Crafting the InfoSec Playbook: Security Monitoring and Incident Response Master Plan


Posted on by Ben Rothke

An extremely important piece of advice in Crafting the InfoSec Playbook: Security Monitoring and Incident Response Master Plan is on page 85, where  authors Jeff Bollinger, Brandon Enright and Matthew Valites write that you will need at least one dedicated and full-time person to analyze your security event data.

When creating programs for information security monitoring and its corresponding incident response plans, far too many firms focus solely on the software, hardware and appliances; not realizing it takes people to make it work. The book shows how to take the potential of them devices, and put them into actuality.  The book notes that it’s not a trivial matter, but it’s not rocket science, and it can be done.

ctip

The premise of the book is that only when you know and can describe exactly what you are trying to protect; can you develop an information security playbook and incident response program.  The book then goes into detail just how to do that.

The book is an extremely valuable reference for anyone who wants to build out a security monitoring and incident program.  The authors take a very hands-on approach on how to develop a strategy to ensure that the process is done effectively, rather than by simply installing a few appliances and hoping for the best.

While the authors are all part of the Cisco Computer Security Incident Response Team, the book takes a vendor agnostic approach to the topic.

Security monitoring and incident response are two critical component of a larger information security program. For those that are serious about building that out, Crafting the InfoSec Playbook: Security Monitoring and Incident Response Master Plan is a great resource to start with.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

978-1-4919-4940-5 1-4919-4940-6   978-1-4919-4939-9    1-4919-4939-2 O'Reilly Media Ben Rothke


Contributors
Ben Rothke

Senior Information Security Manager, Tapad

critical infrastructure data security forensics & e-discovery security operations

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.


Share With Your Community

Related Blogs