Save on pre-loved laptops

Customers who viewed this item also viewed

  1. Blue Team Handbook: SOC, SIEM, and Threat Hunting (V1.02): A Condensed Guide for the Security Operations Team and Threat Hunt
    Blue Team Handbook: SOC, SIEM, and Threat Hunting (V1.02): A Condensed Guide for the Security Operations Team and Threat Hunter
    4.8301
    $41.29
  2. Blue Team Handbook: Incident Response Edition: A condensed field guide for the Cyber Security Incident Responder.
    Blue Team Handbook: Incident Response Edition: A condensed field guide for the Cyber Security Incident Responder.
    4.7460
    $23.74
Enjoy fast, free delivery, exclusive deals, and award-winning movies & TV shows.
Buy new:
-17% $41.45
FREE delivery Friday, November 7
Ships from: Amazon.com
Sold by: Amazon.com
Kindle app logo image

Download the free Kindle app and start reading Kindle books instantly on your smartphone, tablet, or computer - no Kindle device required.

Read instantly on your browser with Kindle for Web.

Using your mobile phone camera - scan the code below and download the Kindle app.

QR code to download the Kindle App

Follow the authors

Jeff Bollinger
Follow
Matthew Valites
Follow
Something went wrong. Please try your request again later.

Crafting the InfoSec Playbook: Security Monitoring and Incident Response Master Plan 1st Edition

by Jeff Bollinger (Author), Brandon Enright (Author), Matthew Valites (Author)
{"desktop_buybox_group_1":[{"displayPrice":"$41.45","priceAmount":41.45,"currencySymbol":"$","integerValue":"41","decimalSeparator":".","fractionalValue":"45","symbolPosition":"left","hasSpace":false,"showFractionalPartIfEmpty":true,"offerListingId":"OBBjW3QikPpP8delnO4JhG%2BkkXKBzxX22utFc8ANtkQC6NgIyZQ63AtNbp19vhmklpQffGNosw%2BSGLgBh1vR5wTIIIuQVUh%2BI7yVZSCSjABtjS1y16h3vkT3UQ8YdWjcXBhExpwuaet%2Fl2vRN8t2mA%3D%3D","locale":"en-US","buyingOptionType":"NEW","aapiBuyingOptionIndex":0}, {"displayPrice":"$0.01","priceAmount":0.01,"currencySymbol":"$","integerValue":"0","decimalSeparator":".","fractionalValue":"01","symbolPosition":"left","hasSpace":false,"showFractionalPartIfEmpty":true,"offerListingId":"OBBjW3QikPpP8delnO4JhG%2BkkXKBzxX2FLYncqxHIJ0uLIDueDa0Ub5u9JSMmo527NEQvBH%2Bye2Oip%2Fq0BYql8R4mSjg9C%2BAaNQewq1Kq2U%2FDyELmYWy18oof1F%2B1O%2FBnWA46ehP5Q0LM1TVBhfiFa31M48G5vMgb0f6Bb35rYCepqnElqNYfw%3D%3D","locale":"en-US","buyingOptionType":"USED","aapiBuyingOptionIndex":1}]}

Purchase options and add-ons

Any good attacker will tell you that expensive security monitoring and prevention tools aren’t enough to keep you secure. This practical book demonstrates a data-centric approach to distilling complex security monitoring, incident response, and threat analysis ideas into their most basic elements. You’ll learn how to develop your own threat intelligence and incident detection strategy, rather than depend on security tools alone.

Written by members of Cisco’s Computer Security Incident Response Team, this book shows IT and information security professionals how to create an InfoSec playbook by developing strategy, technique, and architecture.

  • Learn incident response fundamentals—and the importance of getting back to basics
  • Understand threats you face and what you should be protecting
  • Collect, mine, organize, and analyze as many relevant data sources as possible
  • Build your own playbook of repeatable methods for security monitoring and response
  • Learn how to put your plan into action and keep it running smoothly
  • Select the right monitoring and detection tools for your environment
  • Develop queries to help you sort through data and create valuable reports
  • Know what actions to take during the incident response phase
Read more
Previous slide of product details
  1. ISBN-10
    1491949406
  2. ISBN-13
    978-1491949405
  3. Edition
    1st
  4. Publisher
    O'Reilly Media
  5. Publication date
    June 23, 2015
  6. Language
    English
  7. Dimensions
    7 x 0.63 x 9.19 inches
  8. Print length
    273 pages
Next slide of product details

Frequently bought together

This item: Crafting the InfoSec Playbook: Security Monitoring and Incident Response Master Plan
$39.36
Get it as soon as Wednesday, Nov 19
Sold by Shakespeare Book House and ships from Amazon Fulfillment.
+
Blue Team Handbook: SOC, SIEM, and Threat Hunting (V1.02): A Condensed Guide for the Security Operations Team and Threat Hunt
$41.29
Get it as soon as Friday, Nov 7
In Stock
Ships from and sold by Amazon.com.
+
Incident Response in the Age of Cloud: Techniques and best practices to effectively respond to cybersecurity incidents
$43.99
Get it as soon as Friday, Nov 7
In Stock
Ships from and sold by Amazon.com.
Total price: $00
To see our price, add these items to your cart.
Details
Added to Cart
Some of these items ship sooner than the others.
Show details Hide details
Choose items to buy together.

What do customers buy after viewing this item?

Page 1 of 1 Start over
Previous set of slides

  1. Lowest Price

    in this set of products

    This item:

  2. Most purchased | Highest rated

    in this set of products
Next set of slides

Customers also bought or read

Page 1 of 1Start over
Previous page
  6. Applied Incident Response
    Paperback
    $30.46
    $3.99 delivery Sat, Nov 22
  15. Zero Trust Networks: Building Secure Systems in Untrusted Networks
    Paperback
    $58.98
    $3.99 delivery Wed, Nov 26
  18. GCIH GIAC Certified Incident Handler All-in-One Exam Guide
    Paperback
    $47.63
    FREE delivery Sat, Nov 15
  28. CompTIA CySA+ Certification Kit: Exam CS0-003
    Paperback
    $57.06
    FREE delivery Friday
Next page
Loading...

From the brand

Previous page
  2. Practical Cloud Security: A Guide for Secure Design and Deployment
    Certified Ethical Hacker (CEH) Study Guide: In-Depth Guidance and Practice
    Web Application Security: Exploitation and Countermeasures for Modern Web Applications
    Inside Cyber Warfare: Mapping the Cyber Underworld

    Explore security resources

    Visit the Store

  3. AI Engineering: Building Applications with Foundation Models
    Fundamentals of Software Architecture: A Modern Engineering Approach
    Fundamentals of Data Engineering: Plan and Build Robust Data Systems
    Platform Engineering: A Guide for Technical, Product, and People Leaders

    More From O'Reilly

    Visit the Store

  4. Sharing the knowledge of experts

    O'Reilly's mission is to change the world by sharing the knowledge of innovators. For over 40 years, we've inspired companies and individuals to do new things (and do them better) by providing the skills and understanding that are necessary for success.

    Our customers are hungry to build the innovations that propel the world forward. And we help them do just that.

Next page

Editorial Reviews

About the Author

With over ten years of information security experience, Jeff Bollinger has worked as a security architect and incident responder for both academic and corporate networks. Specializing in investigations, network security monitoring, and intrusion detection, Jeff Bollinger currently works as an information security investigator, and has built and operated one of the world's largest corporate security monitoring infrastructures. Jeff regularly speaks at international FIRST conferences, and writes for the Cisco Security Blog. His recent work includes log mining, search optimization, threat research, and security investigations.

Brandon Enright is a senior information security investigator with Cisco Systems. Brandon has a bachelor’s degree in computer science from UC San Diego where he did research in the Systems and Networking group. Brandon has coauthored several papers on the infrastructure and economics of malware botnets and a paper on the impact of low entropy seeds on the generation of SSL certificates. Some of his work in cryptography includes presenting weaknesses in some of the NIST SHA3 competition candidates, fatally knocking one out of the competition, and authoring the Password Hashing Competition proposal OmegaCrypt. Brandon is a long-time contributor to the Nmap project, a fast and featureful port scanner and security tool. In his free time Brandon enjoys mathematical puzzles and logic games.

Matthew Valites is a senior investigator and site lead on Cisco's Computer Security Incident Response Team (CSIRT). He provides expertise building an Incident Response and monitoring program for cloud and hosted service enterprises, with a focus on targeted and high-value assets. A hobbyist Breaker and Maker for as long as he can recall, his current professional responsibilities include security investigations, mining security-centric alerts from large data sets, operationalizing CSIRT's detection logic, and mobile device hacking. Matt enjoys speaking at international conferences, and is keen to share CSIRT's knowledge, best practices, and lessons-learned.

Product details

About the authors

Follow authors to get new release updates, plus improved recommendations.
Previous page
  1. Jeff Bollinger

    Jeff Bollinger

    Brief content visible, double tap to read full content.
    Full content visible, double tap to read brief content.

    With over twenty years of information security experience, Jeff Bollinger has worked as security architect, incident responder, and people manager for both academic and enterprise networks. Specializing in investigations, network security monitoring, detection engineering, log analysis, and intrusion detection, Jeff Bollinger is the Director of LinkedIn's incident response team (SEEK). Prior to LinkedIn, Jeff helped build and operate one of the world's largest corporate security monitoring infrastructures at Cisco Systems. Jeff regularly speaks at international FIRST conferences, blogs about security topics. He is also the co-author of "Crafting the InfoSec Playbook". Jeff's recent work includes log mining, search optimization, cloud threat research, and security investigations.

    See more on the author's page
  2. Matthew Valites

    Matthew Valites

    Brief content visible, double tap to read full content.
    Full content visible, double tap to read brief content.

    Discover more of the author’s books, see similar authors, read book recommendations and more.

    See more on the author's page
Next page

Related books

Page 1 of 1Start Over
Sponsored
Previous page
  1. Shop the Store on Amazon ›
    Property and Casualty Insurance Exam Success: 5 Full-Length Exams, 600+ Practice Questions & Detailed Answer Explanations for Guaranteed First-Attempt Success (Apex Academic Exam Success)
    Property and Casualty Insurance Exam Success: 5 Full-Length Exams, 600+ Practice Questions & Detailed Answer Explanations for Guaranteed First-Attempt Success (Apex Academic Exam Success)
    4.64.6 out of 5 stars152
    $42.60 List:$49.99
  2. Shop the Store on Amazon ›
    Cybersecurity Bible: The Complete Guide to Detect, Prevent and Manage Cyber Threats | Includes Practical Tests & Hacking Tips for IT Security Specialists
    Cybersecurity Bible: The Complete Guide to Detect, Prevent and Manage Cyber Threats | Includes Practical Tests & Hacking Tips for IT Security Specialists
    4.44.4 out of 5 stars94
    $29.97
  3. Shop the Store on Amazon ›
    Texas Property and Casualty Study Cards: Texas Property and Casualty Insurance License Exam Prep 2025-2026 and Practice Test Questions [Full Color Cards]
    Texas Property and Casualty Study Cards: Texas Property and Casualty Insurance License Exam Prep 2025-2026 and Practice Test Questions [Full Color Cards]
    5.05.0 out of 5 stars6
    $34.99 List:$40.99
  4. Shop the Store on Amazon ›
    ESTATE PLANNING that WORKS: How to ensure your family is provided for long-term, keep your assets safe, save thousands on legal fees, getting it right ... time - Forms, Tools, and Insights (2025)
    ESTATE PLANNING that WORKS: How to ensure your family is provided for long-term, keep your assets safe, save thousands on legal fees, getting it right ... time - Forms, Tools, and Insights (2025)
    4.94.9 out of 5 stars278
    $19.99
  5. Shop the Store on Amazon ›
    Complete Living Trusts Blueprint: Stress-Free 90-Day Plan Avoid Probate, Reduce Taxes, & Maximize What You Leave Behind
    Complete Living Trusts Blueprint: Stress-Free 90-Day Plan Avoid Probate, Reduce Taxes, & Maximize What You Leave Behind
    4.84.8 out of 5 stars157
    $14.99
Next page

Customer reviews

4.7 out of 5 stars
98 global ratings

Top reviews from the United States

  • Stephen
    5.0 out of 5 stars Required textbook for Cyber Security class at Columbia University
    Reviewed in the United States on August 21, 2019
    Format: KindleVerified Purchase
    I read this book because it was a requirement for my Cyber Security class at Columbia. I will say that I went in already having a Computer Science degree and 10 years of experience in Software Development, so it was easy for me to navigate the technical concepts that the book touches on without difficulty. Another warning I have about Cyber Security in general is that there are a lot of acronyms to know, and I ended up downloading a flashcard app to help myself memorize them all in order to get through this book and the class itself.

    If you're thinking about reading it outside of school, I'd recommend it for anyone in a CIO, CISO, or Security Engineer type of role at a company. It's very straightforward and to the point, and it offers specific, detailed, and research backed recommendations for how to establish processes within a company to minimize the risk of a breach. The focus of the book is on how to establish a CIRT (Cyber Incident Response Team), what their responsibilities are and should be, how they should function, how to build a "playbook" for their operations, and ultimately how to best use a dedicated team of analysts and engineers to detect and react to a cyber event within a company. If that's what you're looking for this is a great text. If you want a more general introduction to cyber security then this might not be the only book you want to read.
    7 people found this helpful
    Helpful
     Report
  • militarypiper
    5.0 out of 5 stars Covers the core bases of building coordinated InfoSec processes
    Reviewed in the United States on February 25, 2016
    Format: KindleVerified Purchase
    Very good guide on InfoSec program policy development. I think this should be mandatory for anyone moving 'up the chain' in security. In my role as a consultant, I find that there are smart people doing good things...in silos. This guide is a good foundation for building a program that ties disparate efforts together as a cohesive and effective infosec program. This book continues to be a good reference.

    I think the book could have been improved with more pictures of alligators and other dangerous reptilian creatures.
    8 people found this helpful
    Helpful
     Report
  • DeltaBravo
    4.0 out of 5 stars Required course material
    Reviewed in the United States on May 6, 2019
    Format: PaperbackVerified Purchase
    This book is kind of old for the tech world and it is a surprise that it has not been updated yet.

    I gave it 4 stars because: While not cheap, it was not as expensive as other required CyberSec/IT books, the concepts addressed were not hardware specific but rather a learning tool to be used to formulate individualized plans for organizations, and it is written in a well balanced and not so boring manner.
    Helpful
     Report
  • Reviewer
    5.0 out of 5 stars Fantastic Guide to Operationalizing your SOC
    Reviewed in the United States on May 3, 2016
    Format: KindleVerified Purchase
    Phenomenal book, chock full of great ideas about how to build and operationalize your SOC. Includes high level concepts as well as detailed technical ideas. Highly recommended for anyone building or improving a security program.
    One person found this helpful
    Helpful
     Report
  • Eleazar Fuentes
    5.0 out of 5 stars Great book
    Reviewed in the United States on October 8, 2015
    Format: KindleVerified Purchase
    Great book for infosec pros it gives you an advanced insight about the incident response challenges. The idea of a playbook for IR is great.
    5 people found this helpful
    Helpful
     Report
  • younge
    5.0 out of 5 stars Five Stars
    Reviewed in the United States on June 12, 2018
    Format: PaperbackVerified Purchase
    Excellent.
    Helpful
     Report
  • Joe K
    5.0 out of 5 stars Great resource, timely and relevant
    Reviewed in the United States on October 17, 2015
    Format: Paperback
    Great resource, timely and relevant, should be fundamental reading for network security / cyber security professionals. Great job guys!
    2 people found this helpful
    Helpful
     Report
  • Alexandru Stamate
    3.0 out of 5 stars Not a bad book (if you skip the first 6 chapters).
    Reviewed in the United States on May 22, 2016
    Format: PaperbackVerified Purchase
    I'm a DFIR investigator with a fair share of experience in this field and I've always been interested in any books on such topics. As far as I can tell Crafting the InfoSec Playbook wants to be a guideline for how to run a SOC.
    The first chapters cover very generic facts and best practices around IR and the management of a SOC. During the first 6 chapters I felt like reading Cpt. Obvious notes about running a SOC.
    The real "action" starts with chapter 7 and it's quite interesting/useful. You can tell the authors have a solid background in IR but the book will be of little help for mature/advanced security teams.
    11 people found this helpful
    Helpful
     Report

Top reviews from other countries

Translate all reviews to English
  • Mr. Kevin J. Ross
    5.0 out of 5 stars This is a wonderful book that is of great value to anyone having ...
    Reviewed in the United Kingdom on October 24, 2015
    Format: PaperbackVerified Purchase
    This is a wonderful book that is of great value to anyone having to do security monitoring. It also wisely determines its direction and sticks to it which is about how to analyse and not about the nuts and bolts technology. Books like Applied Network Security Monitoring can provide a better understanding of that and while the book does not mention specific products or technologies (which it is all the better for) it is wise to make sure however you have the following things in your arsenal to benefit the most from this book's advice:

    - Intrusion Detection System
    - Network logs covering different aspects of communications (HTTP, SSL, connections etc). Proxies for instance are valuable for HTTP but if you run bro-ids (now just "BRO") it can provide these logs.
    - Centalised logging such as with Splunk or elasticsearch/logstash/kibana (ELK) which is free or some other SIEM. Really you need a way to query the data quickly. Into this have your IDS logs, network logs, proxy logs, av logs etc.

    Now onto the actual book. It provides a great analysis of:
    - Why to monitor
    - Methods of ensuring proper monitoring (i.e rather than drilling into the technical basically saying this is what you need to achieve in either technical or process and the path is up to you)
    - Thought processes about how to analyse data and ensuring you have enough data to quickly confirm or refute a security incident (extra context really can help you eliminate a false positive quickly so as not to waste time).
    - Ideas for queries, data analysis and so on (without drilling into the technical). This is where having log monitoring in place can be of great use so you can begin applying it.
    - The book is also more about building and process rather than specific problem/event here is solution. This I feel will allow it to maintain a relevance and not become dated as it teaches you a process in a "teach someone to fish" kind of way and its avoidance of falling into specific technologies, products or problems of the day means it will not become technically irrelevant.

    The book is very well written and consistent throughout that successfully provides advice, techniques and processes that apply very well to all levels - from someone just starting out, someone setting up a security monitoring program for the first time through to someone with a established and mature security monitoring environment. The book manages to be relevant, informational and insightful to all these groups without feeling like it is leaning towards a certain level or group which is an impressive technical writing feat. I would highly recommend this book to anyone who has to perform security monitoring tasks given its scope
    Report
  • C. Grau
    5.0 out of 5 stars Handbuch zum Aufbau eines Security Monitoring und Incident Response
    Reviewed in Germany on June 5, 2016
    Format: PaperbackVerified Purchase
    Wer auf der Suche nach einen Buch ist in dem einen viele Tools und Technologien für die Durchführung von Incident Response ist, wird mit diesem Buch nicht glücklich werden.

    Wer jedoch den Aufbau von einem ganzheitlichen Security Monitoring und Incident Response von der strategischen Seiten her beginnen möchte bekommt mit diesem Buch ein gutes "Playbook" an die Hand.
    Report
  • Mr T Wake
    5.0 out of 5 stars Good book.
    Reviewed in the United Kingdom on February 23, 2016
    Format: PaperbackVerified Purchase
    Excellent read, very well written and very useful for benchmarking your own security ops teams.
    Report
  • Anon, Bristol, UK
    5.0 out of 5 stars Five Stars
    Reviewed in the United Kingdom on December 30, 2017
    Format: PaperbackVerified Purchase
    all good
    Report