Enjoy fast, free delivery, exclusive deals, and award-winning movies & TV shows with Prime
Try Prime and start saving today with fast, free delivery

Kindle
$31.03

Available instantly

Paperback
$26.15 - $32.66

$32.66 with 35 percent savings

List Price: $49.99

Get Fast, Free Shipping with Amazon Prime FREE Returns

FREE delivery Wednesday, September 18 on orders shipped by Amazon over $35

Or Prime members get FREE delivery Tomorrow, September 14. Order within 4 hrs 46 mins.

Select delivery location

In Stock

$$32.66 () Includes selected options. Includes initial monthly payment and selected options. Details

Ships from

Amazon.com

Ships from

Amazon.com

Sold by

Amazon.com

Sold by

Amazon.com

Returns

30-day refund/replacement

Returns

30-day refund/replacement

This item can be returned in its original condition for a full refund or replacement within 30 days of receipt.

Read full return policy

Payment

Secure transaction

Payment

Secure transaction

We work hard to protect your security and privacy. Our payment security system encrypts your information during transmission. We don’t share your credit card details with third-party sellers, and we don’t sell your information to others. Learn more

Details

Add a gift receipt for easy returns

$26.15

Get Fast, Free Shipping with Amazon Prime FREE Returns

Used book in good and clean conditions. Pages and cover are intact. Limited notes marks and highlighting may be present. May show signs of normal shelf wear and bends on edges. Item may be missing CDs or access codes. May include library marks. Ships directly from Amazon. Used book in good and clean conditions. Pages and cover are intact. Limited notes marks and highlighting may be present. May show signs of normal shelf wear and bends on edges. Item may be missing CDs or access codes. May include library marks. Ships directly from Amazon. See less

FREE delivery September 27 - October 6 on orders shipped by Amazon over $35

Or fastest delivery September 26 - October 2

Select delivery location

Only 1 left in stock - order soon.

$$32.66 () Includes selected options. Includes initial monthly payment and selected options. Details

Access codes and supplements are not guaranteed with used items.

Ships from

Amazon

Ships from

Amazon

Sold by

ZBK Wholesale

Sold by

ZBK Wholesale

Condition

Used - Good

Condition

Used - Good

Returns

30-day refund/replacement

Returns

30-day refund/replacement

This item can be returned in its original condition for a full refund or replacement within 30 days of receipt.

Read full return policy

Payment

Secure transaction

Payment

Secure transaction

We work hard to protect your security and privacy. Our payment security system encrypts your information during transmission. We don’t share your credit card details with third-party sellers, and we don’t sell your information to others. Learn more

Details

Enhancements you chose aren't available for this seller. Details

${cardName} not available for the seller you chose

${cardName} unavailable for quantities greater than ${maxQuantity}.

Other sellers on Amazon

New & Used (30) from $19.00 + $3.99 shipping

Follow the authors

Crafting the InfoSec Playbook: Security Monitoring and Incident Response Master Plan 1st Edition

by Jeff Bollinger (Author), Brandon Enright (Author), Matthew Valites (Author)

4.7 97 ratings

See all formats and editions

{"desktop_buybox_group_1":[{"displayPrice":"$32.66","priceAmount":32.66,"currencySymbol":"$","integerValue":"32","decimalSeparator":".","fractionalValue":"66","symbolPosition":"left","hasSpace":false,"showFractionalPartIfEmpty":true,"offerListingId":"qMVk0dxOYEwbRrzpTN1o7FpfrndIlTJQCmQcHTXRIVqpRGKFzVDyuqLl%2FgUllNLHA7CRtj5rk1WZjabzz3CCyxqGk%2Fisk1eQ%2BYxobpNfkGsRfbbv5vkCfWs4XAfccMiu%2FfbxNVrR59UCzTkexlyYkQ%3D%3D","locale":"en-US","buyingOptionType":"NEW","aapiBuyingOptionIndex":0}, {"displayPrice":"$26.15","priceAmount":26.15,"currencySymbol":"$","integerValue":"26","decimalSeparator":".","fractionalValue":"15","symbolPosition":"left","hasSpace":false,"showFractionalPartIfEmpty":true,"offerListingId":"qMVk0dxOYEwbRrzpTN1o7FpfrndIlTJQw%2FU7IKHMhxLdueWR2Ke6N6FxbncdoyNTuXJ9%2FJZmKwennP0sg1rnXRvZNvtfhSXamVyX0HgjTwnVTjrLf9upcQMb52edpRmthNoQ%2FWPpBWPiTVba8U2lEgpsZN1beu8AAdVGvXbJQsVGV2mTMKI8IBdCOygQvydA","locale":"en-US","buyingOptionType":"USED","aapiBuyingOptionIndex":1}]}

Purchase options and add-ons

Any good attacker will tell you that expensive security monitoring and prevention tools aren’t enough to keep you secure. This practical book demonstrates a data-centric approach to distilling complex security monitoring, incident response, and threat analysis ideas into their most basic elements. You’ll learn how to develop your own threat intelligence and incident detection strategy, rather than depend on security tools alone.

Written by members of Cisco’s Computer Security Incident Response Team, this book shows IT and information security professionals how to create an InfoSec playbook by developing strategy, technique, and architecture.

Learn incident response fundamentals―and the importance of getting back to basics
Understand threats you face and what you should be protecting
Collect, mine, organize, and analyze as many relevant data sources as possible
Build your own playbook of repeatable methods for security monitoring and response
Learn how to put your plan into action and keep it running smoothly
Select the right monitoring and detection tools for your environment
Develop queries to help you sort through data and create valuable reports
Know what actions to take during the incident response phase

ISBN-10

1491949406
ISBN-13

978-1491949405
Edition

1st
Publisher

O'Reilly Media
Publication date

June 23, 2015
Language

English
Dimensions

6.97 x 0.56 x 9.09 inches
Print length

273 pages
See all details

Frequently bought together

This item: Crafting the InfoSec Playbook: Security Monitoring and Incident Response Master Plan

$32.66

Get it as soon as Wednesday, Sep 18

In Stock

Ships from and sold by Amazon.com.

+

Blue Team Handbook: SOC, SIEM, and Threat Hunting (V1.02): A Condensed Guide for the Security Operations Team and Threat Hunter

$41.29

Get it as soon as Wednesday, Sep 18

In Stock

Ships from and sold by Amazon.com.

+

Digital Forensics and Incident Response: Incident response tools and techniques for effective cyber threat response, 3rd Edition

$35.19

Get it as soon as Wednesday, Sep 18

In Stock

Ships from and sold by Amazon.com.

Total price:

To see our price, add these items to your cart.

Try again!

Details

Added to Cart

Choose items to buy together.

Don Murdoch, GSE #99
288
Paperback
5 offers from $3603
Gerard Johansen
28
Paperback
11 offers from $3519
BROTHERSTON
204
Paperback
1 offer from $5628
Gerard Johansen
100
Paperback
18 offers from $4565
Steve Anson
217
Paperback
48 offers from $2073
Rebekah Brown
5
Paperback
32 offers from $4573

Editorial Reviews

About the Author

With over ten years of information security experience, Jeff Bollinger has worked as a security architect and incident responder for both academic and corporate networks. Specializing in investigations, network security monitoring, and intrusion detection, Jeff Bollinger currently works as an information security investigator, and has built and operated one of the world's largest corporate security monitoring infrastructures. Jeff regularly speaks at international FIRST conferences, and writes for the Cisco Security Blog. His recent work includes log mining, search optimization, threat research, and security investigations.

Brandon Enright is a senior information security investigator with Cisco Systems. Brandon has a bachelor’s degree in computer science from UC San Diego where he did research in the Systems and Networking group. Brandon has coauthored several papers on the infrastructure and economics of malware botnets and a paper on the impact of low entropy seeds on the generation of SSL certificates. Some of his work in cryptography includes presenting weaknesses in some of the NIST SHA3 competition candidates, fatally knocking one out of the competition, and authoring the Password Hashing Competition proposal OmegaCrypt. Brandon is a long-time contributor to the Nmap project, a fast and featureful port scanner and security tool. In his free time Brandon enjoys mathematical puzzles and logic games.

Matthew Valites is a senior investigator and site lead on Cisco's Computer Security Incident Response Team (CSIRT). He provides expertise building an Incident Response and monitoring program for cloud and hosted service enterprises, with a focus on targeted and high-value assets. A hobbyist Breaker and Maker for as long as he can recall, his current professional responsibilities include security investigations, mining security-centric alerts from large data sets, operationalizing CSIRT's detection logic, and mobile device hacking. Matt enjoys speaking at international conferences, and is keen to share CSIRT's knowledge, best practices, and lessons-learned.

Product details

Publisher ‏ : ‎ O'Reilly Media; 1st edition (June 23, 2015)
Language ‏ : ‎ English
Paperback ‏ : ‎ 273 pages
ISBN-10 ‏ : ‎ 1491949406
ISBN-13 ‏ : ‎ 978-1491949405
Item Weight ‏ : ‎ 1.04 pounds
Dimensions ‏ : ‎ 6.97 x 0.56 x 9.09 inches

Best Sellers Rank: #957,092 in Books (See Top 100 in Books)
- #227 in Computer Viruses
- #333 in Computer Networking (Books)
- #754 in Computer Network Security

Customer Reviews:
4.7 97 ratings

Brief content visible, double tap to read full content.

Full content visible, double tap to read brief content.

Videos

Help others learn more about this product by uploading a video!

Upload your video

About the authors

Follow authors to get new release updates, plus improved recommendations.

Jeff Bollinger
Brief content visible, double tap to read full content.
Full content visible, double tap to read brief content.
Jeff Bollinger currently works as an information security investigator for Cisco Systems. Jeff has shaped Cisco's internal threat detection and response strategy, and has designed, built, and operated one of the world's largest corporate security monitoring infrastructures. Jeff has worked as security architect and incident responder for both academic and corporate networks since 2000, and has been involved with IT and network operations even longer. Specializing in investigations, network security monitoring, and threat detection, Jeff regularly speaks at international FIRST conferences and writes for the Cisco Security Blog and the Cisco Annual Security Report. His recent work includes global log mining architecture, search optimization, threat research, and security investigations.
http://blogs.cisco.com/author/jeffbollinger
See more on the author's page
Matthew Valites
Brief content visible, double tap to read full content.
Full content visible, double tap to read brief content.
Discover more of the author’s books, see similar authors, read author blogs and more
See more on the author's page

Customer reviews

97 global ratings

5 star
78%
4 star
16%
3 star
6%
2 star
0%
1 star
0%

How customer reviews and ratings work

Sort reviews by

Top reviews from the United States

There was a problem filtering reviews right now. Please try again later.

Stephen

Required textbook for Cyber Security class at Columbia University

Reviewed in the United States on August 21, 2019

Verified Purchase

I read this book because it was a requirement for my Cyber Security class at Columbia. I will say that I went in already having a Computer Science degree and 10 years of experience in Software Development, so it was easy for me to navigate the technical concepts that the book touches on without difficulty. Another warning I have about Cyber Security in general is that there are a lot of acronyms to know, and I ended up downloading a flashcard app to help myself memorize them all in order to get through this book and the class itself.

If you're thinking about reading it outside of school, I'd recommend it for anyone in a CIO, CISO, or Security Engineer type of role at a company. It's very straightforward and to the point, and it offers specific, detailed, and research backed recommendations for how to establish processes within a company to minimize the risk of a breach. The focus of the book is on how to establish a CIRT (Cyber Incident Response Team), what their responsibilities are and should be, how they should function, how to build a "playbook" for their operations, and ultimately how to best use a dedicated team of analysts and engineers to detect and react to a cyber event within a company. If that's what you're looking for this is a great text. If you want a more general introduction to cyber security then this might not be the only book you want to read.

7 people found this helpful

Helpful

militarypiper

Covers the core bases of building coordinated InfoSec processes

Reviewed in the United States on February 25, 2016

Verified Purchase

Very good guide on InfoSec program policy development. I think this should be mandatory for anyone moving 'up the chain' in security. In my role as a consultant, I find that there are smart people doing good things...in silos. This guide is a good foundation for building a program that ties disparate efforts together as a cohesive and effective infosec program. This book continues to be a good reference.

I think the book could have been improved with more pictures of alligators and other dangerous reptilian creatures.

8 people found this helpful

Helpful

DeltaBravo

Required course material

Reviewed in the United States on May 6, 2019

Verified Purchase

This book is kind of old for the tech world and it is a surprise that it has not been updated yet.

I gave it 4 stars because: While not cheap, it was not as expensive as other required CyberSec/IT books, the concepts addressed were not hardware specific but rather a learning tool to be used to formulate individualized plans for organizations, and it is written in a well balanced and not so boring manner.

Helpful

A. Dauria

Fantastic Guide to Operationalizing your SOC

Reviewed in the United States on May 3, 2016

Verified Purchase

Phenomenal book, chock full of great ideas about how to build and operationalize your SOC. Includes high level concepts as well as detailed technical ideas. Highly recommended for anyone building or improving a security program.

One person found this helpful

Helpful

Eleazar Fuentes

Great book

Reviewed in the United States on October 8, 2015

Verified Purchase

Great book for infosec pros it gives you an advanced insight about the incident response challenges. The idea of a playbook for IR is great.

4 people found this helpful

Helpful

younge

Five Stars

Reviewed in the United States on June 12, 2018

Excellent.

Great resource, timely and relevant

Reviewed in the United States on October 17, 2015

Great resource, timely and relevant, should be fundamental reading for network security / cyber security professionals. Great job guys!

2 people found this helpful

Helpful

Alexandru Stamate

Not a bad book (if you skip the first 6 chapters).

Reviewed in the United States on May 22, 2016

Verified Purchase

I'm a DFIR investigator with a fair share of experience in this field and I've always been interested in any books on such topics. As far as I can tell Crafting the InfoSec Playbook wants to be a guideline for how to run a SOC.
The first chapters cover very generic facts and best practices around IR and the management of a SOC. During the first 6 chapters I felt like reading Cpt. Obvious notes about running a SOC.
The real "action" starts with chapter 7 and it's quite interesting/useful. You can tell the authors have a solid background in IR but the book will be of little help for mature/advanced security teams.

11 people found this helpful

Helpful

Top reviews from other countries

Translate all reviews to English

C. Grau

Handbuch zum Aufbau eines Security Monitoring und Incident Response

Reviewed in Germany on June 5, 2016

Verified Purchase

Wer auf der Suche nach einen Buch ist in dem einen viele Tools und Technologien für die Durchführung von Incident Response ist, wird mit diesem Buch nicht glücklich werden.

Wer jedoch den Aufbau von einem ganzheitlichen Security Monitoring und Incident Response von der strategischen Seiten her beginnen möchte bekommt mit diesem Buch ein gutes "Playbook" an die Hand.

One person found this helpful

Translate review to English

Mr. Kevin J. Ross

This is a wonderful book that is of great value to anyone having ...

Reviewed in the United Kingdom on October 24, 2015

Verified Purchase

This is a wonderful book that is of great value to anyone having to do security monitoring. It also wisely determines its direction and sticks to it which is about how to analyse and not about the nuts and bolts technology. Books like Applied Network Security Monitoring can provide a better understanding of that and while the book does not mention specific products or technologies (which it is all the better for) it is wise to make sure however you have the following things in your arsenal to benefit the most from this book's advice:

- Intrusion Detection System
- Network logs covering different aspects of communications (HTTP, SSL, connections etc). Proxies for instance are valuable for HTTP but if you run bro-ids (now just "BRO") it can provide these logs.
- Centalised logging such as with Splunk or elasticsearch/logstash/kibana (ELK) which is free or some other SIEM. Really you need a way to query the data quickly. Into this have your IDS logs, network logs, proxy logs, av logs etc.

Now onto the actual book. It provides a great analysis of:
- Why to monitor
- Methods of ensuring proper monitoring (i.e rather than drilling into the technical basically saying this is what you need to achieve in either technical or process and the path is up to you)
- Thought processes about how to analyse data and ensuring you have enough data to quickly confirm or refute a security incident (extra context really can help you eliminate a false positive quickly so as not to waste time).
- Ideas for queries, data analysis and so on (without drilling into the technical). This is where having log monitoring in place can be of great use so you can begin applying it.
- The book is also more about building and process rather than specific problem/event here is solution. This I feel will allow it to maintain a relevance and not become dated as it teaches you a process in a "teach someone to fish" kind of way and its avoidance of falling into specific technologies, products or problems of the day means it will not become technically irrelevant.

The book is very well written and consistent throughout that successfully provides advice, techniques and processes that apply very well to all levels - from someone just starting out, someone setting up a security monitoring program for the first time through to someone with a established and mature security monitoring environment. The book manages to be relevant, informational and insightful to all these groups without feeling like it is leaning towards a certain level or group which is an impressive technical writing feat. I would highly recommend this book to anyone who has to perform security monitoring tasks given its scope

3 people found this helpful

Mr T Wake

Good book.

Reviewed in the United Kingdom on February 23, 2016

Verified Purchase

Excellent read, very well written and very useful for benchmarking your own security ops teams.

Anon, Bristol, UK

Five Stars

Reviewed in the United Kingdom on December 30, 2017

Verified Purchase

all good

See more reviews

Return this item for free

Return this item for free

Image Unavailable

Follow the authors