The Practitioner Series is intended for the CISO, their direct staff, and all practitioners of cybersecurity in the firm who need to understand critical processes at an in-depth level. For these books, we’re working with industry experts to augment our expertise on any given topic. As with the Foundation Series, Volumes 1 and 2, we are employing the use of different perspectives within each topic. How the decision maker, manager, and engineer approach a given topic depends greatly on what they want to accomplish.

Cyber Crisis Response introduces the SONAR Method, a proven, proprietary framework for responding to and managing a range of cyber incidents, from singular events to the most complex cyber breaches and crises. Crisis response is a complex undertaking that requires the coordination of multiple, often conflicting, activities. No playbook replaces experience and critical thinking.

Written by experts who have lived in the trenches of response, this book describes many of the common pitfalls and their battle-tested solutions. There is no better way to learn than to do it yourself but understanding the lessons others have learned is essential to help you prepare.

As a CISO and a leader, you are responsible for the security of your organization’s software. This book will provide best practices for implementing a Secure Development Lifecycle (SDL) in your organization. This allows you and your organization to create secure software while maximizing business value.

Our book ‘A Comprehensive Guide to Application Security for CISOs offers a unique and holistic approach that allows you to cost-effectively integrate a state-of-the-art SDL into the organization’s security program and product life cycle.

We have certainly entered the era of the celebrity breach. Rather than dwell on the technical capabilities of the bad actors or the technical shortcomings of the victims, in this book we’re going to focus on the key lessons we can learn. It is so important that everyone understands how their role contributes to the overall security of the venture, so we’ll look at the controls we should have in place, the best practices we should implement, the monitoring that would detect our vulnerabilities, and the audit tasks we should perform to create a healthier program. Board members are asking “Could this happen to us?” and we need to examine what went wrong before we can answer that question.

This book can be used to strengthen your team and educate executives who wish to have a deeper understanding of incident response preparation and incident postmortem investigations. It can also be used by educators as material for class assignments, including group projects.