By Kunal Sehgal & Nikolaos Thymianis – packt press.
Preface
Setting up a cyber blue team may seem like a daunting task. There are a lot of considerations to keep in mind, and the list of products and services on the market is endless. It is easy to get lost in a sea of jargon and lose sight of what is absolutely needed for an organization. This book is meant for professionals looking to get started on building such a capability. The primary intention of this book is to guide you along each step of the journey, explaining what any organization should consider, and how to design a comprehensive defense capability.
Disclaimer
The opinions expressed in this publication are those of the authors alone. They do not purport to reflect the opinions or views of our employers, if any, or of any third parties. Any designations used, any views expressed, the presentation of materials, and the use of references in this publication do not constitute and do not imply the expression of any opinion whatsoever by, or any involvement of, any employer legal entity that either of the writers may have. Our employers, if any, make no representation and assume no liability whatsoever for the accuracy of the information contained in this publication and for the views expressed by the undersigned authors of the present publication.
Who this book is for
This book is meant for anyone looking to embark on the journey of setting up a cyber defense team (AKA a blue team) for their organization. It is business agnostic, and hence professionals from all fields will find it equally useful. The primary goal of the book is to explain all the aspects of setting up such a capability and to ensure there is comprehensive coverage and no blind spots. This involves understanding not just the organization’s needs and risk appetite, but also looking into the applicable laws and regulations, before designing the relevant controls. This will ensure the organization gets the most value from its investments, and that the designed defense capabilities are fit for purpose.
The book is designed to keep senior executives in mind. Hence, Chief Information Security Officers (CISO), Chief Information Officers (CIOs), board members, and other C-level executives will benefit from the strategies and concepts introduced in this book. However, even junior professionals in the information security domain will find value in collecting their thoughts to design a plan that could be presented to the senior executives at their respective organizations.
What this book covers
Chapter 1, Establishing a Defense Program, provides a general description of what a blue team is and
what its role is in the business. Moreover, it contains a historic review of how blue teams came to be.
It also discusses the difference between red teams and blue teams.
Chapter 2, Managing a Defense Security Team, explains the role this team should play in an organization,
and also what processes to build up and what responsibilities to give to such a team. Moreover, the
chapter discusses how this team would work with the other departments in an organization.
Chapter 3, Risk Assessment, explores risk assessments, how a blue team should go about conducting
one, and how to calculate risk for their organization.
Chapter 4, Blue Team Operations, explores the blue team operations that should be considered by an
organization when they consider setting up cyber defence capabilities, including what key focus areas
to look into and how to avoid any blind spots.
Chapter 5, Threats, explores how a blue team should go about identifying the major threats to their
organization, that is, how to classify, assess, and prioritize risks.
Chapter 6, Governance, Compliance, Regulations, and Best Practices, explains what governance is, how
to do it correctly, and how to provide visibility to all the stakeholders in the organization. You will
also learn why it is important to be aware of any external requirements, to ensure they are based at
the right level, and lastly, what to expect from major regulations (such as GDPR).
Chapter 7, Preventive Controls, covers the various controls that a defense team should consider. The
chapter is structured as per the NIST framework, which will be touched upon briefly. The intention
is to help you understand the full spectrum of controls to consider.
Chapter 8, Detective Controls, goes through why detective controls are needed and how to augment
preventive controls. Moreover, the chapter reviews how such controls work in a typical organization,
and what processes are needed in tandem with the technology to ensure an adequate level of security.
Chapter 9, Cyber Threat Intelligence, delves into threat intelligence, its foundation, and how it is an
important tool in the arsenal of a blue team. Secondly, the chapter explains how a blue team can keep
itself updated on the latest threats and methods.
Chapter 10, Incident Response and Recovery, explains how to make incident response plans, how to
test those plans, and what to do about cyber-insurance. The chapter also covers the NIST: Respond,
Recover methodology and explains it thoroughly with examples from incident response teams.
Chapter 11, Prioritizing and Implementing a Blue Team Strategy, summarizes everything we have learned
in this book, and how to prioritize various steps to suit your organization. This chapter also refers
to emerging technologies and methodologies that are becoming commonplace in the information
security industry.
Preface xv
Chapter 12, Expert Insights, introduces industry experts who will share their views on the book. They
will share from their own experience how they went about establishing their own blue-team processes
and what tools or frameworks helped them along the way.
