 255\u003c\/p\u003e \u003cp\u003eProcessing 255\u003c\/p\u003e \u003cp\u003eReviewing 256\u003c\/p\u003e \u003cp\u003eAnalysis 256\u003c\/p\u003e \u003cp\u003eProduction 257\u003c\/p\u003e \u003cp\u003ePresentation 258\u003c\/p\u003e \u003cp\u003eAdmissibility of Digital Evidence 258\u003c\/p\u003e \u003cp\u003eFederal Rules of Evidence 258\u003c\/p\u003e \u003cp\u003eTypes of Evidence 260\u003c\/p\u003e \u003cp\u003eDirect Evidence 260\u003c\/p\u003e \u003cp\u003eCircumstantial Evidence 260\u003c\/p\u003e \u003cp\u003eAdmission of Digital Evidence in Court 261\u003c\/p\u003e \u003cp\u003eEvidence Rules 261\u003c\/p\u003e \u003cp\u003eHearsay Rule 261\u003c\/p\u003e \u003cp\u003eBusiness Records Exemption Rule 262\u003c\/p\u003e \u003cp\u003eBest Evidence 262\u003c\/p\u003e \u003cp\u003eWorking with Legal Counsel 263\u003c\/p\u003e \u003cp\u003eAttorney-Client Privilege 263\u003c\/p\u003e \u003cp\u003eAttorney Work-Product 264\u003c\/p\u003e \u003cp\u003eNon-testifying Expert Privilege 264\u003c\/p\u003e \u003cp\u003eLitigation Hold 265\u003c\/p\u003e \u003cp\u003eEstablishing a Chain of Custody 265\u003c\/p\u003e \u003cp\u003eWhat is a Chain of Custody? 266\u003c\/p\u003e \u003cp\u003eEstablishing a Defensible Protocol 266\u003c\/p\u003e \u003cp\u003eTraditional Forensic Acquisition 267\u003c\/p\u003e \u003cp\u003eLive Response and Logical Acquisition 268\u003c\/p\u003e \u003cp\u003eDocumenting a Defensible Protocol 269\u003c\/p\u003e \u003cp\u003eDocumentation 269\u003c\/p\u003e \u003cp\u003eAccuracy 270\u003c\/p\u003e \u003cp\u003eAuditability and Reproducibility 270\u003c\/p\u003e \u003cp\u003eCollection Methods 270\u003c\/p\u003e \u003cp\u003eData Privacy and Cyber Breach Investigations 271\u003c\/p\u003e \u003cp\u003eWhat is Data Privacy? 271\u003c\/p\u003e \u003cp\u003eHandling Personal Data During Investigations 272\u003c\/p\u003e \u003cp\u003eEnacting a Policy to Support Investigations 272\u003c\/p\u003e \u003cp\u003eCyber Breach Investigations and GDPR 273\u003c\/p\u003e \u003cp\u003eData Processing and Cyber Breach Investigations 274\u003c\/p\u003e \u003cp\u003eEstablishing a Lawful Basis for the Processing of Personal Data 275\u003c\/p\u003e \u003cp\u003eTerritorial Transfer of Personal Data 276\u003c\/p\u003e \u003cp\u003eSummary 277\u003c\/p\u003e \u003cp\u003eNotes 278\u003c\/p\u003e \u003cp\u003eIndex 281\u003c\/p\u003e  \u003cp\u003e\u003cb\u003eAndrew Gorecki\u003c\/b\u003e is a cybersecurity professional with experience across various IT and cybersecurity disciplines, including engineering, operations, and incident response. Originally from Europe, he provided consulting services across various industry sectors in the U.S., the UK, and other European countries. At the time of writing, he manages a team of incident response consultants within the X-Force IRIS competency of IBM Security where he leads investigations into large-scale breaches for Fortune 500 organizations, delivers proactive incident response services, and provides executive-level consulting on building and optimizing incident response programs.   \u003c\/p\u003e\u003cp\u003e\u003cb\u003eAN ESSENTIAL GUIDE FOR ORGANIZATIONAL LEADERS ON BUILDING AN EFFECTIVE CYBER BREACH RESPONSE PROGRAM AND MANAGING RESIDUAL RISK\u003c\/b\u003e \u003c\/p\u003e\u003cp\u003eDestructive ransomware attacks, disastrous data breaches, and a host of other cyber events are now headline news, negatively impacting numerous companies and millions of individuals around the world. Now more than ever, it is crucial that organizations prepare for cyberattacks and increase their cyber resilience as they expand their digital footprint and online presence. Cyber risk is no longer a hypothetical factor in the decision making process—senior managers, Chief Security Officers, and other key leaders need to understand the organizational aspects of cyber incident response to prepare for significant cyber events, deal with the repercussions of a security breach, and minimize the impact of a cybersecurity attack. \u003c\/p\u003e\u003cp\u003e\u003ci\u003eCyber Breach Response That Actually Works\u003c\/i\u003e is an authoritative source of information on building and managing a cyber breach response program\u003ci\u003e.\u003c\/i\u003e Rather than focusing on overly technical, step-by-step investigation and remediation techniques, this accessible resource discusses the bigger picture of where incident response fits within an overall security program, and provides the tools necessary for designing and implementing a program from a governance perspective\u003ci\u003e.\u003c\/i\u003e Clear and concise chapters, assuming only a basic knowledge of cybersecurity and risk management concepts, provide a framework-agnostic approach for managing residual risk through cyber incident response, creating an effective and holistic strategy, and building capabilities that meet organizational needs. \u003c\/p\u003e\u003cp\u003eWritten by a security professional with years of practical incident response experience with Fortune 500 companies, this real-world guide covers incident response strategy, governance, incident management, breach investigations, laws and regulations, and more. You will be breached; it is inevitable. \u003ci\u003eCyber Breach Response That Actually Works\u003c\/i\u003e will help you be ready when it happens. \u003c\/p\u003e\u003cp\u003e\u003cb\u003e\u003ci\u003eCyber Breach Response That Actually Works\u003c\/i\u003e\u003c\/b\u003e\u003cb\u003e explains how to:\u003c\/b\u003e \u003c\/p\u003e\u003cul\u003e \u003cli\u003eIdentify drivers for cyber breach response and create a sound strategy\u003c\/li\u003e \u003cli\u003eBuild an effective Cyber Security Incident Response Team (CSIRT)\u003c\/li\u003e \u003cli\u003eIncrease cyber resilience through planning and preparedness\u003c\/li\u003e \u003cli\u003eMinimize the impact of cyberattacks\u003c\/li\u003e \u003cli\u003eDecrease the cost of cyberattack response\u003c\/li\u003e \u003cli\u003eBuild a technology toolkit to accelerate response activities\u003c\/li\u003e \u003cli\u003eEffectively investigate breaches and hunt for threats\u003c\/li\u003e \u003c\/ul\u003e","brand":"Wiley","offers":[{"title":"Default Title","offer_id":47989017477349,"sku":"NP9781119679325","price":45.0,"currency_code":"USD","in_stock":false}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/1842\/7735\/files\/9781119679325.jpg?v=1761782453","url":"https:\/\/k12savings.com\/es\/products\/cyber-breach-response-that-actually-works-isbn-9781119679325","provider":"K12savings","version":"1.0","type":"link"}