SOC Analyst Fundamentals bibliography

Standards-body + government · 8

1. MITRE Corporation (2024). MITRE ATT&CK Enterprise Matrix (v15). MITRE Corporation. https://attack.mitre.org/matrices/enterprise/
2. MITRE Corporation (2024). T1059.001 Command and Scripting Interpreter: PowerShell. MITRE ATT&CK Enterprise Matrix. https://attack.mitre.org/techniques/T1059/001/
3. Crowley, C., & Pescatore, J. (2023). SANS 2023 SOC Survey: Architecting and Operating SOCs During Asymmetric Times. SANS Institute. https://www.sans.org/white-papers/sans-2023-soc-survey/
4. Crowley, C., & Pescatore, J. (2023). SANS 2023 SOC Survey. SANS Institute. https://www.sans.org/white-papers/sans-2023-soc-survey/Cited in 2 modules
5. Kral, P. (2011). Incident Handler's Handbook. SANS Institute. https://www.sans.org/white-papers/33901/
6. Lee, R. M., Lee, R. M., & Bianco, D. (2017). Generating Hypotheses for Successful Threat Hunting. SANS Institute Reading Room. https://www.sans.org/white-papers/37172/
7. Strom, B. E., Applebaum, A., Miller, D. P., Nickels, K. C., Pennington, A. G., & Thomas, C. B. (2018). MITRE ATT&CK: Design and Philosophy. MITRE Corporation, Technical Report MP180360. https://attack.mitre.org/docs/ATTACK_Design_and_Philosophy_March_2020.pdf
8. Zimmerman, C. (2014). Ten Strategies of a top-tier Cybersecurity Operations Center. MITRE Corporation. https://www.mitre.org/sites/default/files/publications/pr-13-1028-mitre-10-strategies-cyber-ops-center.pdf

Books + monographs · 1

1. Heuer, R. J., Jr., & Pherson, R. H. (2014). Structured Analytic Techniques for Intelligence Analysis (2nd ed.). CQ Press, Washington DC.

Other primary sources · 17

1. Cybersecurity and Infrastructure Security Agency (CISA) (2024). Identifying and Mitigating Living off the Land Techniques. Joint Cybersecurity Advisory AA24-038A (CISA, NSA, FBI, ACSC, CCCS, NCSC-NZ, NCSC-UK). https://www.cisa.gov/sites/default/files/2024-02/Joint-Guidance-Identifying-and-Mitigating-LOTL_V3508c.pdf
2. Cichonski, P., Millar, T., Grance, T., & Scarfone, K. (2012). Computer Security Incident Handling Guide (NIST Special Publication 800-61 Revision 2). National Institute of Standards and Technology. doi:10.6028/NIST.SP.800-61r2
3. Cichonski, P., Millar, T., Grance, T., & Scarfone, K. (2012). Computer Security Incident Handling Guide (NIST SP 800-61 Rev. 2). National Institute of Standards and Technology. doi:10.6028/NIST.SP.800-61r2
4. Cichonski, P., Millar, T., Grance, T., & Scarfone, K. (2012). Computer Security Incident Handling Guide (NIST SP 800-61 Rev. 2), §3.3 Containment, Eradication, and Recovery. National Institute of Standards and Technology. doi:10.6028/NIST.SP.800-61r2
5. Microsoft Corporation (2024). PowerShell Logging and Auditing. Microsoft Learn Documentation. https://learn.microsoft.com/en-us/powershell/scripting/windows-powershell/wmf/whats-new/script-logging
6. Cvach, M. (2012). Monitor Alarm Fatigue: An Integrative Review. Biomedical Instrumentation & Technology, 46(4), 268-277. doi:10.2345/0899-8205-46.4.268
7. Heuer, R. J., Jr. (1999). Psychology of Intelligence Analysis. Center for the Study of Intelligence, Central Intelligence Agency. https://www.cia.gov/static/9a5f1162fd0932c29bfed1c030edf4ae/Pyschology-of-Intelligence-Analysis.pdf
8. Hutchins, E. M., Cloppert, M. J., & Amin, R. M. (2011). Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains. Proceedings of the 6th Annual International Conference on Information Warfare and Security. https://www.lockheedmartin.com/content/dam/lockheed-martin/rms/documents/cyber/LM-White-Paper-Intel-Driven-Defense.pdf
9. Joint Task Force Transformation Initiative (2020). Security and Privacy Controls for Information Systems and Organizations (NIST SP 800-53 Rev. 5), AU family (Audit and Accountability). National Institute of Standards and Technology. doi:10.6028/NIST.SP.800-53r5
10. ISC2 (2024). Cybersecurity Workforce Study 2024. International Information System Security Certification Consortium. https://www.isc2.org/researchCited in 2 modules
11. ISC2 (2024). Cybersecurity Workforce Study 2024: Career Pathways and Compensation. International Information System Security Certification Consortium. https://www.isc2.org/research
12. Kent, K., & Souppaya, M. (2006). Guide to Computer Security Log Management (NIST Special Publication 800-92). National Institute of Standards and Technology. doi:10.6028/NIST.SP.800-92
13. Roth, F., & SigmaHQ contributors (2024). Sigma: Generic Signature Format for SIEM Systems. SigmaHQ project (github.com/SigmaHQ/sigma). https://github.com/SigmaHQ/sigma
14. U.S. Bureau of Labor Statistics (2024). Occupational Employment and Wage Statistics, May 2024: Information Security Analysts (15-1212). U.S. Department of Labor. https://www.bls.gov/oes/current/oes151212.htm
15. U.S. Bureau of Labor Statistics (2024). Occupational Outlook Handbook: Information Security Analysts. U.S. Department of Labor. https://www.bls.gov/ooh/computer-and-information-technology/information-security-analysts.htm
16. U.S. Bureau of Labor Statistics (2024). Occupational Employment and Wage Statistics, May 2024: 15-1212 Information Security Analysts (Metropolitan and Nonmetropolitan Area Estimates). U.S. Department of Labor. https://www.bls.gov/oes/current/oes151212.htm
17. Wickens, C. D., Hooey, B. L., Gore, B. F., Sebok, A., & Koenicke, C. S. (2009). Identifying Black Swans in NextGen: Predicting Human Performance in Off-Nominal Conditions. Human Factors, 51(5), 638-651. doi:10.1177/0018720809349709