Fix issue:microsoft#2

1.1 The CIA triad and other key concepts.md

@@ -6,14 +6,11 @@
 
 In this lesson, we’ll cover:
 
- - What is cybersecurity?
-
-
- - What is the cybersecurity CIA triad?
+- What is cybersecurity?
 
-   
+* What is the cybersecurity CIA triad?
 
- - What are authenticity, nonrepudiation and privacy in the context of cybersecurity?
+- What are authenticity, nonrepudiation and privacy in the context of cybersecurity?
 
 ## What is cybersecurity?
 
@@ -47,9 +44,8 @@ These are additional important concepts that relate to ensuring the security and
 
 **Nonrepudiation** - is the concept of ensuring that a party cannot deny their involvement or the authenticity of a transaction or communication. It prevents someone from claiming they didn't send a message or perform a particular action when there is evidence to the contrary.
 
-**Privacy** - refers to the protection of sensitive and personally identifiable information from unauthorized access, use, disclosure, or manipulation. It involves controlling who has access to personal data and how that data is collected, stored, and shared. 
-
+**Privacy** - refers to the protection of sensitive and personally identifiable information from unauthorized access, use, disclosure, or manipulation. It involves controlling who has access to personal data and how that data is collected, stored, and shared.
 
 ## Additional reading
 
-[What Is Information Security (InfoSec)? | Microsoft Security](https://www.microsoft.com/security/business/security-101/what-is-information-security-infosec#:~:text=Three%20pillars%20of%20information%20security%3A%20the%20CIA%20triad,as%20guiding%20principles%20for%20implementing%20an%20InfoSec%20plan.)
+<a href="https://www.microsoft.com/security/business/security-101/what-is-information-security-infosec#:~:text=Three%20pillars%20of%20information%20security%3A%20the%20CIA%20triad,as%20guiding%20principles%20for%20implementing%20an%20InfoSec%20plan." target="_blank">What Is Information Security (InfoSec)? | Microsoft Security</a>

1.2 Common cybersecurity threats.md

@@ -2,30 +2,19 @@
 
 [![Watch the video](images/1-2_placeholder.png)](https://learn-video.azurefd.net/vod/player?id=12bdcffa-12b7-44ef-b44d-882602ca7a38)
 
-
 ## Introduction
 
 In this lesson, we’ll cover:
 
- - What is a cybersecurity threat?
-
-
- - Why do malicious actors want to compromise data and IT systems?
-
-
-
-
- - What are the most common types of cybersecurity threats?
+- What is a cybersecurity threat?
 
-
-
+- Why do malicious actors want to compromise data and IT systems?
 
- - What is the MITRE ATT&CK framework?
+* What are the most common types of cybersecurity threats?
 
-
-
+- What is the MITRE ATT&CK framework?
 
- - Where can I keep up to date with the cybersecurity threat landscape?
+* Where can I keep up to date with the cybersecurity threat landscape?
 
 ## What is a cybersecurity threat?
 
@@ -111,17 +100,17 @@ The framework is continuously updated and expanded as new threat intelligence is
 
 There are many sources that can be used to keep up to date with cybersecurity threats, here are a selection:
 
- -   [Open Web Application Security Project (OWASP) top 10 vulnerabilities](https://owasp.org/Top10/)
- - [Common Vulnerabilities and Exposures (CVEs)](https://www.bing.com/ck/a?!&&p=53df6007f017bca2JmltdHM9MTY5MjU3NjAwMCZpZ3VpZD0zYmY4N2RiYS1jYWI1LTYwMDgtMWY1YS02ZmYyY2JjNjYxZWUmaW5zaWQ9NTc2OQ&ptn=3&hsh=3&fclid=3bf87dba-cab5-6008-1f5a-6ff2cbc661ee&psq=cve&u=a1aHR0cHM6Ly9iaW5nLmNvbS9hbGluay9saW5rP3VybD1odHRwcyUzYSUyZiUyZmN2ZS5taXRyZS5vcmclMmYmc291cmNlPXNlcnAtcnImaD1BZXN4S0VBWTNnbGhNZEFpd3daMlNSZkZQNTlrODhIUnYxRUtlSkY1RTk0JTNkJnA9a2NvZmZjaWFsd2Vic2l0ZQ&ntb=1 "Common Vulnerabilities and Exposures")
- - [Microsoft Security Response Center blogs](https://msrc.microsoft.com/blog/)
- - [National Institute of Standards and Technology
-   (NIST)](https://www.dhs.gov/topics/cybersecurity): NIST provides resources, alerts, and latest updates on potential cybersecurity threats.
- - [Cybersecurity and Infrastructure Security Agency
-   (CISA)](https://www.cisa.gov/resources-tools/resources/free-cybersecurity-services-and-tools): CISA provides cybersecurity resources and best practices for
-   businesses, government agencies, and other organizations. CISA shares
-   up-to-date information about high-impact types of security activity
-   affecting the community at large and in-depth analysis on new and
-   evolving cyber threats.
- - [National Cybersecurity Center of Excellence (NCCoE)](https://www.dhs.gov/topics/cybersecurity): NCCoE is a hub that provides practical cybersecurity solutions that can be applied in real-world situations.
- - [US-CERT](https://www.cisa.gov/resources-tools/resources/free-cybersecurity-services-and-tools):The United States Computer Emergency Readiness Team (US-CERT) provides a variety of cybersecurity resources, including alerts, tips, and more.
- - Your country's Cyber Emergency Response Team (CERT)
+- <a href="https://owasp.org/Top10/" target="_blank"> Open Web Application Security Project (OWASP) top 10 vulnerabilities</a>
+- <a href="https://www.bing.com/ck/a?!&&p=53df6007f017bca2JmltdHM9MTY5MjU3NjAwMCZpZ3VpZD0zYmY4N2RiYS1jYWI1LTYwMDgtMWY1YS02ZmYyY2JjNjYxZWUmaW5zaWQ9NTc2OQ&ptn=3&hsh=3&fclid=3bf87dba-cab5-6008-1f5a-6ff2cbc661ee&psq=cve&u=a1aHR0cHM6Ly9iaW5nLmNvbS9hbGluay9saW5rP3VybD1odHRwcyUzYSUyZiUyZmN2ZS5taXRyZS5vcmclMmYmc291cmNlPXNlcnAtcnImaD1BZXN4S0VBWTNnbGhNZEFpd3daMlNSZkZQNTlrODhIUnYxRUtlSkY1RTk0JTNkJnA9a2NvZmZjaWFsd2Vic2l0ZQ&ntb=1" target="_blank">Common Vulnerabilities and Exposures (CVEs)</a>
+- <a href="" target="_blank">Microsoft Security Response Center blogs</a>
+- <a href="https://www.dhs.gov/topics/cybersecurity" target="_blank">National Institute of Standards and Technology
+  (NIST)</a>: NIST provides resources, alerts, and latest updates on potential cybersecurity threats.
+- <a href="https://www.cisa.gov/resources-tools/resources/free-cybersecurity-services-and-tools" target="_blank">Cybersecurity and Infrastructure Security Agency
+  (CISA)</a>: CISA provides cybersecurity resources and best practices for
+  businesses, government agencies, and other organizations. CISA shares
+  up-to-date information about high-impact types of security activity
+  affecting the community at large and in-depth analysis on new and
+  evolving cyber threats.
+- <a href="https://www.dhs.gov/topics/cybersecurity" target="_blank">National Cybersecurity Center of Excellence (NCCoE)</a>: NCCoE is a hub that provides practical cybersecurity solutions that can be applied in real-world situations.
+- <a href="https://www.cisa.gov/resources-tools/resources/free-cybersecurity-services-and-tools" target="_blank">US-CERT</a>: The United States Computer Emergency Readiness Team (US-CERT) provides a variety of cybersecurity resources, including alerts, tips, and more.
+- Your country's Cyber Emergency Response Team (CERT)

1.3 Understanding risk management.md

@@ -6,13 +6,11 @@
 
 In this lesson, we’ll cover:
 
- - Definitions of commonly used security terminology
-
- - Types of security controls
+- Definitions of commonly used security terminology
 
-   
+- Types of security controls
 
- - Assessing security risks
+* Assessing security risks
 
 ## Definitions of commonly used security terminology
 
@@ -50,7 +48,6 @@ To summarize the relationship between these terms: Threat agents exploit vulnera
 
 ![image](/images/circleofrisk.png)
 
-
 ## Types of security controls
 
 Security controls are measures or safeguards implemented to protect information systems and assets from various threats and vulnerabilities. They can be classified into several categories based on their focus and purpose. Here are some common types of security controls:
@@ -156,4 +153,3 @@ Based on the risk assessment, the organization determines how to mitigate or man
 Risk assessment is not a one-time process. It should be conducted periodically or whenever there are significant changes to the organization's environment. Continuous monitoring ensures that new threats, vulnerabilities, or changes in the business landscape are accounted for.
 
 By assessing security risks in this structured manner, organizations can make informed decisions about resource allocation, security controls, and overall risk management strategies. The goal is to reduce the organization's overall risk exposure while aligning security efforts with the organization's business goals and objectives.
-

1.4 Security practices and documentation.md

@@ -1,4 +1,4 @@
-# Security practices and documentation 
+# Security practices and documentation
 
 You may have heard the phrases “security policy”, “security standard”, etc. used before, but the reality is that many cybersecurity professionals don’t use them properly, so in this section we will explain what each of these phrases mean and why an organization would utilize these.
 
@@ -8,22 +8,16 @@ You may have heard the phrases “security policy”, “security standard”, e
 
 In this lesson, we’ll cover:
 
- - What is a security policy?
-
- - What is a security standard?
+- What is a security policy?
 
-   
+- What is a security standard?
 
- - What is a security baseline?
+* What is a security baseline?
 
-
+- What is a security guideline?
+- What is a security procedure?
 
- - What is a security guideline?
- - What is a security procedure?
-
-
-
- - What are laws and regulations in the context of cybersecurity?
+* What are laws and regulations in the context of cybersecurity?
 
 These terms are often used in the context of cybersecurity to define different levels of security documentation and practices within an organization. Let's clarify each term:
 
@@ -55,6 +49,6 @@ Laws and regulations refer to legal frameworks established by governments and re
 
 ## Further reading
 
-[Information Security Policy Templates | SANS Institute](https://www.sans.org/information-security-policy/)
+<a href="https://www.sans.org/information-security-policy/">Information Security Policy Templates | SANS Institute</a>
 
-[Compliance with Cybersecurity and Privacy Laws and Regulations | NIST](https://www.nist.gov/mep/cybersecurity-resources-manufacturers/compliance-cybersecurity-and-privacy-laws-and-regulations)
+<a href="https://www.nist.gov/mep/cybersecurity-resources-manufacturers/compliance-cybersecurity-and-privacy-laws-and-regulations">Compliance with Cybersecurity and Privacy Laws and Regulations | NIST</a>

1.5 Zero trust.md

@@ -6,20 +6,13 @@
 
 ## Introduction
 
- - In this lesson, we’ll cover:
-
-
- - What is zero trust?
+- In this lesson, we’ll cover:
 
-
-
+- What is zero trust?
 
- - How does zero trust differ from traditional security architectures?
+* How does zero trust differ from traditional security architectures?
 
-
-
-
- - What is defense in depth?
+- What is defense in depth?
 
 ## Zero Trust
 
@@ -63,8 +56,8 @@ Defense in depth involves a combination of technical, procedural, and physical s
 
 ## Further reading
 
-[What is Zero Trust?](https://learn.microsoft.com/security/zero-trust/zero-trust-overview?WT.mc_id=academic-96948-sayoung)
+<a href="https://learn.microsoft.com/security/zero-trust/zero-trust-overview?WT.mc_id=academic-96948-sayoung" target="_blank">What is Zero Trust?</a>
 
-[Evolving Zero Trust – Microsoft Position Paper](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RWJJdT?WT.mc_id=academic-96948-sayoung)
+<a href="https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RWJJdT?WT.mc_id=academic-96948-sayoung" target="_blank">Evolving Zero Trust – Microsoft Position Paper</a>
 
-[Zero Trust and BeyondCorp Google Cloud | Google Cloud Blog](https://cloud.google.com/blog/topics/developers-practitioners/zero-trust-and-beyondcorp-google-cloud)
+<a href="https://cloud.google.com/blog/topics/developers-practitioners/zero-trust-and-beyondcorp-google-cloud" target="_blank">Zero Trust and BeyondCorp Google Cloud | Google Cloud Blog</a>