An extremely important piece of advice in Crafting the InfoSec Playbook: Security Monitoring and Incident Response Master Plan is on page 85, where authors Jeff Bollinger, Brandon Enright and Matthew Valites write that you will need at least one dedicated and full-time person to analyze your security event data.
When creating programs for information security monitoring and its corresponding incident response plans, far too many firms focus solely on the software, hardware and appliances; not realizing it takes people to make it work. The book shows how to take the potential of them devices, and put them into actuality. The book notes that it’s not a trivial matter, but it’s not rocket science, and it can be done.
The premise of the book is that only when you know and can describe exactly what you are trying to protect; can you develop an information security playbook and incident response program. The book then goes into detail just how to do that.
The book is an extremely valuable reference for anyone who wants to build out a security monitoring and incident program. The authors take a very hands-on approach on how to develop a strategy to ensure that the process is done effectively, rather than by simply installing a few appliances and hoping for the best.
While the authors are all part of the Cisco Computer Security Incident Response Team, the book takes a vendor agnostic approach to the topic.
Security monitoring and incident response are two critical component of a larger information security program. For those that are serious about building that out, Crafting the InfoSec Playbook: Security Monitoring and Incident Response Master Plan is a great resource to start with.
978-1-4919-4940-5 1-4919-4940-6 978-1-4919-4939-9 1-4919-4939-2 O'Reilly Media Ben Rothke