The Essential 16 Incident Response Books for Professionals

Solutions Review compiles the essential 16 incident response books professionals need to add to their reading lists.

Incident Response matters now more than ever; even with the most comprehensive cybersecurity platforms can’t prevent one hundred percent of all threats. Eventually, something will break through and you must be ready. We’ve listed the top sixteen incident response books professionals should add to their reading lists. These books are intended for beginners and experts alike and are written by authors with proficiency and/or recognition in the field of Incident Response.

Be sure to also consult our SIEM Buyer’s Guide for information on the top solution providers in the field. It’s the perfect resource if you don’t want your organization to suffer from attacks and other digital dangers.

Note: Titles of the incident response books are listed in no particular order.

The Essential 16 Incident Response Books for Professionals

Intelligence-Driven Incident Response: Outwitting the Adversary

Our Take: Scott J Roberts is an incident handler, intelligence analyst, writer, and developer who protects companies from computer network espionage and attack. He and Rebekah Brown are more than capable of providing insights into incident response. 

Cybersecurity Intelligence Books “Using a well-conceived incident response plan in the aftermath of an online security breach enables your team to identify attackers and learn how they operate. But, only when you approach incident response with a cyber threat intelligence mindset will you truly understand the value of that information. With this practical guide, you’ll learn the fundamentals of intelligence analysis, as well as the best ways to incorporate these techniques into your incident response process. Each method reinforces the other: threat intelligence supports and augments incident response, while incident response generates useful threat intelligence.”

Go to this book

Practical Cyber Intelligence: How action-based intelligence can be an effective response to incidents

Our Take: Wilson Bautista is a retired military officer who is currently the founder and CEO of the consulting firm Jün Cyber and the Executive Director of the Cyber Ohana Project. 

“Cyber intelligence is the missing link between your cyber defense operation teams, threat intelligence, and IT operations to provide your organization with a full spectrum of defensive capabilities. This book kicks off with the need for cyber intelligence and why it is required in terms of a defensive framework…By the end of this book, you will be able to boot up an intelligence program in your organization based on the operation and tactical/strategic spheres of Cyber defense intelligence.”

 

Go to this book

The Threat Intelligence Handbook: A Practical Guide for Security Teams to Unlocking the Power of Intelligence

Our Take: Highly praised for its directness in describing cybersecurity and cyber threat intelligence, this text provides a great jumping-off point for IT professionals. 

Cybersecurity Intelligence Books “It’s easy to find descriptions of what threat intelligence is. But it’s harder to learn how to use it to truly make your organization safe from cybercriminals. How can threat intelligence strengthen all the teams in a cybersecurity organization? This book answers this question. It reviews the kinds of threat intelligence that are useful to security teams and how each team can use that intelligence to solve problems and address challenges. It discusses how security analysts in the real world use threat intelligence to decide what alerts to investigate (or ignore), what incidents to escalate, and what vulnerabilities to patch.”

 

Go to this book

The Cyber Intelligence Handbook: An Authoritative Guide for the C-Suite, IT Staff, and Intelligence Team

Our Take: A more in-depth look at cyber-threat intelligence at the enterprise level, with a special focus on how to distill information and trends into actionable insights. 

“Readers will learn:•What cyber intelligence is and how to apply it to deter, detect, and defeat malicious cyber-threat actors targeting your networks and data;•How to characterize threats and threat actors with precision to enable all relevant stakeholders to contribute to desired security outcomes;•A three-step planning approach that allows cyber intelligence customers to define and prioritize their needs;•How to construct a simplified cyber intelligence process that distills decades of national-level intelligence community doctrine into [sets] of clearly defined, mutually supporting actions that will produce repeatable and measurable results from the outset.”

 

Go to this book

Open Source Intelligence Techniques: Resources for Searching and Analyzing Online Information

Our Take: Michael Bazzell investigated computer crimes on behalf of the government for over 20 years. His expertise shines through in this critical cybersecurity text. 

incident response books“It is time to look at OSINT in a different way…The new OSINT professional must be self-sustaining and possess their own tools and resources. You will become a more proficient subject matter expert who will be armed with the knowledge and readiness to articulate the sources of your findings. Aside from eleven brand new chapters, hundreds of pages have been updated to keep your OSINT investigative methods fresh. Furthermore, an entire new section featuring Methodology, Workflow, Documentation, and Ethics provides a clear game plan for your next active investigation.”

Go to this book

Blue Team Handbook: SOC, SIEM, and Threat Hunting (V1.02): A Condensed Guide for the Security Operations Team and Threat Hunter

Our Take: Customers cite this as an essential read for Security Operations Center team members and as a comprehensive resource. 

The book begins with a discussion for professionals to help them build a successful business case and a project plan, decide on SOC tier models, anticipate and answer tough questions you need to consider when proposing a SOC, and considerations in building a logging infrastructure. The book goes through numerous data sources that feed a SOC and SIEM and provides specific real world guidance on how to use those data sources to best possible effect. Most of the examples presented were implemented in one organization or another. These uses cases explain on what to monitor, how to use a SIEM and how to use the data coming into the platform.”

Go to this book

Security Operations Center – SIEM Use Cases and Cyber Threat Intelligence

Our Take: Arun Thomas is a prolific writer in the fields of cyber threat intelligence and security operations center use cases. 

incident response booksSecurity analytics can be defined as the process of continuously monitoring and analyzing all the activities in your enterprise network to ensure the minimal number of occurrences of security breaches. Security Analyst is the individual that is qualified to perform the functions necessary to accomplish the security monitoring goals of the organization…This book is a complete practical guide to understanding, planning and building an effective Cyber Threat Intelligence program within an organization.”

 

Go to this book

The Practice of Network Security Monitoring: Understanding Incident Detection and Response

Our Take: Richard Bejtlich is a Strategist and the Author in Residence at Corelight. He was previously Chief Security Strategist at FireEye. An expert if ever there was one. 

Network security is not simply about building impenetrable walls—determined attackers will eventually overcome traditional defenses. The most effective computer security strategies integrate network security monitoring (NSM): the collection and analysis of data to help you detect and respond to intrusions…In The Practice of Network Security Monitoring, Mandiant CSO Richard Bejtlich shows you how to use NSM to add a robust layer of protection around your networks—no prior experience required.

 

Go to this book

Security Information and Event Management (SIEM) Implementation (Network Pro Library)

Our Take: Written by a veritable team of cybersecurity professionals and experts, this book is useful in working with and alongside an SIEM solution. 

Effectively manage the security information and events produced by your network with help from this authoritative guide. Written by IT security experts, Security Information and Event Management (SIEM) Implementation shows you how to deploy SIEM technologies to monitor, identify, document, and respond to security threats and reduce false-positive alerts. The book explains how to implement SIEM products from different vendors, and discusses the strengths, weaknesses, and advanced tuning of these systems. You’ll also learn how to use SIEM capabilities for business intelligence.”

Go to this book

Crafting the InfoSec Playbook: Security Monitoring and Incident Response Master Plan

Our Take: Jeff Bollinger currently works as an information security investigator for Cisco Systems. Alongside other members of the Cisco Incident Response Team, it details what to do should the worst happen. 

Any good attacker will tell you that expensive security monitoring and prevention tools aren’t enough to keep you secure. This practical book demonstrates a data-centric approach to distilling complex security monitoring, incident response, and threat analysis ideas into their most basic elements. You’ll learn how to develop your own threat intelligence and incident detection strategy, rather than depend on security tools alone. Written by members of Cisco’s Computer Security Incident Response Team, this book shows IT and information security professionals how to create an InfoSec playbook by developing strategy, technique, and architecture.

Go to this book

Principles of Information Security

Our  Take: Hebert Mattord currently teaches undergraduate courses in Information Security and Assurance and Information Systems. Michael E. Whitman is the executive director of the Institute for Cybersecurity Workforce Development and a professor of information security at Kennesaw State University.

incident response booksYou receive a broad overview of the entire field of information security and related elements with the detail to ensure understanding. You review terms used in the field and a history of the discipline as you learn how to manage an information security program. Current and relevant, this edition highlights the latest practices with fresh examples that explore the impact of emerging technologies, such as the Internet of Things, Cloud Computing, and DevOps. Updates address technical security controls, emerging legislative issues, digital forensics, and ethical issues in IS security, making this the ideal IS resource for business decision makers.”

Go to this book

Elementary Information Security

Our Take: Rick Smith teaches occasionally for the MSSE program at the University of Minnesota, which also offers his Cloud Security specialization on Coursera.

incident response booksIf we want a solid understanding of security technology, we must look closely at the underlying strengths of information technology itself. An ideal text for introductory information security courses, the Third Edition of Elementary Information Security provides a comprehensive yet easy-to-understand introduction to the complex world of cybersecurity and technology. Thoroughly updated with recently reported cybersecurity incidents, this essential text enables students to gain direct experience by analyzing security problems and practicing simulated security activities.

Go to this book

Fundamentals of Information Systems Security

Our Take: David Kim is the President & Principal Consultant at Security Evolutions, Inc. The work explores the foundations of cybersecurity. 

The text opens with a discussion of the new risks, threats, and vulnerabilities associated with the transition to a digital world. Part 2 presents a high level overview of the Security+ Exam and provides students with information as they move toward this certification. The book closes with information on information security standards, education, professional certifications, and compliance laws. With its practical, conversational writing style and step-by-step examples, this text is a must-have resource for those entering the world of information systems security.

Go to this book

Foundations of Information Security: A Straightforward Introduction

Our Take: Dr. Jason Andress is a seasoned security professional, security researcher, and technophile. He explores critical concepts at a high level using unique real-world examples. 

incident response booksIn this high-level survey of the information security field, best-selling author Jason Andress covers the basics of a wide variety of topics, from authentication and authorization to maintaining confidentiality and performing penetration testing. Using real-world security breaches as examples, Foundations of Information Security explores common applications of these concepts, such as operations security, network design, hardening and patching operating systems, securing mobile devices, as well as tools for assessing the security of hosts and applications.

Go to this book

Information Security: Principles and Practice

Our Take: Mark Stamp is Professor of Computer Science at San José State University. This is a premier text for students and instructors in information technology, computer science, and engineering. 

Information security is a rapidly evolving field. As businesses and consumers become increasingly dependent on complex multinational information systems, it is more imperative than ever to protect the confidentiality and integrity of data. Featuring a wide array of new information on the most current security issues, this fully updated and revised edition of Information Security: Principles and Practice provides the skills and knowledge readers need to tackle any information security challenge...This Second Edition features new discussions of relevant security topics such as the SSH and WEP protocols, practical RSA timing attacks, botnets, and security certification.” 

Go to this book

Management of Information Security

Our  Take: Hebert Mattord currently teaches undergraduate courses in Information Security and Assurance and Information Systems. Michael E. Whitman is the executive director of the Institute for Cybersecurity Workforce Development and a professor of information security at Kennesaw State University.

incident response booksThe text focuses on key executive and managerial aspects of information security. It also integrates coverage of CISSP and CISM throughout to effectively prepare you for certification. Reflecting the most recent developments in the field, it includes the latest information on NIST, ISO and security governance as well as emerging concerns like Ransomware, Cloud Computing and the Internet of Things.

 

Go to this book

Thanks for checking out our list of top sixteen incident response books for professionals. Be sure to also check out our SIEM Buyer’s Guide.

Solutions Review participates in affiliate programs. We may make a small commission from products  purchased through this resource.
Ben Canner