The CISO Guide to Incident Response

Cyber-attacks have the potential to harm an organization's financial posture and reputation, severely restrict its ability to serve its customers, and can also lead to cumbersome regulatory enforcement actions. To survive in a landscape of exponentially increasing cyber-attacks and incidents, organizations require effective and rapid response.

This book is a primer on the incident response function from a CISO's perspective. It details the various best practices for establishing an incident response function, from the setup of a security operations center (SOC) to incident response playbook templates for use by SOC analysts. It discusses the various stages of a cyber-attack, including some recent types of sophisticated cyber-attacks and other common malicious techniques used by threat actors, with instructions on how to detect, analyze, contain and recover from such attacks. Finally, it describes how to run cyber tabletop exercises to simulate (and prepare for) common cyberattacks.