The Essential 16 Incident Response Books for Professionals

Solutions Review compiles the essential 16 incident response books professionals need to add to their reading lists.

Incident Response matters now more than ever; even with the most comprehensive cybersecurity platforms can’t prevent one hundred percent of all threats. Eventually, something will break through and you must be ready. We’ve listed the top sixteen incident response books professionals should add to their reading lists. These books are intended for beginners and experts alike and are written by authors with proficiency and/or recognition in the field of Incident Response.

Be sure to also consult our SIEM Buyer’s Guide for information on the top solution providers in the field. It’s the perfect resource if you don’t want your organization to suffer from attacks and other digital dangers.

Note: Titles of the incident response books are listed in no particular order.

The Essential 16 Incident Response Books for Professionals

Intelligence-Driven Incident Response: Outwitting the Adversary

By Scott J. Roberts and Rebekah Brown

“Using a well-conceived incident response plan in the aftermath of an online security breach enables your team to identify attackers and learn how they operate. But, only when you approach incident response with a cyber threat intelligence mindset will you truly understand the value of that information. With this practical guide, you’ll learn the fundamentals of intelligence analysis, as well as the best ways to incorporate these techniques into your incident response process. Each method reinforces the other: threat intelligence supports and augments incident response, while incident response generates useful threat intelligence.”

Available here.  

Practical Cyber Intelligence: How action-based intelligence can be an effective response to incidents

By Wilson Bautista Jr.

“Cyber intelligence is the missing link between your cyber defense operation teams, threat intelligence, and IT operations to provide your organization with a full spectrum of defensive capabilities. This book kicks off with the need for cyber intelligence and why it is required in terms of a defensive framework…By the end of this book, you will be able to boot up an intelligence program in your organization based on the operation and tactical/strategic spheres of Cyber defense intelligence.”

Available here. 

The Threat Intelligence Handbook: A Practical Guide for Security Teams to Unlocking the Power of Intelligence

Edited by Chris Pace

“It’s easy to find descriptions of what threat intelligence is. But it’s harder to learn how to use it to truly make your organization safe from cybercriminals. How can threat intelligence strengthen all the teams in a cybersecurity organization? This book answers this question. It reviews the kinds of threat intelligence that are useful to security teams and how each team can use that intelligence to solve problems and address challenges. It discusses how security analysts in the real world use threat intelligence to decide what alerts to investigate (or ignore), what incidents to escalate, and what vulnerabilities to patch.”

Available here. 

The Cyber Intelligence Handbook: An Authoritative Guide for the C-Suite, IT Staff, and Intelligence Team

By David M. Cooney Jr. (Author), Muireann O’Dunlaing (Editor), Mark McGibbon (Foreword)

“Readers will learn:•What cyber intelligence is and how to apply it to deter, detect, and defeat malicious cyber-threat actors targeting your networks and data;•How to characterize threats and threat actors with precision to enable all relevant stakeholders to contribute to desired security outcomes;•A three-step planning approach that allows cyber intelligence customers to define and prioritize their needs;•How to construct a simplified cyber intelligence process that distills decades of national-level intelligence community doctrine into [sets] of clearly defined, mutually supporting actions that will produce repeatable and measurable results from the outset.”

Available here. 

Open Source Intelligence Techniques: Resources for Searching and Analyzing Online Information

By Michael Bazzell

“It is time to look at OSINT in a different way…The new OSINT professional must be self-sustaining and possess their own tools and resources. You will become a more proficient subject matter expert who will be armed with the knowledge and readiness to articulate the sources of your findings. Aside from eleven brand new chapters, hundreds of pages have been updated to keep your OSINT investigative methods fresh. Furthermore, an entire new section featuring Methodology, Workflow, Documentation, and Ethics provides a clear game plan for your next active investigation.”

Available here. 

Blue Team Handbook: SOC, SIEM, and Threat Hunting (V1.02): A Condensed Guide for the Security Operations Team and Threat Hunter

By Don Murdoch

“The book begins with a discussion for professionals to help them build a successful business case and a project plan, decide on SOC tier models, anticipate and answer tough questions you need to consider when proposing a SOC, and considerations in building a logging infrastructure. The book goes through numerous data sources that feed a SOC and SIEM and provides specific real world guidance on how to use those data sources to best possible effect. Most of the examples presented were implemented in one organization or another. These uses cases explain on what to monitor, how to use a SIEM and how to use the data coming into the platform.”

Available here. 

Security Operations Center – SIEM Use Cases and Cyber Threat Intelligence

By Arun E Thomas

“Security analytics can be defined as the process of continuously monitoring and analyzing all the activities in your enterprise network to ensure the minimal number of occurrences of security breaches. Security Analyst is the individual that is qualified to perform the functions necessary to accomplish the security monitoring goals of the organization…This book is a complete practical guide to understanding, planning and building an effective Cyber Threat Intelligence program within an organization.”

Available here. 

The Practice of Network Security Monitoring: Understanding Incident Detection and Response

By Richard Bejtlich

“Network security is not simply about building impenetrable walls—determined attackers will eventually overcome traditional defenses. The most effective computer security strategies integrate network security monitoring (NSM): the collection and analysis of data to help you detect and respond to intrusions…In The Practice of Network Security Monitoring, Mandiant CSO Richard Bejtlich shows you how to use NSM to add a robust layer of protection around your networks—no prior experience required.”

Available here. 

Security Information and Event Management (SIEM) Implementation (Network Pro Library)

By David R. Miller, Shon Harris, Allen Harper, Stephen VanDyke, and Chris Blask

“Effectively manage the security information and events produced by your network with help from this authoritative guide. Written by IT security experts, Security Information and Event Management (SIEM) Implementation shows you how to deploy SIEM technologies to monitor, identify, document, and respond to security threats and reduce false-positive alerts. The book explains how to implement SIEM products from different vendors, and discusses the strengths, weaknesses, and advanced tuning of these systems. You’ll also learn how to use SIEM capabilities for business intelligence.”

Available here. 

Crafting the InfoSec Playbook: Security Monitoring and Incident Response Master Plan

By Jeff Bollinger, Brandon Enright, and Matthew Valites

“Any good attacker will tell you that expensive security monitoring and prevention tools aren’t enough to keep you secure. This practical book demonstrates a data-centric approach to distilling complex security monitoring, incident response, and threat analysis ideas into their most basic elements. You’ll learn how to develop your own threat intelligence and incident detection strategy, rather than depend on security tools alone. Written by members of Cisco’s Computer Security Incident Response Team, this book shows IT and information security professionals how to create an InfoSec playbook by developing strategy, technique, and architecture.”

Available here. 

Principles of Information Security

By Michael E. Whitman and Herbert J. Mattord

“You receive a broad overview of the entire field of information security and related elements with the detail to ensure understanding. You review terms used in the field and a history of the discipline as you learn how to manage an information security program. Current and relevant, this edition highlights the latest practices with fresh examples that explore the impact of emerging technologies, such as the Internet of Things, Cloud Computing, and DevOps. Updates address technical security controls, emerging legislative issues, digital forensics, and ethical issues in IS security, making this the ideal IS resource for business decision makers.”

Available here. 

Elementary Information Security

By Richard E. Smith

“If we want a solid understanding of security technology, we must look closely at the underlying strengths a of information technology itself. An ideal text for introductory information security courses, the Third Edition of Elementary Information Security provides a comprehensive yet easy-to-understand introduction to the complex world of cybersecurity and technology. Thoroughly updated with recently reported cybersecurity incidents, this essential text enables students to gain direct experience by analyzing security problems and practicing simulated security activities.”

Available here. 

Fundamentals of Information Systems Security

By David Kim and Michael G. Solomon

“The text opens with a discussion of the new risks, threats, and vulnerabilities associated with the transition to a digital world. Part 2 presents a high level overview of the Security+ Exam and provides students with information as they move toward this certification. The book closes with information on information security standards, education, professional certifications, and compliance laws. With its practical, conversational writing style and step-by-step examples, this text is a must-have resource for those entering the world of information systems security.”

Available here. 

Foundations of Information Security: A Straightforward Introduction

By Jason Andress

“In this high-level survey of the information security field, best-selling author Jason Andress covers the basics of a wide variety of topics, from authentication and authorization to maintaining confidentiality and performing penetration testing. Using real-world security breaches as examples, Foundations of Information Security explores common applications of these concepts, such as operations security, network design, hardening and patching operating systems, securing mobile devices, as well as tools for assessing the security of hosts and applications.”

Available here. 

Information Security: Principles and Practice

By Mark Stamp

“Information security is a rapidly evolving field. As businesses and consumers become increasingly dependent on complex multinational information systems, it is more imperative than ever to protect the confidentiality and integrity of data. Featuring a wide array of new information on the most current security issues, this fully updated and revised edition of Information Security: Principles and Practice provides the skills and knowledge readers need to tackle any information security challenge...This Second Edition features new discussions of relevant security topics such as the SSH and WEP protocols, practical RSA timing attacks, botnets, and security certification.” 

Available here. 

Management of Information Security

By Michael E. Whitman and Herbert J. Mattord

“The text focuses on key executive and managerial aspects of information security. It also integrates coverage of CISSP and CISM throughout to effectively prepare you for certification. Reflecting the most recent developments in the field, it includes the latest information on NIST, ISO and security governance as well as emerging concerns like Ransomware, Cloud Computing and the Internet of Things.”

Available here. 

Thanks for checking out our list of top sixteen incident response books for professionals. Be sure to also check out our SIEM Buyer’s Guide.

Ben Canner

Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.

Latest posts by Ben Canner (see all)

Comments are closed.