Information Security Analytics by Mark Talabis takes various approaches how to do analytics with a low budget. The author describes ways from managing huge amounts of log files with hadoop and map reduce to text mining based on the R language. So, if you are considering buying a security incident and event management system (SIEM) - read this book first. Why? Because it helps you to find the real questions, you should ask before setting up products like Splunk or Qradar. Thereby the book provides you with easy to understand examples on how to analyse huge amounts of log files and what to look for within these. The author always starts with a very simple step and then extends this into a full blown analysis. As a reader with nearly no coding skills - it is easy to follow. Do not stop with the provided examples, extend them to real world examples and play around with them. These experiments will pay off later, when you are working with a real SIEM solution.

The same holds for the chapter on modeling. Here all the necessary software to follow the examples are provided by the author to download and run as a virtual machine within your environment. This is very helpful. Just in case you are familiar with risk assessments and risk management principles, this books helps you to set up threat simulations and test your current approaches.

The authors dedicated about 60 pages to the topic. This amount has been well chosen: not to short - not to long. And as you see - I’ll keep this review short as well. Go, buy the book read it and experiment with the ideas and code the authors provide.

Cheers!