Successfully responding to modern cybersecurity threats requires a well-planned, organized, and tested incident management program based on a formal incident management framework. It must be comprised of technical and non-technical requirements and planning for all aspects of people, process, and technology. This includes evolving considerations specific to the customer environment, threat landscape, regulatory requirements, and security controls. Only through a highly adaptive, iterative, informed, and continuously evolving full-lifecycle incident management program can responders and the companies they support be successful in combatting cyber threats. This book is the first in a series of volumes that explains in detail the full-lifecycle cybersecurity incident management program. It has been developed over two decades of security and response experience and honed across thousands of customer environments, incidents, and program development projects. It accommodates all regulatory and security requirements and is effective against all known and newly evolving cyber threats.* Paperback: 513 Pages

Successfully responding to modern cybersecurity threats requires a well-planned, organized, and tested incident management program based on a formal incident management framework. It must be comprised of technical and non-technical requirements and planning for all aspects of people, process, and technology.​This includes evolving considerations specific to the customer environment, threat landscape, regulatory requirements, and security controls. Only through a highly adaptive, iterative, informed, and continuously evolving full-lifecycle incident management program can responders and the companies they support be successful in combatting cyber threats. This book is the second in a series of volumes that explains in detail the full-lifecycle cybersecurity incident management program. It has been developed over two decades of security and response experience and honed across thousands of customer environments, incidents, and program development projects. It accommodates all regulatory and security requirements and is effective against all known and newly evolving cyber threats. This book will inform the reader on how to assess existing information security and incident management/response programs and refine them or develop new ones in accordance with the needs of the organization and the evolving threat and regulatory landscapes.

This book is an in-depth guide to the CyberSecurity Incident Commander role in alignment with the Federal Emergency Management Agency (FEMA) incident command framework. It teaches readers step-by-step how to succeed in performing it, based on the author’s involvement and leadership in thousands of investigations across hundreds of companies over 24 years. The current or aspiring Incident Commanders will learn the formal process using a mature 13-step incident management framework covering all phases. They will be holistically guided through the necessary functions, key considerations, and critical steps to ensure they are carried out properly. They will learn the various facets of preparation, training, detection, communication, evidence collection, analysis, containment, mitigation, eradication, remediation, recovery, reporting, lessons learned, and more. The Incident Commander will become familiar with leading incidents in alignment with leadership objectives, regulatory compliance needs, legal considerations, investigative best practices, and professional services skills used to guide individuals, groups, and outside entities that have been honed over decades.