▶Book Description
Cyber intelligence is the missing link between your cyber defense operation teams, threat intelligence, and IT operations to provide your organization with a full spectrum of defensive capabilities. This book kicks off with the need for cyber intelligence and why it is required in terms of a defensive framework.
Moving forward, the book provides a practical explanation of the F3EAD protocol with the help of examples. Furthermore, we learn how to go about threat models and intelligence products/frameworks and apply them to real-life scenarios. Based on the discussion with the prospective author I would also love to explore the induction of a tool to enhance the marketing feature and functionality of the book.
By the end of this book, you will be able to boot up an intelligence program in your organization based on the operation and tactical/strategic spheres of Cyber defense intelligence.
▶What You Will Learn
⦁ Learn about the Observe-Orient-Decide-Act (OODA) loop and it's applicability to security
⦁ Understand tactical view of Active defense concepts and their application in today's threat landscape
⦁ Get acquainted with an operational view of the F3EAD process to drive decision making within an organization
⦁ Create a Framework and Capability Maturity Model that integrates inputs and outputs from key functions in an information security organization
⦁ Understand the idea of communicating with the Potential for Exploitability based on cyber intelligence
▶Key Features
⦁ Intelligence processes and procedures for response mechanisms
⦁ Master F3EAD to drive processes based on intelligence
⦁ Threat modeling and intelligent frameworks
⦁ Case studies and how to go about building intelligent teams
▶Who This Book Is For
This book targets incident managers, malware analysts, reverse engineers, digital forensics specialists, and intelligence analysts; experience in, or knowledge of, security operations, incident responses or investigations is desirable so you can make the most of the subjects presented.
▶What this book covers
⦁ Chapter 1, The Need for Cyber Intelligence, introduces a brief history of intelligence use in the military, the different types of intelligence, and the military mindset.
⦁ Chapter 2, Intelligence Development, introduces the intelligence cycle, shows you how intelligence is developed, and how to develop priority information requests.
⦁ Chapter 3, Integrating Cyber Intel, Security, and Operations, introduces OPSEC and lays the foundation for understanding how cyber intelligence can be integrated into Information Security and IT operations.
⦁ Chapter 4, Using Cyber Intelligence to Enable Active Defense, introduces the Cyber Kill Chain and develops another look into how we can utilize cyber intelligence to enable proactive defense measures.
⦁ Chapter 5, F3EAD For You and For Me, introduces how we can use the Find, Fix, Finish, Exploit, Analyze, and Disseminate process that is deployed for high value targets and it's applicability to the Cyber Kill Chain.
⦁ Chapter 6, Integrating Threat Intelligence and Operations, takes a deeper look into how we can develop meaningful and actionable information to stakeholders through incorporating threat intelligence information.
⦁ Chapter 7, Creating the Collaboration Capability, gives an overview of how we can create communication channels to provide cyber intelligence information throughout the organization.
⦁ Chapter 8, The Security Stack, provides a view on how information captured from different security capabilities can be developed into cyber intelligence that supports sound decision making.
⦁ Chapter 9, Driving Cyber Intel, goes into detail on how we can enable the users as another means of collecting and reporting information to develop intelligence packages.
⦁ Chapter 10, Baselines and Anomalies, highlights the complexity of reporting, teaches you how to take a look at entities and their processes horizontally and vertically, and provides a method to integrating an end-to-end continuous monitoring capability.
⦁ Chapter 11, Putting Out the Fires, introduces ways to improve incident response through developing good intelligence communication channels.
⦁ Chapter 12, Vulnerability Management, goes into more detail on a specific capability within InfoSec and how to improve what information gets into the hands of the stakeholders for action.
⦁ Chapter 13, Risky Business, gives a broad overview of risk and how we can use risk management tools and techniques to further improve the information being passed to stakeholders for action.
⦁ Chapter 14, Assigning Metrics, introduces a concept in assigning risk metrics and key risk indicators for an end-to-end process.
⦁ Chapter 15, Wrapping Up, provides a broad overview of the preceding chapters and takes you through an ideal situation, where a cyber intelligence capability is fully functional within an organization.
