In this rapidly changing age of AI technology adoption, it is even more critical to understand how to secure IT systems. This course is designed to teach you fundamental cyber security concepts to kick-start your security learning. It is vendor agnostic and is divided into small lessons that should take around 30-60 mins to complete. Each lesson has a small quiz and links to further reading if you want to dive into the topic a bit more.
What this course covers 📚
- 🔐 Basic cyber security concepts such as the CIA triad, the differences between risks, threats, etc,
- 🛡️ Understanding what a security control is and what forms they take.
- 🌐 Understanding what zero trust is and why this is important in modern cyber security.
- 🔑 Understanding key concepts and themes across identity, networking, security operations, infrastructure and data security.
- 🔧 Giving some examples of tools used to implement security controls.
What this course does not cover 🙅♂️
- 🚫 How to use specific security tools.
- 🚫 How to "hack" or do red teaming/offensive security.
- 🚫 Learning about specific compliance standards.
When you have finished this course, you can move onto some of our Microsoft Learn modules. We recommend you continue your learning with Microsoft Security, Compliance, and Identity Fundamentals.
Ultimately, you could consider taking the Exam SC-900: Microsoft Security, Compliance, and Identity Fundamentals exam.
💁 If you have any feedback or suggestions on this course and any content we're missing, we'd love to hear from you!
| Module number | Module name | Concepts taught | Learning objectives |
|---|---|---|---|
| 1.1 | Basic security concepts | The CIA triad | Learn about confidentiality, availability and integrity. Also authenticity and also nonrepudiation and privacy. |
| 1.2 | Basic security concepts | Common cyber security threats | Learn about the common cyber security threats facing individuals and organizations. |
| 1.3 | Basic security concepts | Understanding risk management | Learn about assessing and understanding risk – impact/likelihood and implementing controls. |
| 1.4 | Basic security concepts | Security practices and documentation | Learn about the difference between policies, procedures, standards and regulations/laws. |
| 1.5 | Basic security concepts | The shared responsibility model | What is the shared responsibility model and how does it affect cyber security? |
| 1.6 | Basic security concepts | Zero trust | Learn about what is zero trust and how does it affect architecture? What is defense in depth? |
| 1.7 | End of module quiz | ||
| 2.1 | Identity & access management fundamentals | IAM key concepts | Learn about the principle of least privilege, segregation of duties, how IAM supports zero trust. |
| 2.1 | Identity & access management fundamentals | IAM zero trust architecture | Learn about how identity is the new perimeter for modern IT environments and the threats it mitigates. |
| 2.3 | Identity & access management fundamentals | IAM capabilities | Learn about IAM capabilities and controls to secure identities |
| 2.4 | End of module quiz | ||
| 3.1 | Network security fundamentals | Networking key concepts | Learn about networking concepts (IP addressing, port numbers, encryption, etc.) |
| 3.2 | Network security fundamentals | Networking zero trust architecture | Learn about how networking contributes to an E2E ZT architecture and the threats it mitigates. |
| 3.3 | Network security fundamentals | Network security capabilities | Learn about network security tooling – firewalls, WAF, DDoS protection, etc. |
| 3.4 | End of module quiz | ||
| 4.1 | Security operations fundamentals | SecOps key concepts | Learn about why security operations are important and how it differs from normal IT ops teams. |
| 4.2 | Security operations fundamentals | SecOps zero trust architecture | Learn about how SecOps contributes to an E2E ZT architecture and the threats it mitigates. |
| 4.3 | Security operations fundamentals | SecOps capabilities | Learn about SecOps tooling – SIEM, XDR, etc. |
| 4.4 | End of module quiz | ||
| 5.1 | Application security fundamentals | AppSec key concepts | Learn about AppSec concepts such as secure by design, input validation, etc. |
| 5.2 | Application security fundamentals | AppSec capabilities | Learn about AppSec tooling: pipeline security tools, code scanning, secret scanning, etc. |
| 5.3 | End of module quiz | ||
| 6.1 | Infrastructure security fundamentals | Infrastructure security key concepts | Learn about hardening systems, patching, security hygiene, container security. |
| 6.2 | Infrastructure security fundamentals | Infrastructure security capabilities | Learn about tooling that can assist with infrastructure security e.g. CSPM, container security, etc. |
| 6.3 | End of module quiz | ||
| 7.1 | Data security fundamentals | Data security key concepts | Learn about data classification and retention and why this is important to an organization. |
| 7.2 | Data security fundamentals | Data security capabilities | Learn about data security tooling – DLP, inside risk management, data governance, etc. |
| 7.3 | End of module quiz | ||
| 8.1 | AI security fundamentals | AI security key concepts | Learn about confidentiality, availability and integrity. Also authenticity and also nonrepudiation and privacy. |
| 8.2 | AI security fundamentals | AI security capabilities | Learn about AI security tooling and the controls that can be used to secure AI. |
| 8.3 | AI security fundamentals | Responsible AI | Learn about what responsible AI is and AI specific harms that security professionals need to be aware of. |
| 8.4 | End of module quiz |
Our team produces other courses! Check out:
![@microsoft-github-operations[bot]](https://avatars.githubusercontent.com/in/41902?s=64&v=4){kind=small}