From 1248a4ee7ad79cacbefe5ac9da6f0956358f9168 Mon Sep 17 00:00:00 2001 From: nalvadesatish Date: Sat, 2 Mar 2024 01:25:46 +0530 Subject: [PATCH] Fix issue:#2 --- 1.1 The CIA triad and other key concepts.md | 14 ++--- 1.2 Common cybersecurity threats.md | 49 +++++++--------- 1.3 Understanding risk management.md | 10 +--- 1.4 Security practices and documentation.md | 24 +++----- 1.5 Zero trust.md | 21 +++---- 1.6 Shared responsibility model.md | 47 +++++++-------- 2.1 IAM key concepts.md | 57 +++++++++---------- 2.2 IAM zero trust architecture.md | 34 +++++------ 2.3 IAM capabilities.md | 60 +++++++++----------- 3.1 Networking key concepts.md | 63 +++++++-------------- 3.2 Networking zero trust architecture.md | 37 ++++++------ 3.3 Network security capabilities.md | 40 +++++++------ 4.1 SecOps key concepts.md | 28 ++++----- 4.2 SecOps zero trust architecture.md | 9 ++- 4.3 SecOps capabilities.md | 16 +++--- 5.1 AppSec key concepts.md | 9 ++- 5.2 AppSec key capabilities.md | 11 ++-- 6.1 Infrastructure security key concepts.md | 33 +++++------ 6.2 Infrastructure security capabilities.md | 12 ++-- 7.1 Data security key concepts.md | 15 +++-- 7.2 Data security capabilities.md | 18 +++--- SUPPORT.md | 12 ++-- 22 files changed, 262 insertions(+), 357 deletions(-) diff --git a/1.1 The CIA triad and other key concepts.md b/1.1 The CIA triad and other key concepts.md index a3419b5..d938341 100644 --- a/1.1 The CIA triad and other key concepts.md +++ b/1.1 The CIA triad and other key concepts.md @@ -6,14 +6,11 @@ In this lesson, we’ll cover: - - What is cybersecurity? - - - - What is the cybersecurity CIA triad? +- What is cybersecurity? - +* What is the cybersecurity CIA triad? - - What are authenticity, nonrepudiation and privacy in the context of cybersecurity? +- What are authenticity, nonrepudiation and privacy in the context of cybersecurity? ## What is cybersecurity? @@ -47,9 +44,8 @@ These are additional important concepts that relate to ensuring the security and **Nonrepudiation** - is the concept of ensuring that a party cannot deny their involvement or the authenticity of a transaction or communication. It prevents someone from claiming they didn't send a message or perform a particular action when there is evidence to the contrary. -**Privacy** - refers to the protection of sensitive and personally identifiable information from unauthorized access, use, disclosure, or manipulation. It involves controlling who has access to personal data and how that data is collected, stored, and shared. - +**Privacy** - refers to the protection of sensitive and personally identifiable information from unauthorized access, use, disclosure, or manipulation. It involves controlling who has access to personal data and how that data is collected, stored, and shared. ## Additional reading -[What Is Information Security (InfoSec)? | Microsoft Security](https://www.microsoft.com/security/business/security-101/what-is-information-security-infosec#:~:text=Three%20pillars%20of%20information%20security%3A%20the%20CIA%20triad,as%20guiding%20principles%20for%20implementing%20an%20InfoSec%20plan.) +What Is Information Security (InfoSec)? | Microsoft Security diff --git a/1.2 Common cybersecurity threats.md b/1.2 Common cybersecurity threats.md index 07027e3..3edc773 100644 --- a/1.2 Common cybersecurity threats.md +++ b/1.2 Common cybersecurity threats.md @@ -2,30 +2,19 @@ [![Watch the video](images/1-2_placeholder.png)](https://learn-video.azurefd.net/vod/player?id=12bdcffa-12b7-44ef-b44d-882602ca7a38) - ## Introduction In this lesson, we’ll cover: - - What is a cybersecurity threat? - - - - Why do malicious actors want to compromise data and IT systems? - - - - - - What are the most common types of cybersecurity threats? +- What is a cybersecurity threat? - - +- Why do malicious actors want to compromise data and IT systems? - - What is the MITRE ATT&CK framework? +* What are the most common types of cybersecurity threats? - - +- What is the MITRE ATT&CK framework? - - Where can I keep up to date with the cybersecurity threat landscape? +* Where can I keep up to date with the cybersecurity threat landscape? ## What is a cybersecurity threat? @@ -111,17 +100,17 @@ The framework is continuously updated and expanded as new threat intelligence is There are many sources that can be used to keep up to date with cybersecurity threats, here are a selection: - - [Open Web Application Security Project (OWASP) top 10 vulnerabilities](https://owasp.org/Top10/) - - [Common Vulnerabilities and Exposures (CVEs)](https://www.bing.com/ck/a?!&&p=53df6007f017bca2JmltdHM9MTY5MjU3NjAwMCZpZ3VpZD0zYmY4N2RiYS1jYWI1LTYwMDgtMWY1YS02ZmYyY2JjNjYxZWUmaW5zaWQ9NTc2OQ&ptn=3&hsh=3&fclid=3bf87dba-cab5-6008-1f5a-6ff2cbc661ee&psq=cve&u=a1aHR0cHM6Ly9iaW5nLmNvbS9hbGluay9saW5rP3VybD1odHRwcyUzYSUyZiUyZmN2ZS5taXRyZS5vcmclMmYmc291cmNlPXNlcnAtcnImaD1BZXN4S0VBWTNnbGhNZEFpd3daMlNSZkZQNTlrODhIUnYxRUtlSkY1RTk0JTNkJnA9a2NvZmZjaWFsd2Vic2l0ZQ&ntb=1 "Common Vulnerabilities and Exposures") - - [Microsoft Security Response Center blogs](https://msrc.microsoft.com/blog/) - - [National Institute of Standards and Technology - (NIST)](https://www.dhs.gov/topics/cybersecurity): NIST provides resources, alerts, and latest updates on potential cybersecurity threats. - - [Cybersecurity and Infrastructure Security Agency - (CISA)](https://www.cisa.gov/resources-tools/resources/free-cybersecurity-services-and-tools): CISA provides cybersecurity resources and best practices for - businesses, government agencies, and other organizations. CISA shares - up-to-date information about high-impact types of security activity - affecting the community at large and in-depth analysis on new and - evolving cyber threats. - - [National Cybersecurity Center of Excellence (NCCoE)](https://www.dhs.gov/topics/cybersecurity): NCCoE is a hub that provides practical cybersecurity solutions that can be applied in real-world situations. - - [US-CERT](https://www.cisa.gov/resources-tools/resources/free-cybersecurity-services-and-tools):The United States Computer Emergency Readiness Team (US-CERT) provides a variety of cybersecurity resources, including alerts, tips, and more. - - Your country's Cyber Emergency Response Team (CERT) +- Open Web Application Security Project (OWASP) top 10 vulnerabilities +- Common Vulnerabilities and Exposures (CVEs) +- Microsoft Security Response Center blogs +- National Institute of Standards and Technology + (NIST): NIST provides resources, alerts, and latest updates on potential cybersecurity threats. +- Cybersecurity and Infrastructure Security Agency + (CISA): CISA provides cybersecurity resources and best practices for + businesses, government agencies, and other organizations. CISA shares + up-to-date information about high-impact types of security activity + affecting the community at large and in-depth analysis on new and + evolving cyber threats. +- National Cybersecurity Center of Excellence (NCCoE): NCCoE is a hub that provides practical cybersecurity solutions that can be applied in real-world situations. +- US-CERT: The United States Computer Emergency Readiness Team (US-CERT) provides a variety of cybersecurity resources, including alerts, tips, and more. +- Your country's Cyber Emergency Response Team (CERT) diff --git a/1.3 Understanding risk management.md b/1.3 Understanding risk management.md index 0e1959d..608023b 100644 --- a/1.3 Understanding risk management.md +++ b/1.3 Understanding risk management.md @@ -6,13 +6,11 @@ In this lesson, we’ll cover: - - Definitions of commonly used security terminology - - - Types of security controls +- Definitions of commonly used security terminology - +- Types of security controls - - Assessing security risks +* Assessing security risks ## Definitions of commonly used security terminology @@ -50,7 +48,6 @@ To summarize the relationship between these terms: Threat agents exploit vulnera ![image](/images/circleofrisk.png) - ## Types of security controls Security controls are measures or safeguards implemented to protect information systems and assets from various threats and vulnerabilities. They can be classified into several categories based on their focus and purpose. Here are some common types of security controls: @@ -156,4 +153,3 @@ Based on the risk assessment, the organization determines how to mitigate or man Risk assessment is not a one-time process. It should be conducted periodically or whenever there are significant changes to the organization's environment. Continuous monitoring ensures that new threats, vulnerabilities, or changes in the business landscape are accounted for. By assessing security risks in this structured manner, organizations can make informed decisions about resource allocation, security controls, and overall risk management strategies. The goal is to reduce the organization's overall risk exposure while aligning security efforts with the organization's business goals and objectives. - diff --git a/1.4 Security practices and documentation.md b/1.4 Security practices and documentation.md index b922152..09f9d6a 100644 --- a/1.4 Security practices and documentation.md +++ b/1.4 Security practices and documentation.md @@ -1,4 +1,4 @@ -# Security practices and documentation +# Security practices and documentation You may have heard the phrases “security policy”, “security standard”, etc. used before, but the reality is that many cybersecurity professionals don’t use them properly, so in this section we will explain what each of these phrases mean and why an organization would utilize these. @@ -8,22 +8,16 @@ You may have heard the phrases “security policy”, “security standard”, e In this lesson, we’ll cover: - - What is a security policy? - - - What is a security standard? +- What is a security policy? - +- What is a security standard? - - What is a security baseline? +* What is a security baseline? - +- What is a security guideline? +- What is a security procedure? - - What is a security guideline? - - What is a security procedure? - - - - - What are laws and regulations in the context of cybersecurity? +* What are laws and regulations in the context of cybersecurity? These terms are often used in the context of cybersecurity to define different levels of security documentation and practices within an organization. Let's clarify each term: @@ -55,6 +49,6 @@ Laws and regulations refer to legal frameworks established by governments and re ## Further reading -[Information Security Policy Templates | SANS Institute](https://www.sans.org/information-security-policy/) +Information Security Policy Templates | SANS Institute -[Compliance with Cybersecurity and Privacy Laws and Regulations | NIST](https://www.nist.gov/mep/cybersecurity-resources-manufacturers/compliance-cybersecurity-and-privacy-laws-and-regulations) +Compliance with Cybersecurity and Privacy Laws and Regulations | NIST diff --git a/1.5 Zero trust.md b/1.5 Zero trust.md index 3eabc65..fe4eb63 100644 --- a/1.5 Zero trust.md +++ b/1.5 Zero trust.md @@ -6,20 +6,13 @@ ## Introduction - - In this lesson, we’ll cover: - - - - What is zero trust? +- In this lesson, we’ll cover: - - +- What is zero trust? - - How does zero trust differ from traditional security architectures? +* How does zero trust differ from traditional security architectures? - - - - - What is defense in depth? +- What is defense in depth? ## Zero Trust @@ -63,8 +56,8 @@ Defense in depth involves a combination of technical, procedural, and physical s ## Further reading -[What is Zero Trust?](https://learn.microsoft.com/security/zero-trust/zero-trust-overview?WT.mc_id=academic-96948-sayoung) +What is Zero Trust? -[Evolving Zero Trust – Microsoft Position Paper](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RWJJdT?WT.mc_id=academic-96948-sayoung) +Evolving Zero Trust – Microsoft Position Paper -[Zero Trust and BeyondCorp Google Cloud | Google Cloud Blog](https://cloud.google.com/blog/topics/developers-practitioners/zero-trust-and-beyondcorp-google-cloud) +Zero Trust and BeyondCorp Google Cloud | Google Cloud Blog diff --git a/1.6 Shared responsibility model.md b/1.6 Shared responsibility model.md index 2278c4e..80c2b6f 100644 --- a/1.6 Shared responsibility model.md +++ b/1.6 Shared responsibility model.md @@ -8,52 +8,42 @@ Shared responsibility is a newer concept in IT that came into being with the adv In this lesson, we’ll cover: - - What is shared responsibility in the context of cybersecurity? - - - What is the difference in shared responsibility for security controls - between IaaS, PaaS and SaaS? +- What is shared responsibility in the context of cybersecurity? - +- What is the difference in shared responsibility for security controls + between IaaS, PaaS and SaaS? - - Where can you find out what security controls your cloud platform is - providing? +* Where can you find out what security controls your cloud platform is + providing? - - - - - What is “trust but verify”? +- What is “trust but verify”? ## What is shared responsibility in the context of cybersecurity? -Shared responsibility in cybersecurity refers to the distribution of security responsibilities between a cloud service provider (CSP) and its customers. In cloud computing environments, such as Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS), both the CSP and the customer have roles to play in ensuring the security of the data, applications, and systems. +Shared responsibility in cybersecurity refers to the distribution of security responsibilities between a cloud service provider (CSP) and its customers. In cloud computing environments, such as Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS), both the CSP and the customer have roles to play in ensuring the security of the data, applications, and systems. ## What is the difference in shared responsibility for security controls between IaaS, PaaS and SaaS? The division of responsibilities typically depends on the type of cloud service being used: - - **IaaS (Infrastructure as a Service)**: The CSP provides the foundational infrastructure (servers, networking, storage), while the customer is responsible for managing the operating systems, applications, and security configurations on that infrastructure. - - - - **PaaS (Platform as a Service):** The CSP offers a platform on which customers can build and deploy applications. The CSP manages the underlying infrastructure, and the customer focuses on application development and data security. +- **IaaS (Infrastructure as a Service)**: The CSP provides the foundational infrastructure (servers, networking, storage), while the customer is responsible for managing the operating systems, applications, and security configurations on that infrastructure. - +- **PaaS (Platform as a Service):** The CSP offers a platform on which customers can build and deploy applications. The CSP manages the underlying infrastructure, and the customer focuses on application development and data security. - - **SaaS (Software as a Service)**: The CSP provides fully functional applications accessible over the internet. In this case, the CSP is responsible for the application's security and infrastructure, while the customer manages user access and data usage. +* **SaaS (Software as a Service)**: The CSP provides fully functional applications accessible over the internet. In this case, the CSP is responsible for the application's security and infrastructure, while the customer manages user access and data usage. Understanding shared responsibility is crucial because it clarifies which security aspects are covered by the CSP and which ones the customer needs to address. It helps prevent misunderstandings and ensures that security measures are implemented holistically. ![image](https://github.com/microsoft/Security-101/assets/139931591/7229a633-ec03-44d3-aa74-6c9810f5c47b) - - ## Where can you find out what security controls your cloud platform is providing? To find out what security controls your cloud platform is providing, you need to refer to the cloud service provider's documentation and resources. These include: - - **CSP’s website and documentation**: the CSP’s website will have information about the security features and controls offered as part of their services. CSPs usually offer detailed documentation that explains their security practices, controls, and recommendations. This might include whitepapers, security guides, and technical documentation. - - - **Security Assessments and Audits**: most CSPs get their security controls assessed by independent security experts and organizations. These reviews can provide insights into the quality of the CSP’s security measures. Sometimes this leads to the CSP getting a security compliance certificate (see next bullet point). - - **Security compliance certifications**: most CSPs obtain certifications such as ISO:27001, SOC 2, and FedRAMP, etc. These certifications demonstrate that the provider meets specific security and compliance standards. +- **CSP’s website and documentation**: the CSP’s website will have information about the security features and controls offered as part of their services. CSPs usually offer detailed documentation that explains their security practices, controls, and recommendations. This might include whitepapers, security guides, and technical documentation. + +- **Security Assessments and Audits**: most CSPs get their security controls assessed by independent security experts and organizations. These reviews can provide insights into the quality of the CSP’s security measures. Sometimes this leads to the CSP getting a security compliance certificate (see next bullet point). +- **Security compliance certifications**: most CSPs obtain certifications such as ISO:27001, SOC 2, and FedRAMP, etc. These certifications demonstrate that the provider meets specific security and compliance standards. Remember that the level of detail and the availability of information may vary between cloud providers. Always ensure that you are consulting official and up-to-date resources provided by the cloud service provider to make informed decisions about the security of your cloud-based assets. @@ -62,11 +52,12 @@ Remember that the level of detail and the availability of information may vary b In the context of using a CSP, third-party software or other IT security service, an organization might initially trust the provider's claims about security measures. However, to truly ensure the safety of their data and systems, they would verify these claims through security assessments, penetration testing and a review of the external party’s security controls before fully integrating the software or service into their operations. All individuals and organizations should seek to trust but verify the security controls that they are not responsible for. ## Shared responsibility within an organization + Remember, shared responsibility for security within an organization for different teams also needs to be taken into account. The security team will rarely implement all the controls themselves and will need to collaborate with operations teams, developers and other parts of the business to implement all the security controls needed to keep an organization secure. ## Further reading -- [Shared responsibility in the cloud - Microsoft Azure | Microsoft Learn](https://learn.microsoft.com/azure/security/fundamentals/shared-responsibility?WT.mc_id=academic-96948-sayoung) -- [What is shared responsibility model? – Definition from TechTarget.com](https://www.techtarget.com/searchcloudcomputing/definition/shared-responsibility-model) -- [The shared responsibility model explained and what it means for cloud security | CSO Online](https://www.csoonline.com/article/570779/the-shared-responsibility-model-explained-and-what-it-means-for-cloud-security.html) -- [Shared Responsibility for Cloud Security: What You Need to Know (cisecurity.org)](https://www.cisecurity.org/insights/blog/shared-responsibility-cloud-security-what-you-need-to-know) +- Shared responsibility in the cloud - Microsoft Azure | Microsoft Learn +- What is shared responsibility model? – Definition from TechTarget.com +- The shared responsibility model explained and what it means for cloud security | CSO Online +- Shared Responsibility for Cloud Security: What You Need to Know (cisecurity.org) diff --git a/2.1 IAM key concepts.md b/2.1 IAM key concepts.md index b551bc2..fd2633e 100644 --- a/2.1 IAM key concepts.md +++ b/2.1 IAM key concepts.md @@ -1,4 +1,4 @@ -# IAM key concepts +# IAM key concepts Have you ever logged into a computer or a website? Of course you have! That means you’ve already used identity controls in your day-to-day life. Identity and access management (IAM) is a key pillar of security, we’ll learn more about it in the next few lessons. @@ -8,13 +8,13 @@ Have you ever logged into a computer or a website? Of course you have! That mean In this lesson, we’ll cover: - - What do we mean by identity and access management (IAM) in the - context of cybersecurity? - - - What is the principle of least privilege? - - - What is segregation of duties? - - What is authentication and authorization? +- What do we mean by identity and access management (IAM) in the + context of cybersecurity? + +- What is the principle of least privilege? + +- What is segregation of duties? +- What is authentication and authorization? ## What do we mean by identity and access management (IAM) in the context of cybersecurity? @@ -32,35 +32,34 @@ Segregation of duties is a principle aimed at preventing conflicts of interest a Authentication and authorization are two fundamental concepts in cybersecurity that play a crucial role in ensuring the security and integrity of computer systems and data. They are often used in conjunction to control access to resources and protect sensitive information. -**1. Authentication**: Authentication is the process of verifying the identity of a user, system, or entity attempting to access a computer system or specific resource. It ensures that the claimed identity is genuine and accurate. Authentication methods typically involve the use of one or more of the following factors: - - a. Something you know: This includes passwords, PINs, or other secret knowledge that only the authorized user should possess. - - b. Something you have: This involves physical tokens or devices like smart cards, security tokens, or mobile phones used to confirm the user's identity. - - c. Something you are: This refers to biometric factors like fingerprints, facial recognition, or retinal scans that are unique to an individual. - +**1. Authentication**: Authentication is the process of verifying the identity of a user, system, or entity attempting to access a computer system or specific resource. It ensures that the claimed identity is genuine and accurate. Authentication methods typically involve the use of one or more of the following factors: + +a. Something you know: This includes passwords, PINs, or other secret knowledge that only the authorized user should possess. + +b. Something you have: This involves physical tokens or devices like smart cards, security tokens, or mobile phones used to confirm the user's identity. + +c. Something you are: This refers to biometric factors like fingerprints, facial recognition, or retinal scans that are unique to an individual. Authentication mechanisms are used to confirm that a user is who they claim to be before allowing access to a system or resource. It helps prevent unauthorized access and ensures that only legitimate users can perform actions within a system. -**2. Authorization**: Authorization is the process of granting or denying specific permissions and privileges to authenticated users or entities once their identity has been verified. It determines what actions or operations a user is allowed to perform within a system or on specific resources. Authorization is often based on predefined policies, access control rules, and roles assigned to users. +**2. Authorization**: Authorization is the process of granting or denying specific permissions and privileges to authenticated users or entities once their identity has been verified. It determines what actions or operations a user is allowed to perform within a system or on specific resources. Authorization is often based on predefined policies, access control rules, and roles assigned to users. Authorization can be thought of as answering the question, "What can an authenticated user do?" It involves defining and enforcing access control policies to protect sensitive data and resources from unauthorized access or modification. **In summary:** -- Authentication establishes the identity of users or entities. -- Authorization determines what actions and resources authenticated users are allowed to access or manipulate. +- Authentication establishes the identity of users or entities. +- Authorization determines what actions and resources authenticated users are allowed to access or manipulate. ## Further reading -- [Describe identity concepts - Training | Microsoft Learn](https://learn.microsoft.com/training/modules/describe-identity-principles-concepts/?WT.mc_id=academic-96948-sayoung) -- [Introduction to identity - Microsoft Entra | Microsoft Learn](https://learn.microsoft.com/azure/active-directory/fundamentals/identity-fundamental-concepts?WT.mc_id=academic-96948-sayoung) -- [What is Identity Access Management (IAM)? | Microsoft Security](https://www.microsoft.com/security/business/security-101/what-is-identity-access-management-iam?WT.mc_id=academic-96948-sayoung) -- [What is IAM? Identity and access management explained | CSO Online](https://www.csoonline.com/article/518296/what-is-iam-identity-and-access-management-explained.html) -- [What is IAM? (auth0.com)](https://auth0.com/blog/what-is-iam/) -- [Security+: implementing Identity and Access Management (IAM) controls [updated 2021] | Infosec (infosecinstitute.com)](https://resources.infosecinstitute.com/certifications/securityplus/security-implementing-identity-and-access-management-iam-controls/) -- [least privilege - Glossary | CSRC (nist.gov)](https://csrc.nist.gov/glossary/term/least_privilege) -- [Security: The Principle of Least Privilege (POLP) - Microsoft Community Hub](https://techcommunity.microsoft.com/t5/azure-sql-blog/security-the-principle-of-least-privilege-polp/ba-p/2067390?WT.mc_id=academic-96948-sayoung) -- [Principle of least privilege | CERT NZ](https://www.cert.govt.nz/it-specialists/critical-controls/principle-of-least-privilege/) -- [Why is separation of duties required by NIST 800-171 and CMMC? - (totem.tech)](https://www.totem.tech/cmmc-separation-of-duties/) +- Describe identity concepts - Training | Microsoft Learn[]() +- Introduction to identity - Microsoft Entra | Microsoft Learn +- What is Identity Access Management (IAM)? | Microsoft Security +- What is IAM? Identity and access management explained | CSO Online +- What is IAM? (auth0.com) +- Security+: implementing Identity and Access Management (IAM) controls [updated 2021] | Infosec (infosecinstitute.com) +- least privilege - Glossary | CSRC (nist.gov) +- Security: The Principle of Least Privilege (POLP) - Microsoft Community Hub +- Principle of least privilege | CERT NZ +- Why is separation of duties required by NIST 800-171 and CMMC? - (totem.tech) diff --git a/2.2 IAM zero trust architecture.md b/2.2 IAM zero trust architecture.md index 30f5f5e..cda089f 100644 --- a/2.2 IAM zero trust architecture.md +++ b/2.2 IAM zero trust architecture.md @@ -8,15 +8,12 @@ Identity is a key part of implementing a zero trust architecture and building a In this lesson, we’ll cover: - - Why do we need to use identity as our perimeter in modern IT - environments? - - - How does this differ from traditional IT architectures? +- Why do we need to use identity as our perimeter in modern IT + environments? - - +- How does this differ from traditional IT architectures? - - How is identity used to implement a zero trust architecture? +* How is identity used to implement a zero trust architecture? ## Why do we need to use identity as our perimeter in modern IT environments? @@ -38,15 +35,14 @@ Here's why using identity as the perimeter is crucial in modern IT environments: Traditional IT architectures relied heavily on perimeter-based security models, where firewalls and network boundaries played a significant role in keeping threats out. The main differences between traditional and identity-centric approaches are: -| Aspect | Traditional IT Architectures | Identity-Centric Approach | -|-----------------------------|----------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------| -| Focus | Perimeter Focus: Relied on perimeter defenses like firewalls and access control. | Focus on Identity Verification: Shift from network boundaries to verifying user/device identity. | -| Location | Location Dependency: - Security tied to physical office locations and network boundaries. | Location Independence: Security not tied to specific locations; access from anywhere. | -| Trust Assumption | Assumed Trust: Assumed trust within the network perimeter for users/devices. | Zero Trust Approach: Trust is never assumed; access is verified based on identity and context. | -| Device Consideration | Device Diversity: Assumed devices within the network perimeter were secure. | Device Awareness: Consider device health and security posture, regardless of location. | -| Data Protection | Data Protection: Focused on securing network perimeters for data protection. | Data-Centric Protection: Focus on controlling data access based on identity and data sensitivity. | -| | | | - +| Aspect | Traditional IT Architectures | Identity-Centric Approach | +| -------------------- | ----------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------- | +| Focus | Perimeter Focus: Relied on perimeter defenses like firewalls and access control. | Focus on Identity Verification: Shift from network boundaries to verifying user/device identity. | +| Location | Location Dependency: - Security tied to physical office locations and network boundaries. | Location Independence: Security not tied to specific locations; access from anywhere. | +| Trust Assumption | Assumed Trust: Assumed trust within the network perimeter for users/devices. | Zero Trust Approach: Trust is never assumed; access is verified based on identity and context. | +| Device Consideration | Device Diversity: Assumed devices within the network perimeter were secure. | Device Awareness: Consider device health and security posture, regardless of location. | +| Data Protection | Data Protection: Focused on securing network perimeters for data protection. | Data-Centric Protection: Focus on controlling data access based on identity and data sensitivity. | +| | | | ## How is identity used to implement a zero trust architecture? @@ -54,6 +50,6 @@ In a zero trust architecture, the fundamental principle is to never automaticall ## Further reading -- [Securing identity with Zero Trust | Microsoft Learn](https://learn.microsoft.com/security/zero-trust/deploy/identity?WT.mc_id=academic-96948-sayoung) -- [Zero Trust Principles and Guidance for Identity and Access | CSA (cloudsecurityalliance.org)](https://cloudsecurityalliance.org/artifacts/zero-trust-principles-and-guidance-for-iam/) -- [Zero Trust Identity Controls - Essentials Series - Episode 2 - YouTube](https://www.youtube.com/watch?v=fQZQznIKcGM&list=PLXtHYVsvn_b_gtX1-NB62wNervQx1Fhp4&index=13) +- Securing identity with Zero Trust | Microsoft Learn +- Zero Trust Principles and Guidance for Identity and Access | CSA (cloudsecurityalliance.org) +- Zero Trust Identity Controls - Essentials Series - Episode 2 - YouTube diff --git a/2.3 IAM capabilities.md b/2.3 IAM capabilities.md index 1816543..1e24ea7 100644 --- a/2.3 IAM capabilities.md +++ b/2.3 IAM capabilities.md @@ -8,27 +8,23 @@ In this section, we’ll cover more details about the core tools and capabilitie In this lesson, we’ll cover: - - What is a directory service? - - - - - What kind of capabilities can be used to secure identities? -> -> Multi-Factor Authentication (MFA) -> -> Single Sign-On (SSO) -> -> Role-Based Access Control (RBAC) -> -> Adaptive Authentication -> -> Biometric Authentication -> -> Privileged Access Management (PAM) -> -> Identity Governance and Administration (IGA) -> -> Behavioral Analytics +- What is a directory service? +- What kind of capabilities can be used to secure identities? + > Multi-Factor Authentication (MFA) + > + > Single Sign-On (SSO) + > + > Role-Based Access Control (RBAC) + > + > Adaptive Authentication + > + > Biometric Authentication + > + > Privileged Access Management (PAM) + > + > Identity Governance and Administration (IGA) + > + > Behavioral Analytics ## What is a directory service? @@ -38,13 +34,13 @@ Directory services play a crucial role in modern IT environments by providing a Key functions and features of a directory service in the context of cybersecurity include: - - **User Authentication**: Directory services validate user credentials (such as usernames and passwords) to ensure that only authorized users can access the network and its resources. - - **User Authorization**: They determine the level of access each user has based on their role, group membership, and other attributes. This ensures that users can access only the resources they are entitled to. - - **Group Management**: Directory services allow administrators to organize users into logical groups, simplifying access control management. Permissions can be assigned to groups rather than individual users. - - **Password Policies**: They enforce password complexity and expiration rules, enhancing the security of user accounts. - - **Single Sign-On (SSO)**: Some directory services support SSO, enabling users to access multiple applications and services with a single set of credentials. - - **Centralized User Management**: Directory services centralize user information, making it easier to manage user accounts, profiles, and attributes from a single location. - - **Auditing and Logging**: They can record user authentication and access activities, aiding in security audits and compliance efforts. +- **User Authentication**: Directory services validate user credentials (such as usernames and passwords) to ensure that only authorized users can access the network and its resources. +- **User Authorization**: They determine the level of access each user has based on their role, group membership, and other attributes. This ensures that users can access only the resources they are entitled to. +- **Group Management**: Directory services allow administrators to organize users into logical groups, simplifying access control management. Permissions can be assigned to groups rather than individual users. +- **Password Policies**: They enforce password complexity and expiration rules, enhancing the security of user accounts. +- **Single Sign-On (SSO)**: Some directory services support SSO, enabling users to access multiple applications and services with a single set of credentials. +- **Centralized User Management**: Directory services centralize user information, making it easier to manage user accounts, profiles, and attributes from a single location. +- **Auditing and Logging**: They can record user authentication and access activities, aiding in security audits and compliance efforts. ## What kind of capabilities can be used to secure identities? @@ -80,10 +76,8 @@ IGA solutions manage user identities and their access to resources throughout th Behavioral analytics monitors user behavior and establishes baseline patterns. Deviations from the norm can trigger alerts for further investigation. - # Further reading -- [Azure Active Directory fundamentals documentation - Microsoft Entra | Microsoft Learn](https://learn.microsoft.com/azure/active-directory/fundamentals/?WT.mc_id=academic-96948-sayoung) -- [What is Azure Active Directory? - Microsoft Entra | Microsoft Learn](https://learn.microsoft.com/azure/active-directory/fundamentals/whatis?WT.mc_id=academic-96948-sayoung) -- [Manage your multi-cloud identity infrastructure with Microsoft Entra - YouTube](https://www.youtube.com/watch?v=9qQiq3wTS2Y&list=PLXtHYVsvn_b_gtX1-NB62wNervQx1Fhp4&index=18) - +- Azure Active Directory fundamentals documentation - Microsoft Entra | Microsoft Learn +- What is Azure Active Directory? - Microsoft Entra | Microsoft Learn +- Manage your multi-cloud identity infrastructure with Microsoft Entra - YouTube diff --git a/3.1 Networking key concepts.md b/3.1 Networking key concepts.md index fe06a78..28a9977 100644 --- a/3.1 Networking key concepts.md +++ b/3.1 Networking key concepts.md @@ -6,23 +6,15 @@ If you have done any work in IT, it’s likely that you’ve been exposed to net In this lesson, we’ll cover: - - What is IP addressing? - - - What is the OSI model? +- What is IP addressing? - +- What is the OSI model? - - What is TCP/UDP? +* What is TCP/UDP? - - +- What are port numbers? - - What are port numbers? - - - - - - What is encryption at rest and in transit? +* What is encryption at rest and in transit? ## What is IP addressing? @@ -32,39 +24,24 @@ IP addressing, or Internet Protocol addressing, is a numerical label assigned to The OSI (Open Systems Interconnection) model is a conceptual framework that standardizes the functions of a communication system into seven distinct layers. Each layer performs specific tasks and communicates with adjacent layers to ensure efficient and reliable data communication between devices in a network. The layers, from the bottom to the top, are as follows: - 1. Physical Layer - - - 2. Data Link Layer - - - - - 1. Network Layer - - - - - 1. Transport Layer +1. Physical Layer - +2) Data Link Layer - 1. Session Layer +1. Network Layer - - +1) Transport Layer - 1. Presentation Layer +1. Session Layer - - +1) Presentation Layer - 1. Application Layer +1. Application Layer The OSI model provides a common reference for understanding how networking protocols and technologies interact, regardless of the specific hardware or software implementations. ![image](/images/osilayers.png) -_ref: https://en.wikipedia.org/wiki/OSI_model_ +_ref: https://en.wikipedia.org/wiki/OSI_model_ ## What is TCP/UDP? @@ -99,11 +76,11 @@ Encryption at Rest: This involves encrypting data that is stored on devices, ser Encryption in Transit: This involves encrypting data as it travels between devices or over networks. This prevents eavesdropping and unauthorized interception of data during transmission. Common protocols for encryption in transit include HTTPS for web communication and TLS/SSL for securing various types of network traffic. ## Further reading -- [How Do IP Addresses Work? (howtogeek.com)](https://www.howtogeek.com/341307/how-do-ip-addresses-work/) -- [Understanding IP Address: An Introductory Guide (geekflare.com)](https://geekflare.com/understanding-ip-address/) -- [What is the OSI model? The 7 layers of OSI explained (techtarget.com)](https://www.techtarget.com/searchnetworking/definition/OSI) -- [The OSI Model – The 7 Layers of Networking Explained in Plain English (freecodecamp.org)](https://www.freecodecamp.org/news/osi-model-networking-layers-explained-in-plain-english/) -- [TCP/IP protocols - IBM Documentation](https://www.ibm.com/docs/en/aix/7.3?topic=protocol-tcpip-protocols) -- [Common Ports Cheat Sheet: The Ultimate Ports & Protocols List (stationx.net)](https://www.stationx.net/common-ports-cheat-sheet/) -- [Azure Data Encryption-at-Rest - Azure Security | Microsoft Learn](https://learn.microsoft.com/azure/security/fundamentals/encryption-atrest?WT.mc_id=academic-96948-sayoung) +- How Do IP Addresses Work? (howtogeek.com) +- Understanding IP Address: An Introductory Guide (geekflare.com) +- What is the OSI model? The 7 layers of OSI explained (techtarget.com) +- The OSI Model – The 7 Layers of Networking Explained in Plain English (freecodecamp.org) +- TCP/IP protocols - IBM Documentation +- Common Ports Cheat Sheet: The Ultimate Ports & Protocols List (stationx.net) +- Azure Data Encryption-at-Rest - Azure Security | Microsoft Learn diff --git a/3.2 Networking zero trust architecture.md b/3.2 Networking zero trust architecture.md index 2f3e267..427bd46 100644 --- a/3.2 Networking zero trust architecture.md +++ b/3.2 Networking zero trust architecture.md @@ -4,9 +4,9 @@ The network provides a crucial layer in zero trust controls, in this lesson we will learn more about this: - - What is network segmentation? - - How does network segmentation help implement zero trust? - - What is end-to-end encryption? +- What is network segmentation? +- How does network segmentation help implement zero trust? +- What is end-to-end encryption? ## What is network segmentation? @@ -14,7 +14,7 @@ Network segmentation is the practice of dividing a network into smaller, isolate By implementing network segmentation, an organization can create "zones" that separate different types of users, applications, and data. This reduces the attack surface and minimizes the potential damage caused by a security incident. Network segmentation can be achieved through technologies like virtual LANs (VLANs), firewalls, and access controls. -## How does network segmentation help implement zero trust? +## How does network segmentation help implement zero trust? Network segmentation aligns closely with the principles of the Zero Trust model. In a Zero Trust architecture, network segmentation helps enforce the principle of "least privilege" by ensuring that users and devices have access only to the specific resources and services they need to perform their tasks. By segmenting the network into smaller zones, organizations can implement strict access controls, isolate critical assets, and prevent lateral movement of attackers. @@ -35,27 +35,26 @@ SASE stands for "Secure Access Service Edge," and it is a cybersecurity framewor Key characteristics and components of SASE include: 1. **Cloud-Based:** SASE is delivered as a cloud service, which means that security and networking functions are provided from the cloud rather than relying on traditional on-premises hardware and appliances. - + 2. **Integration of Security and Networking:** SASE integrates various security services such as secure web gateways (SWG), firewall as a service (FWaaS), data loss prevention (DLP), zero-trust network access (ZTNA), and WAN optimization with wide-area networking capabilities. This integration helps streamline security and networking operations. - + 3. **Zero Trust:** SASE operates on the principle of zero trust, which means that it enforces strict access controls and least-privilege access policies. Users and devices are not trusted by default, and they must be authenticated and authorized before accessing resources. - + 4. **Identity-Centric:** SASE focuses on user and device identities as the basis for access control. Identity and context-based policies are used to determine access permissions, and these policies adapt dynamically based on user behavior and context. - + 5. **Scalability and Flexibility:** SASE can scale easily to accommodate a large number of users and devices, making it suitable for organizations with diverse and evolving networking and security needs. - SASE is particularly relevant in the modern era of remote work and cloud adoption, as it provides a comprehensive and agile approach to securing and managing network access. It helps organizations adapt to changing security and networking requirements while maintaining a strong focus on user-centric and zero-trust security models. ## Further reading -- [What Is Network Segmentation? - Cisco](https://www.cisco.com/c/en/us/products/security/what-is-network-segmentation.html#~benefits) -- [What Is Micro-Segmentation? - Cisco](https://www.cisco.com/c/en/us/products/security/what-is-microsegmentation.html) -- [Implementing Network Segmentation and Segregation | Cyber.gov.au](https://www.cyber.gov.au/resources-business-and-government/maintaining-devices-and-systems/system-hardening-and-administration/network-hardening/implementing-network-segmentation-and-segregation) -- [What Is Network Segmentation and Why It Matters | CompTIA](https://www.comptia.org/blog/security-awareness-training-network-segmentation) -- [Network Segmentation: Concepts and Practices (cmu.edu)](https://insights.sei.cmu.edu/blog/network-segmentation-concepts-and-practices/) -- [Secure networks with Zero Trust | Microsoft Learn](https://learn.microsoft.com/security/zero-trust/deploy/networks?WT.mc_id=academic-96948-sayoung) -- [What is end-to-end encryption? | IBM](https://www.ibm.com/topics/end-to-end-encryption) -- [What Is End-to-End Encryption, and Why Does It Matter? (howtogeek.com)](https://www.howtogeek.com/711656/what-is-end-to-end-encryption-and-why-does-it-matter/) -- [Definition of Secure Access Service Edge (SASE) - Gartner Information Technology Glossary](https://www.gartner.com/en/information-technology/glossary/secure-access-service-edge-sase) -- [What Is Secure Access Service Edge (SASE)? | Microsoft Security](https://www.microsoft.com/security/business/security-101/what-is-sase?WT.mc_id=academic-96948-sayoung) +- What Is Network Segmentation? - Cisco +- What Is Micro-Segmentation? - Cisco +- Implementing Network Segmentation and Segregation | Cyber.gov.au +- What Is Network Segmentation and Why It Matters | CompTIA +- Network Segmentation: Concepts and Practices (cmu.edu) +- Secure networks with Zero Trust | Microsoft Learn +- What is end-to-end encryption? | IBM +- What Is End-to-End Encryption, and Why Does It Matter? (howtogeek.com) +- Definition of Secure Access Service Edge (SASE) - Gartner Information Technology Glossary +- What Is Secure Access Service Edge (SASE)? | Microsoft Security diff --git a/3.3 Network security capabilities.md b/3.3 Network security capabilities.md index 590b054..ddb704f 100644 --- a/3.3 Network security capabilities.md +++ b/3.3 Network security capabilities.md @@ -4,14 +4,14 @@ In this lesson we’ll learn about the following capabilities that can be used to secure a network: - - Traditional firewalls - - Web application firewalls - - Cloud security groups - - CDN - - Load balancers - - Bastion hosts - - VPNs - - DDoS protection +- Traditional firewalls +- Web application firewalls +- Cloud security groups +- CDN +- Load balancers +- Bastion hosts +- VPNs +- DDoS protection ## Traditional Firewalls @@ -47,16 +47,14 @@ DDoS (Distributed Denial of Service) protection tools and services are designed ## Further reading -- [What Is a Firewall? - Cisco](https://www.cisco.com/c/en/us/products/security/firewalls/what-is-a-firewall.html#~types-of-firewalls) -- [What Does a Firewall Actually Do? (howtogeek.com)](https://www.howtogeek.com/144269/htg-explains-what-firewalls-actually-do/) -- [What is a Firewall? How Firewalls Work & Types of Firewalls (kaspersky.com)](https://www.kaspersky.com/resource-center/definitions/firewall) -- [Network security group - how it works | Microsoft Learn](https://learn.microsoft.com/azure/virtual-network/network-security-group-how-it-works) -- [Introduction to Azure Content Delivery Network (CDN) - Training | Microsoft Learn](https://learn.microsoft.com/training/modules/intro-to-azure-content-delivery-network/?WT.mc_id=academic-96948-sayoung) -- [What is a content delivery network (CDN)? - Azure | Microsoft Learn](https://learn.microsoft.com/azure/cdn/cdn-overview?WT.mc_id=academic-96948-sayoung) -- [What Is Load Balancing? How Load Balancers Work (nginx.com)](https://www.nginx.com/resources/glossary/load-balancing/) -- [Bastion hosts vs. VPNs · Tailscale](https://tailscale.com/learn/bastion-hosts-vs-vpns/) -- [What is VPN? How It Works, Types of VPN (kaspersky.com)](https://www.kaspersky.com/resource-center/definitions/what-is-a-vpn) -- [Introduction to Azure DDoS Protection - Training | Microsoft Learn](https://learn.microsoft.com/training/modules/introduction-azure-ddos-protection/?WT.mc_id=academic-96948-sayoung) -- [What Is a DDoS Attack? | Microsoft Security](https://www.microsoft.com/security/business/security-101/what-is-a-ddos-attack?WT.mc_id=academic-96948-sayoung) - - +- What Is a Firewall? - Cisco +- What Does a Firewall Actually Do? (howtogeek.com)[]() +- What is a Firewall? How Firewalls Work & Types of Firewalls (kaspersky.com) +- Network security group - how it works | Microsoft Learn +- Introduction to Azure Content Delivery Network (CDN) - Training | Microsoft Learn +- What is a content delivery network (CDN)? - Azure | Microsoft Learn +- What Is Load Balancing? How Load Balancers Work (nginx.com) +- Bastion hosts vs. VPNs · Tailscale +- What is VPN? How It Works, Types of VPN (kaspersky.com) +- Introduction to Azure DDoS Protection - Training | Microsoft Learn +- What Is a DDoS Attack? | Microsoft Security diff --git a/4.1 SecOps key concepts.md b/4.1 SecOps key concepts.md index d9550a3..212c4ab 100644 --- a/4.1 SecOps key concepts.md +++ b/4.1 SecOps key concepts.md @@ -4,11 +4,11 @@ Security operations are a critical component of an organization’s overall security function. In this lesson, we’ll learn more about this: - - What is a security operations function within a business? - - - What kind of form can security operations take? - - - How does security operations differ from traditional IT operations? +- What is a security operations function within a business? + +- What kind of form can security operations take? + +- How does security operations differ from traditional IT operations? ## What is a security operations function within a business? @@ -42,21 +42,17 @@ Security operations and traditional IT operations are related but distinct funct ## Incident response workflow -The NIST Cybersecurity Framework Core Functions lists five overarching functions that should be performed continuously as part of an organization’s operational environment to reduce cybersecurity risk. +The NIST Cybersecurity Framework Core Functions lists five overarching functions that should be performed continuously as part of an organization’s operational environment to reduce cybersecurity risk. ![image](https://github.com/microsoft/Security-101/assets/139931591/f6d19dce-f96e-47bd-9e0a-8019675a602d) +It is important to appreciate that these activities should exist as part of a bigger circle that plugs into and aligns with an organization’s wider cybersecurity processes. -It is important to appreciate that these activities should exist as part of a bigger circle that plugs into and aligns with an organization’s wider cybersecurity processes. - -**Note:** You can read more about the NIST Cybersecurity Framework at [https://www.nist.gov/cybersecurity](https://www.nist.gov/cybersecurity) +**Note:** You can read more about the NIST Cybersecurity Framework at https://www.nist.gov/cybersecurity ## Further reading -- [Security operations | Microsoft Learn](https://learn.microsoft.com/security/operations/overview?WT.mc_id=academic-96948-sayoung) -- [Implementing security operations processes | Microsoft Learn](https://learn.microsoft.com/security/operations/?WT.mc_id=academic-96948-sayoung) -- [What is a security operations center (SOC)? | Microsoft Security](https://www.microsoft.com/security/business/security-101/what-is-a-security-operations-center-soc?WT.mc_id=academic-96948-sayoung) -- [What Is a Security Operations Center | Cybersecurity | CompTIA](https://www.comptia.org/content/articles/what-is-a-security-operations-center) - - - +- Security operations | Microsoft Learn +- Implementing security operations processes | Microsoft Learn +- What is a security operations center (SOC)? | Microsoft Security +- What Is a Security Operations Center | Cybersecurity | CompTIA diff --git a/4.2 SecOps zero trust architecture.md b/4.2 SecOps zero trust architecture.md index 321af72..8b44b46 100644 --- a/4.2 SecOps zero trust architecture.md +++ b/4.2 SecOps zero trust architecture.md @@ -61,10 +61,9 @@ In addition to centralized log collection, here are some best practices for secu 5. **Security Automation**: Leverage security automation and orchestration tools to streamline incident response and repetitive tasks. 6. **Backup and Recovery**: Implement robust backup and disaster recovery solutions to ensure data availability in case of data loss or ransomware attacks. - -## Further reading -- [Microsoft Security Best Practices module: Security operations | Microsoft Learn](https://learn.microsoft.com/security/operations/security-operations-videos-and-decks?WT.mc_id=academic-96948-sayoung) -- [Security operations - Cloud Adoption Framework | Microsoft Learn](https://learn.microsoft.com/azure/cloud-adoption-framework/secure/security-operations?WT.mc_id=academic-96948-sayoung) -- [What is Security Operations and Analytics Platform Architecture? A Definition of SOAPA, How It Works, Benefits, and More (digitalguardian.com)](https://www.digitalguardian.com/blog/what-security-operations-and-analytics-platform-architecture-definition-soapa-how-it-works#:~:text=All%20in%20all%2C%20security%20operations%20and%20analytics%20platform,become%20more%20efficient%20and%20operative%20with%20your%20security.) +## Further reading +- Microsoft Security Best Practices module: Security operations | Microsoft Learn +- Security operations - Cloud Adoption Framework | Microsoft Learn +- What is Security Operations and Analytics Platform Architecture? A Definition of SOAPA, How It Works, Benefits, and More (digitalguardian.com) diff --git a/4.3 SecOps capabilities.md b/4.3 SecOps capabilities.md index c728de0..dc6c1f3 100644 --- a/4.3 SecOps capabilities.md +++ b/4.3 SecOps capabilities.md @@ -72,14 +72,12 @@ To enhance security operations, organizations can leverage several capabilities 5. **Deception Technologies**: Deploy deception technologies to mislead and detect attackers within the network. - ## Further reading -- [What is SIEM? | Microsoft Security](https://www.microsoft.com/security/business/security-101/what-is-siem?WT.mc_id=academic-96948-sayoung) -- [What Is SIEM? - Security Information and Event Management - Cisco](https://www.cisco.com/c/en/us/products/security/what-is-siem.html) -- [Security information and event management - Wikipedia](https://en.wikipedia.org/wiki/Security_information_and_event_management) -- [What Is XDR? | Microsoft Security](https://www.microsoft.com/security/business/security-101/what-is-xdr?WT.mc_id=academic-96948-sayoung) -- [XDR & XDR Security (kaspersky.com.au)](https://www.kaspersky.com.au/resource-center/definitions/what-is-xdr) -- [The Power of SecOps: Redefining Core Security Capabilities - The New Stack](https://thenewstack.io/the-power-of-secops-redefining-core-security-capabilities/) -- [Seven Steps to Improve Your Security Operations and Response (securityintelligence.com)](https://securityintelligence.com/seven-steps-to-improve-your-security-operations-and-response/) - +- What is SIEM? | Microsoft Security +- What Is SIEM? - Security Information and Event Management - Cisco +- Security information and event management - Wikipedia +- What Is XDR? | Microsoft Security +- XDR & XDR Security (kaspersky.com.au) +- The Power of SecOps: Redefining Core Security Capabilities - The New Stack +- Seven Steps to Improve Your Security Operations and Response (securityintelligence.com) diff --git a/5.1 AppSec key concepts.md b/5.1 AppSec key concepts.md index 1d0d38e..9eb25c9 100644 --- a/5.1 AppSec key concepts.md +++ b/5.1 AppSec key concepts.md @@ -62,10 +62,9 @@ Key concepts and principles that underpin application security include: - Integrate security practices into every phase of the software development lifecycle, from requirements to deployment and maintenance. - ## Further reading -- [SheHacksPurple: What is Application Security? - YouTube](https://www.youtube.com/watch?v=eNmccQNzSSY) -- [What Is Application Security? - Cisco](https://www.cisco.com/c/en/us/solutions/security/application-first-security/what-is-application-security.html#~how-does-it-work) -- [What is application security? A process and tools for securing software | CSO Online](https://www.csoonline.com/article/566471/what-is-application-security-a-process-and-tools-for-securing-software.html) -- [OWASP Cheat Sheet Series | OWASP Foundation](https://owasp.org/www-project-cheat-sheets/) +- SheHacksPurple: What is Application Security? - YouTube +- What Is Application Security? - Cisco +- What is application security? A process and tools for securing software | CSO Online +- OWASP Cheat Sheet Series | OWASP Foundation diff --git a/5.2 AppSec key capabilities.md b/5.2 AppSec key capabilities.md index 1b2752f..feb3b1c 100644 --- a/5.2 AppSec key capabilities.md +++ b/5.2 AppSec key capabilities.md @@ -90,10 +90,7 @@ Key capabilities and tools used in application security are essential for identi ## Further reading -- [What Is Application Security? Concepts, Tools & Best Practices | HackerOne](https://www.hackerone.com/knowledge-center/what-application-security-concepts-tools-best-practices) -- [What is IAST? (Interactive Application Security Testing) (comparitech.com)](https://www.comparitech.com/net-admin/what-is-iast/) -- [10 Types of Application Security Testing Tools: When and How to Use Them (cmu.edu)](https://insights.sei.cmu.edu/blog/10-types-of-application-security-testing-tools-when-and-how-to-use-them/) -- [Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Security-by-Design and Default | Cyber.gov.au](https://www.cyber.gov.au/about-us/view-all-content/publications/principles-and-approaches-for-security-by-design-and-default) - - - +- What Is Application Security? Concepts, Tools & Best Practices | HackerOne +- What is IAST? (Interactive Application Security Testing) (comparitech.com) +- 10 Types of Application Security Testing Tools: When and How to Use Them (cmu.edu) +- Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Security-by-Design and Default | Cyber.gov.au diff --git a/6.1 Infrastructure security key concepts.md b/6.1 Infrastructure security key concepts.md index f60974a..d79d59f 100644 --- a/6.1 Infrastructure security key concepts.md +++ b/6.1 Infrastructure security key concepts.md @@ -36,7 +36,7 @@ Security Posture Management refers to the practice of assessing, monitoring, and ## What is patching and why is it important? -**Patching** refers to the process of applying software updates, also known as patches or fixes, to software, operating systems, and applications. These updates typically address security vulnerabilities, bugs, and other issues that can be exploited by attackers. Hardware devices also require patching: it can be their firmware or built-in OS. Hardware patching can be much harder than software patching. +**Patching** refers to the process of applying software updates, also known as patches or fixes, to software, operating systems, and applications. These updates typically address security vulnerabilities, bugs, and other issues that can be exploited by attackers. Hardware devices also require patching: it can be their firmware or built-in OS. Hardware patching can be much harder than software patching. Patching is important for several reasons: @@ -59,31 +59,28 @@ Containers are a form of lightweight, standalone, and executable software packag Container Security refers to the practices and technologies used to protect containers and the applications they host from various security threats and vulnerabilities. Container security is crucial because, while containers offer many benefits in terms of portability and scalability, they also introduce potential security challenges: 1. **Image Security:** Container images can contain vulnerabilities, and if these images are not regularly updated and patched, they can be exploited by attackers. Container security involves scanning images for known vulnerabilities and ensuring that only trusted images are used. - + 2. **Runtime Security:** Running containers must be isolated from each other and the host system to prevent unauthorized access and potential attacks. Runtime security mechanisms include container isolation technologies like namespaces and cgroups, as well as tools for monitoring and auditing container behavior. - + 3. **Network Security:** Containers communicate with each other and external systems over networks. Proper network segmentation and firewall rules are essential to control traffic between containers and prevent unauthorized access. - + 4. **Access Control:** Ensuring that only authorized users and processes can access and modify containers is critical. Role-based access control (RBAC) and identity management tools are often used for access control. - + 5. **Logging and Monitoring:** Container security involves the collection and analysis of logs and monitoring data to detect and respond to security incidents and anomalies in real-time. - + 6. **Orchestration Security:** When using container orchestration platforms like Kubernetes, securing the orchestration layer is equally important. This includes securing the Kubernetes API server, ensuring proper RBAC policies, and auditing cluster activity. - + 7. **Secrets Management:** Handling sensitive information, such as API keys and passwords, in containers requires secure storage and management solutions to prevent exposure. - Container security solutions often involve a combination of security best practices, vulnerability scanning tools, runtime protection mechanisms, network security configurations, and container orchestration security features. Continuous monitoring and automation are essential components of container security to quickly detect and respond to threats as containerized applications evolve and scale. ## Further reading -- [The importance of security hygiene | Security Magazine](https://www.securitymagazine.com/articles/99510-the-importance-of-security-hygiene) -- [What is CSPM? | Microsoft Security](https://www.microsoft.com/security/business/security-101/what-is-cspm?WT.mc_id=academic-96948-sayoung) -- [What is Cloud Security Posture Management (CSPM)? | HackerOne](https://www.hackerone.com/knowledge-center/what-cloud-security-posture-management) -- [Function of cloud security posture management - Cloud Adoption Framework | Microsoft Learn](https://learn.microsoft.com/azure/cloud-adoption-framework/organize/cloud-security-posture-management?WT.mc_id=academic-96948-sayoung) -- [What Is a CNAPP? | Microsoft Security](https://www.microsoft.com/security/business/security-101/what-is-cnapp) -- [Why Everyone Is Talking About CNAPP (forbes.com)](https://www.forbes.com/sites/forbestechcouncil/2021/12/10/why-everyone-is-talking-about-cnapp/?sh=567275ca1549) -- [Why is patching important to cybersecurity? - CyberSmart](https://cybersmart.co.uk/blog/why-is-patching-important-to-cybersecurity/) -- [What Is Container Security? Complete Guide [2023] (aquasec.com)](https://www.aquasec.com/cloud-native-academy/container-security/container-security/) - - +- The importance of security hygiene | Security Magazine +- What is CSPM? | Microsoft Security +- What is Cloud Security Posture Management (CSPM)? | HackerOne +- Function of cloud security posture management - Cloud Adoption Framework | Microsoft Learn +- What Is a CNAPP? | Microsoft Security +- Why Everyone Is Talking About CNAPP (forbes.com) +- Why is patching important to cybersecurity? - CyberSmart +- What Is Container Security? Complete Guide [2023] (aquasec.com) diff --git a/6.2 Infrastructure security capabilities.md b/6.2 Infrastructure security capabilities.md index 99ab6f2..ec8dc6a 100644 --- a/6.2 Infrastructure security capabilities.md +++ b/6.2 Infrastructure security capabilities.md @@ -53,10 +53,10 @@ CSPM helps organizations ensure that their cloud infrastructure is secure, compl CNAPP stands for Cloud-Native Application Protection Platform. It is an all-in-one cloud-native software platform that simplifies monitoring, detecting and acting on potential cloud security threats and vulnerabilities. It combines multiple tools and capabilities into a single software solution to minimize complexity and facilitate DevOps and DevSecOps team operations. CNAPP offers an end-to-end cloud and application security through the whole CI/CD application lifecycle, from development to production. It addresses the industry’s need for modern cloud security monitoring, posture management, breach prevention and control tools. CNAPP solutions provide security teams the ability to quantify and respond to risks in the cloud environment. Some of the features of CNAPP include enhanced visibility, quantification of risks, secure software development, and a combined cloud security solution. CNAPP integrates multiple cloud security solutions that have been traditionally siloed in a single user interface, making it easier for organizations to protect their entire cloud application footprint. CNAPPs consolidate multiple cloud-native security tools and data sources, including container scanning, cloud security posture management, infrastructure as code scanning, cloud infrastructure entitlements management and runtime cloud workload protection platforms. ## Further reading -- [What is CSPM? | Microsoft Security](https://www.microsoft.com/security/business/security-101/what-is-cspm?WT.mc_id=academic-96948-sayoung) -- [What is Cloud Security Posture Management (CSPM)? | HackerOne](https://www.hackerone.com/knowledge-center/what-cloud-security-posture-management) -- [Function of cloud security posture management - Cloud Adoption Framework | Microsoft Learn](https://learn.microsoft.com/azure/cloud-adoption-framework/organize/cloud-security-posture-management?WT.mc_id=academic-96948-sayoung) -- [What Is a CNAPP? | Microsoft Security](https://www.microsoft.com/security/business/security-101/what-is-cnapp?WT.mc_id=academic-96948-sayoung) -- [Why Everyone Is Talking About CNAPP (forbes.com)](https://www.forbes.com/sites/forbestechcouncil/2021/12/10/why-everyone-is-talking-about-cnapp/?sh=567275ca1549) -- [Improving Your Multi-Cloud Security with a Cloud-Native Application Protection Platform (CNAPP)](https://www.youtube.com/watch?v=5w42kQ_QjZg&t=212s) +- What is CSPM? | Microsoft Security +- What is Cloud Security Posture Management (CSPM)? | HackerOne +- Function of cloud security posture management - Cloud Adoption Framework | Microsoft Learn +- What Is a CNAPP? | Microsoft Security +- Why Everyone Is Talking About CNAPP (forbes.com) +- Improving Your Multi-Cloud Security with a Cloud-Native Application Protection Platform (CNAPP) diff --git a/7.1 Data security key concepts.md b/7.1 Data security key concepts.md index 9087e2b..64dce68 100644 --- a/7.1 Data security key concepts.md +++ b/7.1 Data security key concepts.md @@ -52,11 +52,10 @@ In summary, data security is essential for safeguarding sensitive information, c ## Further reading -- [What Is Data Security? | Microsoft Security](https://www.microsoft.com/en-au/security/business/security-101/what-is-data-security?WT.mc_id=academic-96948-sayoung) -- [Automatically Classify & Protect Documents & Data | Microsoft Purview Information Protection](https://youtu.be/v8LqmzBUaOo) -- [Example data classification policy](https://www.cmu.edu/data/guidelines/data-classification.html) -- [What is Data Security? Data Security Definition and Overview | IBM](https://www.ibm.com/topics/data-security) -- [Data Lifecycle Management: A 2023 Guide for Your Business (cloudwards.net)](https://www.cloudwards.net/data-lifecycle-management/) -- [What is data loss prevention (DLP)? | Microsoft Security](https://www.microsoft.com/security/business/security-101/what-is-data-loss-prevention-dlp?WT.mc_id=academic-96948-sayoung) -- [What is DLP? How data loss prevention software works and why you need it | CSO Online](https://www.csoonline.com/article/569559/what-is-dlp-how-data-loss-prevention-software-works-and-why-you-need-it.html) - +- What Is Data Security? | Microsoft Security +- Automatically Classify & Protect Documents & Data | Microsoft Purview Information Protection +- Example data classification policy +- What is Data Security? Data Security Definition and Overview | IBM +- Data Lifecycle Management: A 2023 Guide for Your Business (cloudwards.net) +- What is data loss prevention (DLP)? | Microsoft Security +- What is DLP? How data loss prevention software works and why you need it | CSO Online diff --git a/7.2 Data security capabilities.md b/7.2 Data security capabilities.md index 700b386..c904794 100644 --- a/7.2 Data security capabilities.md +++ b/7.2 Data security capabilities.md @@ -16,7 +16,7 @@ In this lesson, we’ll cover: ## What is data loss prevention tooling? -Data Loss Prevention (DLP) tooling refers to a set of software solutions and technologies designed to prevent unauthorized access, sharing, or leakage of sensitive or confidential data within an organization. These tools use content inspection, policy enforcement, and monitoring to identify and protect sensitive data from being exposed or misused. Example DLP products include: Symantec Data Loss Prevention, McAfee Total Protection for Data Loss Prevention, Microsoft 365 DLP**: Integrates with Microsoft 365 applications to help organizations identify and protect sensitive data within emails, documents, and messages. +Data Loss Prevention (DLP) tooling refers to a set of software solutions and technologies designed to prevent unauthorized access, sharing, or leakage of sensitive or confidential data within an organization. These tools use content inspection, policy enforcement, and monitoring to identify and protect sensitive data from being exposed or misused. Example DLP products include: Symantec Data Loss Prevention, McAfee Total Protection for Data Loss Prevention, Microsoft 365 DLP\*\*: Integrates with Microsoft 365 applications to help organizations identify and protect sensitive data within emails, documents, and messages. ## What is insider risk management tooling? @@ -28,12 +28,10 @@ Data retention tooling includes software and solutions designed to manage the re ## Further reading -- [Guide to Data Security Posture Management (DSPM) | CSA (cloudsecurityalliance.org)](https://cloudsecurityalliance.org/blog/2023/03/31/the-big-guide-to-data-security-posture-management-dspm/) -- [Data Loss Prevention across endpoints, apps, & services | Microsoft Purview](https://youtu.be/hvqq8L_0kgI) -- [18 Best Data Loss Prevention Software Tools 2023 (Free + Paid) (comparitech.com)](https://www.comparitech.com/data-privacy-management/data-loss-prevention-tools-software/) -- [Data Loss Prevention (nist.gov)](https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=904672) -- [Learn about insider risk management | Microsoft Learn](https://learn.microsoft.com/purview/insider-risk-management?WT.mc_id=academic-96948-sayoung) -- [Data Lifecycle Management | IBM](https://www.ibm.com/topics/data-lifecycle-management) -- [What Is Data Lifecycle Management (DLM)? | 2023 Best Practices (selecthub.com)](https://www.selecthub.com/big-data-analytics/data-lifecycle-management/) - - +- Guide to Data Security Posture Management (DSPM) | CSA (cloudsecurityalliance.org) +- Data Loss Prevention across endpoints, apps, & services | Microsoft Purview +- 18 Best Data Loss Prevention Software Tools 2023 (Free + Paid) (comparitech.com) +- Data Loss Prevention (nist.gov) +- Learn about insider risk management | Microsoft Learn +- Data Lifecycle Management | IBM +- What Is Data Lifecycle Management (DLM)? | 2023 Best Practices (selecthub.com) diff --git a/SUPPORT.md b/SUPPORT.md index 291d4d4..6892160 100644 --- a/SUPPORT.md +++ b/SUPPORT.md @@ -6,20 +6,20 @@ - **Yes CSS support:** Fill out an intake form at [aka.ms/onboardsupport](https://aka.ms/onboardsupport). CSS will work with/help you to determine next steps. - **Not sure?** Fill out an intake as though the answer were "Yes". CSS will help you decide. -*Then remove this first heading from this SUPPORT.MD file before publishing your repo.* +_Then remove this first heading from this SUPPORT.MD file before publishing your repo._ # Support -## How to file issues and get help +## How to file issues and get help -This project uses GitHub Issues to track bugs and feature requests. Please search the existing -issues before filing new issues to avoid duplicates. For new issues, file your bug or +This project uses GitHub Issues to track bugs and feature requests. Please search the existing +issues before filing new issues to avoid duplicates. For new issues, file your bug or feature request as a new Issue. -For help and questions about using this project, please **REPO MAINTAINER: INSERT INSTRUCTIONS HERE +For help and questions about using this project, please **REPO MAINTAINER: INSERT INSTRUCTIONS HERE FOR HOW TO ENGAGE REPO OWNERS OR COMMUNITY FOR HELP. COULD BE A STACK OVERFLOW TAG OR OTHER CHANNEL. WHERE WILL YOU HELP PEOPLE?**. -## Microsoft Support Policy +## Microsoft Support Policy Support for this **PROJECT or PRODUCT** is limited to the resources listed above.