Bezpieczeństwo systemów
Oleg Skulkin
Ransomware attacks have become the strongest and most persistent threat for many companies around the globe. Building an effective incident response plan to prevent a ransomware attack is crucial and may help you avoid heavy losses. Incident Response Techniques for Ransomware Attacks is designed to help you do just that.This book starts by discussing the history of ransomware, showing you how the threat landscape has changed over the years, while also covering the process of incident response in detail. You’ll then learn how to collect and produce ransomware-related cyber threat intelligence and look at threat actor tactics, techniques, and procedures. Next, the book focuses on various forensic artifacts in order to reconstruct each stage of a human-operated ransomware attack life cycle. In the concluding chapters, you’ll get to grips with various kill chains and discover a new one: the Unified Ransomware Kill Chain.By the end of this ransomware book, you’ll be equipped with the skills you need to build an incident response strategy for all ransomware attacks.
Roberto Martinez
With constantly evolving cyber threats, developing a cybersecurity incident response capability to identify and contain threats is indispensable for any organization regardless of its size. This book covers theoretical concepts and a variety of real-life scenarios that will help you to apply these concepts within your organization.Starting with the basics of incident response, the book introduces you to professional practices and advanced concepts for integrating threat hunting and threat intelligence procedures in the identification, contention, and eradication stages of the incident response cycle. As you progress through the chapters, you'll cover the different aspects of developing an incident response program. You'll learn the implementation and use of platforms such as TheHive and ELK and tools for evidence collection such as Velociraptor and KAPE before getting to grips with the integration of frameworks such as Cyber Kill Chain and MITRE ATT&CK for analysis and investigation. You'll also explore methodologies and tools for cyber threat hunting with Sigma and YARA rules.By the end of this book, you'll have learned everything you need to respond to cybersecurity incidents using threat intelligence.
Pascal Ackerman
With Industrial Control Systems (ICS) expanding into traditional IT space and even into the cloud, the attack surface of ICS environments has increased significantly, making it crucial to recognize your ICS vulnerabilities and implement advanced techniques for monitoring and defending against rapidly evolving cyber threats to critical infrastructure. This second edition covers the updated Industrial Demilitarized Zone (IDMZ) architecture and shows you how to implement, verify, and monitor a holistic security program for your ICS environment.You'll begin by learning how to design security-oriented architecture that allows you to implement the tools, techniques, and activities covered in this book effectively and easily. You'll get to grips with the monitoring, tracking, and trending (visualizing) and procedures of ICS cybersecurity risks as well as understand the overall security program and posture/hygiene of the ICS environment. The book then introduces you to threat hunting principles, tools, and techniques to help you identify malicious activity successfully. Finally, you'll work with incident response and incident recovery tools and techniques in an ICS environment.By the end of this book, you'll have gained a solid understanding of industrial cybersecurity monitoring, assessments, incident response activities, as well as threat hunting.
Industrial Cybersecurity. Efficiently secure critical infrastructure systems
Pascal Ackerman
With industries expanding, cyber attacks have increased significantly. Understanding your control system’s vulnerabilities and learning techniques to defend critical infrastructure systems from cyber threats is increasingly important. With the help of real-world use cases, this book will teach you the methodologies and security measures necessary to protect critical infrastructure systems and will get you up to speed with identifying unique challenges.Industrial cybersecurity begins by introducing Industrial Control System (ICS) technology, including ICS architectures, communication media, and protocols. This is followed by a presentation on ICS (in) security. After presenting an ICS-related attack scenario, securing of the ICS is discussed, including topics such as network segmentation, defense-in-depth strategies, and protective solutions. Along with practical examples for protecting industrial control systems, this book details security assessments, risk management, and security program development. It also covers essential cybersecurity aspects, such as threat detection and access management. Topics related to endpoint hardening such as monitoring, updating, and anti-malware implementations are also discussed.
Darren Death
Information Security Handbook is a practical guide that’ll empower you to take effective actions in securing your organization’s assets. Whether you are an experienced security professional seeking to refine your skills or someone new to the field looking to build a strong foundation, this book is designed to meet you where you are and guide you toward improving your understanding of information security.Each chapter addresses the key concepts, practical techniques, and best practices to establish a robust and effective information security program. You’ll be offered a holistic perspective on securing information, including risk management, incident response, cloud security, and supply chain considerations. This book has distilled years of experience and expertise of the author, Darren Death, into clear insights that can be applied directly to your organization’s security efforts. Whether you work in a large enterprise, a government agency, or a small business, the principles and strategies presented in this book are adaptable and scalable to suit your specific needs.By the end of this book, you’ll have all the tools and guidance needed to fortify your organization’s defenses and expand your capabilities as an information security practitioner.
Gerard Johansen
Informatyka śledcza zapewnia narzędzia nie tylko prowadzącym dochodzenia kryminalne, ale również specjalistom do spraw cyberbezpieczeństwa. Na tym polu trwa ciągły wyścig zbrojeń między nimi a przestępcami, gdyż konsekwencje udanego ataku mogą się okazać niezwykle poważne. Umiejętność poprawnego reagowania na incydenty bezpieczeństwa jest tu kluczową sprawą. Ta książka jest przewodnikiem dla profesjonalistów do spraw cyberbezpieczeństwa. Przedstawia podstawowe zasady reagowania na incydenty bezpieczeństwa i szczegółowo, na przykładach, omawia proces tworzenia zdolności szybkiej i skutecznej reakcji na takie zdarzenia. Zaprezentowano tu techniki informatyki śledczej, od pozyskiwania dowodów i badania pamięci ulotnej po badanie dysku twardego i dowodów pochodzących z sieci. Szczególną uwagę poświęcono zagrożeniom atakami ransomware. Nie zabrakło omówienia roli analizy zagrożeń w procesie reagowania na incydenty, a także zasad sporządzania raportów dokumentujących reakcję na incydent i wyniki analizy. Pokazano również, w jaki sposób prowadzi się polowania na zagrożenia. Z tą książką: zbudujesz zdolność reagowania na incydenty w swojej organizacji nauczysz się poprawnego zbierania i analizowania dowodów zintegrujesz techniki i procedury śledcze z ogólnym procesem reagowania na incydenty przyswoisz różne metody polowania na zagrożenia opanujesz sposoby tworzenia raportów z incydentów wdrożysz odpowiednie praktyki reagowania na ataki ransomware Przygotuj się, znajdź i zlikwiduj zagrożenie!
Informatyka w kryminalistyce. Praktyczny przewodnik. Wydanie II
Darren R. Hayes
Nasilanie się zjawiska cyberprzestępczości sprawia, że prowadzenie dochodzeń kryminalnych wymaga specjalnych umiejętności i wiedzy technicznej. Bez odpowiedniego materiału dowodowego niemożliwe jest oskarżenie i osądzenie winnych. Sytuację utrudnia rozwój technologii: serwisy społecznościowe, urządzenia mobilne czy internet rzeczy są wykorzystywane do popełniania przestępstw na wiele dotychczas nieznanych sposobów. W tych warunkach informatycy śledczy są bardzo potrzebni, a specjaliści dysponujący aktualną wiedzą - wręcz bezcenni. Oto znakomity i w pełni zaktualizowany przewodnik po informatyce śledczej, uwzględniający najnowsze techniki, narzędzia i rozwiązania. W książce omówiono praktyczne aspekty zarówno umiejętności technicznych, jak i spraw ważnych z punktu widzenia prowadzenia dochodzeń w internecie i laboratorium. Opisano istotne zagadnienia dotyczące dokumentacji, dopuszczalności dowodów i innych aspektów prawnych. Szczegółowo zaprezentowano technologie ubieralne, analizy śledcze urządzeń IoT, kwestie komunikacji 5G, analizy śledczej pojazdów i analiz aplikacji mobilnych. Opracowanie uwzględnia też postępy w dziedzinie reagowania na incydenty oraz nowe techniki badania urządzeń mobilnych. Treści zostały uzupełnione praktycznymi zadaniami, realistycznymi przykładami oraz fascynującymi studiami przypadków. Dzięki książce dowiesz się, jak: wygląda praca informatyka śledczego wykorzystywać nowinki technologiczne w procesie zbierania dowodów rozpoznać naruszenia bezpieczeństwa i prawidłowo reagować na incydenty badać oszustwa finansowe analizować technologie ubieralne i urządzenia IoT zapewnić, aby zdobyte dowody zostały uznane w sądzie Wykryj. Znajdź dowody. Zabezpiecz je i zbadaj!
Joseph MacMillan
Information security and risk management best practices enable professionals to plan, implement, measure, and test their organization's systems and ensure that they're adequately protected against threats.The book starts by helping you to understand the core principles of information security, why risk management is important, and how you can drive information security governance. You'll then explore methods for implementing security controls to achieve the organization's information security goals. As you make progress, you'll get to grips with design principles that can be utilized along with methods to assess and mitigate architectural vulnerabilities. The book will also help you to discover best practices for designing secure network architectures and controlling and managing third-party identity services. Finally, you will learn about designing and managing security testing processes, along with ways in which you can improve software security.By the end of this infosec book, you'll have learned how to make your organization less vulnerable to threats and reduce the likelihood and impact of exploitation. As a result, you will be able to make an impactful change in your organization toward a higher level of information security.