Intelligence Driven Incident Response is a great book that provides insight into the evolving field of Defense Intelligence. This book is about the missing link between your cyber defense operations teams, threat intelligence and intelligence to provide the organization with full spectrum defensive capabilities.
The book is an extensive walkthrough that will take the reader from very basic concepts such as Incident Response, Cyber Kill Chain, OODA LOOP and many more into a framework for defensive operations for the modern enterprise.
After the first introductory chapters, the books opens the second part “Practical Application” discussing very interesting and important topics such as:
- Skills requirements for Incident Response Teams and Hunting
- Cyber Counter Attack
- F3EAD ( Find, Fix, Finish, Exploit, Analyse and Disseminate)
- Target Models
- Threat Intelligence Platforms as a niche specific solutions for Defense Intelligence
- Intelligence Analysis frameworks
- Intelligence products
The book is easily a good bible to help boot up an Intelligence program in your organization as it discusses subjects in the operation, tactical and strategic spheres of Cyber defense intelligence. This book suits consultants and managers in charge of articulating an intelligence capacity and/or understand the rest of the parts involved in a modern Intelligence Driven Defence strategy for your organization.
For practitioners, it is a good book to read to understand your fit in the bigger picture but by no means, it is a book that will train you in the last hunting techniques, forensics malware or intelligence analysis. There are better books for that, furthermore, if you fully want to understand and value the content of this fantastic book you should have some degree of experience or knowledge in security operations, incident response or investigations so you can make the most of the subjects presented.
This book is the best book available today on the subject. The reader is transported through the chapters beyond the traditional role of threat intelligence collection and analysis to a state in which the organization’s defensive posture relies on the intelligence of the environment in which it operates. The ideas and framework discussed in this book are not for just any organization, the organization willing to achieve the state of perfection presented in the framework is an organization with at least a robust and mature organizational security program.