Top 8 cybersecurity books for incident responders in 2020
Are you passionate about incident response? Do you want to build upon your knowledge of how to mitigate cyberthreats? If yes, then you’d love the nuggets of wisdom these cybersecurity books can offer!
Although pursuing certifications like CISSP is the best way to progress in this field, gaining firsthand knowledge from other cybersecurity experts equips you with a better understanding of your profession and gives you the ability to apply different philosophies.
Learn Incident Response
So, if you’ve made up your mind to advance as an incident responder, add these cybersecurity books to your virtual bookshelf and get practical tips that will help support your career.
1. “The practice of network security monitoring” by Richard Bejtlich
In this book, FireEye’s Chief Security Strategist Richard Bejtlich shows you how to deploy a robust layer of protection around your networks using open-source and vendor-neutral tools. To help you avoid inflexible solutions, the author also helps you learn how to interpret network evidence from both client-side and server-side intrusions.
Though preventing every type of intrusion is impossible, “The Practice of Network Security Monitoring” explains how to best contain them.
2. “Reversing: The secrets of reverse engineering” by Eldad Eilam
If you’re working in a mid-level incident response position, you can be asked to reverse-engineer malicious code. In “Reversing: The Secrets of Reverse Engineering,” Eldad Eilam lays out the steps needed to reverse-engineer third-party libraries, including operating systems, assembly language and computer internals that come into play. You also gain the knowledge required to plug security holes that hackers usually exploit and, if you’re into advanced reverse-engineering, how to decipher assembly language.
In a nutshell, you get the pleasure of reading one of the best cybersecurity books on the topic of reverse engineering.
3. “Practical malware analysis” by Michael Sikorski
With the malware at the root of so many cyber intrusions, malware analysis is a crucial aspect of an incident response plan. “Practical Malware Analysis” teaches you everything from how to create secure virtual environments to how to get the most out of key analysis tools like WinDbg, OllyDbg and IDA Pro. Practical studies throughout the book help you practice and hone your skills as you dissect real samples, and detailed malware dissections offer an insight into the techniques and tools used by the pros.
Whether you’re responsible for securing one network or a hundred, this is one of the best cybersecurity books you could read to thwart and eliminate malware.
4. “Incident response & computer forensics” (3rd edition) by Matthew Pepe, Jason T. Luttgens and Kevin Mandia
“Incident Response & Computer Forensics” takes you through the entire life cycle of incident response, information gathering, data analysis, and practical remediation. With a choice of case studies exploring the processes and mitigation strategies for high-profile intrusions, the reader has a chance to look deeper into incident response. The material has been curated by experienced cybersecurity specialists who know the importance of having a remediation plan.
5. “Silent on the wire” by Michal Zalewski
Fun and simple to comprehend, “Silent on the Wire” covers different passive extraction techniques that adversaries use to collect information that our devices generate without us even being aware of it. The knowledge helps you dissect several privacy and security issues associated with the hardware design and technologies used in modern computing.
By taking an in-depth look at the “silent” side of computer systems, the book enables you to approach intrusion detection from a new, more creative perspective. This information can be applied to evidence analysis, forensics, policy enforcement, honeypots and network monitoring.
6. “Information security policies, procedures, and standards” by Douglas J. Landoll
Having knowledge of information security policies and procedures tells employers that you are proficient in handling intrusion cases effectively. “Information Security Policies, Procedures, and Standards” helps you understand why and how procedures are implemented, highlighting policy development concepts, key terminology and recommended document structures.
Using standards like ISO 27001, COBIT and NIST 800-53, and regulations like PCI DSS and HIPAA as the foundation, the book provides the understanding you need to enforce policies and procedures clearly and intelligently.
7. “The hacker playbook 3: Practical guide to penetration testing” by Peter Kim
In this book, the author focuses on analyzing why things long known to be broken are still broken. Peter makes practitioners wonder if the safeguards they are putting in place are working and if their team has the right tools, people and skill sets to identify and mitigate potential attacks.
“The Hacker Playbook 3: Practical Guide To Penetration Testing” focuses on real-world attacks and campaigns, exposing you to different exploitations, entry points and custom malware. This is so you can accurately test and validate your organization’s security program.
8. “Intelligence-driven incident response” by Scott J. Roberts and Rebekah Brown
One of the best cybersecurity books for incident responders, “Intelligence-Driven Incident Response” teaches you the basics of intelligent analysis and the most effective ways to integrate these techniques into an incident response plan. Besides the fundamentals, it walks you through the IDIR (intelligence-driven incident response) process, as well as enabling you to explore big-picture areas that go beyond individual IR investigations, such as intelligence-driven team building.
Learn Incident Response
Conclusion
To survive and thrive in today’s cyberthreat landscape, businesses look to incident responders to deal with cyber-incidents. The expectation from people working in this profession is tremendous and will continue to grow as organizations aim to protect their critical information infrastructure. In order to do this, you must deepen your knowledge of incident response with the help of various resources, including this selection of cybersecurity books.
Incident Response
Build your skills responding to each phase of an incident, and get a technical deep dive of the tools and techniques used. What you'll learn:- IR phases and stages
- IR tools and techniques
- Conducting memory, network and host forensics
- And more
In this Series
- Top 8 cybersecurity books for incident responders in 2020
- Disaster recovery: What's missing in your cyber emergency response?
- How will zero trust change the incident response process?
- How to build a proactive incident response plan
- Sparrow.ps1: Free Azure/Microsoft 365 incident response tool
- Uncovering and remediating malicious activity: From discovery to incident handling
- DHS Cyber Hunt and Incident Response Teams (HIRT) Act: What you need to know
- When and how to report a breach: Data breach reporting best practices
- Cyber Work Podcast recap: What does a military forensics and incident responder do?
- Digital forensics and incident response: Is it the career for you?
- 2020 NIST ransomware recovery guide: What you need to know
- Network traffic analysis for IR: Data exfiltration
- Network traffic analysis for IR: Basic protocols in networking
- Network traffic analysis for IR: Introduction to networking
- Network Traffic Analysis for IR — Discovering RATs
- Network traffic analysis for IR: Analyzing IoT attacks
- Network traffic analysis for IR: TFTP with Wireshark
- Network traffic analysis for IR: SSH protocol with Wireshark
- Network traffic analysis for IR: Analyzing DDoS attacks
- Wireshark for incident response 101
- Network traffic analysis for IR: UDP with Wireshark
- Network traffic analysis for IR: TCP protocol with Wireshark
- Network Traffic Analysis for Incident Response: Internet Protocol with Wireshark
- ICMP protocol with Wireshark
- Cyber Work with Infosec: How to become an incident responder
- Simple Mail Transfer Protocol (SMTP) with Wireshark
- Internet Relay Chat (IRC) protocol with Wireshark
- Hypertext transfer protocol (HTTP) with Wireshark
- Network traffic analysis for IR: FTP protocol with Wireshark
- Infosec skills - Network traffic analysis for IR: DNS protocol with Wireshark
- Network traffic analysis for IR: Data collection and monitoring
- Network traffic analysis for Incident Response (IR): TLS decryption
- Network traffic analysis for IR: Address resolution protocol (ARP) with Wireshark
- Network traffic analysis for IR: Alternatives to Wireshark
- Network traffic analysis for IR: Statistical analysis
- Network traffic analysis for incident response (IR): What incident responders should know about networking
- Network traffic analysis for IR: Event-based analysis
- Network traffic analysis for IR: Connection analysis
- Network traffic analysis for IR: Data analysis for incident response
- Network traffic analysis for IR: Network mapping for incident response
- Network traffic analysis for IR: Analyzing fileless malware
- Network traffic analysis for IR: Credential capture
- Network traffic analysis for IR: Content deobfuscation
- Traffic analysis for incident response (IR): How to use Wireshark for traffic analysis
- Network traffic analysis for IR: Threat intelligence collection and analysis
- Network traffic analysis for incident response
- Creating your personal incident response plan
- Security Orchestration, Automation and Response (SOAR)
- Top six SIEM use cases
- Expert Tips on Incident Response Planning & Communication
- How to Use AlientVault SIEM for Threat Detection & Incident Response
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, (ISC)², Cisco, Microsoft and more!
Incident response
Disaster recovery: What's missing in your cyber emergency response?
Incident response
Incident response
Incident response
Sparrow.ps1: Free Azure/Microsoft 365 incident response tool