Intelligence Driven Incident Response is a great book that provides insight into the evolving field of Defense Intelligence. This book is about the missing link between your cyber defence operations teams, threat intelligence and intelligence to provide the organisation with full spectrum defensive capabilities.
The book is an extensive walk through that will take the reader from very basic concepts such as Incident Response, Cyber Kill Chain, OODA LOOP and many more into a framework for defensive operations for the modern enterprise.
After the first introductory chapters the books opens the second part “Practical Application” discussing very interesting and important topics such as:
- Skills requirements for Incident Response Teams and Hunting
- Cyber Counter Attack
- F3EAD ( Find, Fix, Finish, Exploit, Analyse and Disseminate)
- Target Models
- Threat Intelligence Platforms as a niche specific solutions for Defense Intelligence
- Intelligence Analysis frameworks
- Intelligence products
The book is easily a good bible to help boot up an Intelligence program in your organisation as it discusses subjects in the operation, tactical and strategic spheres of Cyber defence intelligence. This book suits consultants and managers in charge of articulating an intelligence capacity and/or understand the rest of the parts involved in a modern Intelligence Driven Defence strategy for your organisation.
For practitioners it is a good book to read to understand your fit in the bigger picture but by no means it is a book that will train you in the last hunting techniques, forensics malware or intelligence analysis. There are better books for that, furthermore if you fully want to understand and value the content of this fantastic book you should have some degree of experience or knowledge in security operations, incident response or investigations so you can make the most of the subjects presented.
This book is the best book available today in the subject. The reader is transported trough the chapters beyond the traditional role of threat intelligence collection and analysis to an state in which the organisation’s defensive posture relies on intelligence of the environment in which it operates. The ideas and framework discussed in this book are not for just any organisation, the organisation willing to achieve the state of perfection presented in the framework is an organisation with at least a robust and mature organisational security program.