“Intelligence-Driven Incident Response” Notes

“Intelligence-Driven Incident Response” by Scott J. Roberts and Rebekah Brown

Basics of Intelligence

Intelligence Cycle

Qualities of Good Intelligence

Levels of Intelligence

Basics of Incident Response

Data types

Collection methods

Actions on Objective

Reasons to not hack back

Benefits of active defense

Active defense capabilities

F3EAD cycle

Find

Finish

Exploit

OASIS suite

MILE Working Group

Threat-Intelligence Platforms (TIPs)

Analyze

Questions to determine what to analyze

Biases

Structured Analysis

Analysis of Competing Hypotheses (ACH)

Contrarian Techniques

Disseminate

Writing for leadership

Writing for technical consumers

Actionability

--

--

--

Cyber threat intelligence (CTI), cybersecurity, & privacy enthusiast. Seeking a CTI job. Bookworm. Fan of Tolkien & LEGO.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

About Cloudflare proxy status and Let’s encrypt and too many redirects error

Fighting Alert Fatigue with Actionable Intelligence

Biometric Authentication Overview, Advantages & Disadvantages

The Referral Program

Introducing Ziktalk’s Social Mining

Are your customers infected with VPNFilter?

A brief overview of JWT and its exploits

Facebook introduces new Privacy Basics for users to find tools controlling their information

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Chad Warner

Chad Warner

Cyber threat intelligence (CTI), cybersecurity, & privacy enthusiast. Seeking a CTI job. Bookworm. Fan of Tolkien & LEGO.

More from Medium

Intelligence Requirements in Cyber Threat Intelligence

Test Your Cybersecurity Defence Against ATT&CK Attacks with Center of Internet Security(CIS) CDM…

MITRE D3FEND (TM) — A knowledge graph of cybersecurity countermeasures.

Security Value Pyramid