当前位置:首页 > 报告详情

剧本强化.pdf

上传人: 可*** 编号:991832 2025-12-07 35页 605.59KB

1、July 24,2025Jessica GormanCybersecurity Risk Management Program,Georgetown UniversitySr Director of Security Operations and Incident Response,ExperianPlaybook Powerup:Applying Modular Design to Maintain IR Playbooks at ScaleGoal:Empower you to streamline incident response playbook management through

2、 real-world application of modular design conceptsAgendaBackgroundChallengesModular DesignApplicationBenefits&Wrap UpToday:-Background of IR Playbooks-Challenges in Updating/Change Management-Modular Design in Playbooks-Application and Examples-Benefits-Wrap UpIncident response playbooks are a corne

3、rstone of a robust programPlaybooks define processes for appropriate response based on a specific threat scenario2 In use by 70%of security professionals1 Depicted as text-based narratives or process flow diagrams2 Security Orchestration,Automation,and Response(SOAR)technology Organizations may main

4、tain dozens,even 100+BackgroundChallengesModular DesignApplicationBenefits&Wrap UpUp-to-date playbooks promote effective incident response effortsUp-to-date playbooks can:Help meet compliance/regulatory requirements3 Decrease attacker dwell time,limiting potential financial costs4,5,6 Guide less-exp

5、erienced analysts7BackgroundChallengesModular DesignApplicationBenefits&Wrap UpHowever,maintaining updated playbooks is challenging for organizations52%of security professionals say IR playbooks are rarely updated and/or not updated“frequently enough to capture and incorporate best practices”1Backgr

6、oundChallengesModular DesignApplicationBenefits&Wrap UpHowever,maintaining updated playbooks is challenging for organizations52%of security professionals say IR playbooks are rarely updated and/or not updated“frequently enough to capture and incorporate best practices”1Resource constraints on securi

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
根据《》标记中的内容,全文主要内容概括如下: 1. **IR Playbooks的重要性**:IR(事件响应)手册是网络安全的关键,被70%的安全专业人士使用,用于定义针对特定威胁场景的响应流程。 2. **挑战**:维护更新手册具有挑战性,52%的安全专业人士表示IR手册很少更新或更新不够频繁。 3. **资源限制**:安全团队因攻击面扩大、安全数据量增加和威胁环境演变而面临资源限制。 4. **手动更新**:单个手册更改可能需要长时间的手动实施,导致效率低下。 5. **SOAR技术**:SOAR技术提供集成、数据丰富、自动化工作流和数字化手册的潜在效率。 6. **模块化设计**:通过模块化设计,可以将流程分解为可互换的模块,实现“一次构建,到处复用”。 7. **模块化手册设计框架**:该框架提供了一步一步的过程,将手册转换为模块化结构,提高维护和更新效率。 8. **时间节省**:模块化方法可以减少更新时间,例如,在模块化版本中实施更改的时间减少了56%。 9. **效益**:模块化手册设计框架有助于提高操作效率,减少攻击者停留时间,并处理更多检测。
"模块化设计,IR Playbook升级利器?" "一次更新,全局优化?揭秘IR Playbook新策略!" "从繁琐到高效,IR Playbook如何实现模块化?
客服
商务合作
小程序
服务号
折叠