- ホーム
- > 洋書
- > 英文書
- > Computer / General
Full Description
Become an end-to-end incident management expert by detecting, triaging, containing, eradicating, and recovering across cloud and IoT/OT, as well as applying NIST/SANS/ATT&CK, legal compliance, AI/ML, and simulations to build resilient operations
Key Features
Master NIST, SANS, and MITRE to standardize and accelerate incident response
Build a resilient IR program spanning cloud, IoT/OT, and legal compliance
Practice real-world incidents with simulations to reduce downtime and damage
Free with your book: PDF Copy, AI Assistant, and Next-Gen Reader
Book DescriptionMastering Security Incident Management is a practical guide to the full incident response (IR) lifecycle. It demystifies what incident management is and why it matters, walking you through leading frameworks, such as NIST, SANS, ISO, and MITRE ATT&CK, so you can build a consistent response program on-premises and on the cloud. You'll learn to prepare teams and plans, detect and triage events, collect evidence, contain and eradicate threats, and recover systems while capturing lessons learned for continuous improvement.
Written for SOC analysts, IR leads, security engineers, and IT managers, this book bridges the gap between theory and practice by stressing on repeatable processes, legal and regulatory readiness, and cloud/IoT realities, with actionable checklists, playbook patterns, and simulation guidance.
By the end of this book, you'll be able to establish or mature an IR program; align it to NIST/ISO/SANS; operationalize ATT&CK-mapped detection; run triage and forensics that stand up in court; contain and eradicate quickly with isolation and patching; recover to defined RTO/RPOs; meet breach-reporting duties; and boost resilience through drills, AI-assisted automation, and data-driven post-mortems, thus turning incidents into lessons and not lasting crises.What you will learn
Build a cross-functional incident response program
Align processes with NIST, ISO, SANS, and ATT&CK
Detect, triage, and analyze incidents using SIEM and EDR
Collect and preserve digital evidence for forensics
Contain outbreaks with isolation and segmentation
Eradicate threats and patch vulnerabilities systematically
Recover systems to meet the defined RTO/RPO and validate
Meet breach-reporting and privacy law obligations
Who this book is forThis book is targeted toward security teams who plan, run, or mature incident response; that is, SOC analysts, incident responders, security engineers, sysadmins/DevOps, IT managers, and aspiring CISOs across cloud, IoT/OT, and regulated industries.
Contents
Table of Contents
Introduction to Incident Management
Incident Management Frameworks
Preparation Phase
Detection and Analysis
Containment and Eradication
Recovery and Lessons Learned
Legal and Regulatory Considerations
Incident Management in the Cloud
Incident Management in IoT and OT Environments
Incident Management Simulation and Training
Incident Management in the Age of AI and ML
Emerging Threats and Future Trends
Case Studies
Conclusion
Appendices
