You're reading from Information Security Handbook Enhance your proficiency in information security program development

Product type Paperback

Published in Oct 2023

Publisher Packt

ISBN-13 9781837632701

Length 370 pages

Edition 2nd Edition

Concepts

Information Security

Author (1):

Darren Death

View More author details

Table of Contents (16) Chapters

Preface

1. Chapter 1: Information and Data Security Fundamentals

2. Chapter 2: Defining the Threat Landscape FREE CHAPTER

3. Chapter 3: Laying a Foundation for Information and Data Security

4. Chapter 4: Information Security Risk Management

5. Chapter 5: Developing Your Information and Data Security Plan

6. Chapter 6: Continuous Testing and Monitoring

7. Chapter 7: Business Continuity/Disaster Recovery Planning

8. Chapter 8: Incident Response Planning

9. Chapter 9: Developing a Security Operations Center

10. Chapter 10: Developing an Information Security Architecture Program

11. Chapter 11: Cloud Security Considerations

12. Chapter 12: Zero Trust Architecture in Information Security

13. Chapter 13: Third-Party and Supply Chain Security

14. Index

Why subscribe?

15. Other Books You May Enjoy

Identification – incident response tools

By leveraging technical observational tools, organizations can comprehensively understand their networks, making detecting and responding to security incidents more manageable. Each tool serves a unique purpose: monitoring network and server activity, analyzing logs, tracking system availability, inspecting network packets, analyzing web traffic, or scanning for vulnerabilities. Let us now learn about each of these tools.

Observational technical tools

Observational technical tools play a crucial role in incident response by providing visibility into the network, enabling responders to establish a baseline for normal behavior, and making it easier to detect anomalous activities. These tools can be classified into several categories:

Host- and network-based IDSs/IPSs: These tools monitor real-time network and server/workstation activity. Typically signature-based, they detect suspicious activities matching preconfigured signatures...