40551: Enterprise Security Fundamentals | IT Training & Certification | Info Trek
Respect Your Dreams
Follow through on your goals with courses

40551: Enterprise Security Fundamentals

Location

Format What’s this?
  1. 1 Days
  1. All of our private classes are customized to your organization's needs.
  2. Click on the button below to send us your details and you will be contacted shortly.
Request more information

Inquiry for: Myself    My Company

By providing your contact details, you agree to our Privacy Policy

 

 

 

Thank You

Our learning consultant will get back to you in 1 business day

40551: Enterprise Security Fundamentals

WHAT YOU WILL LEARN

This 1-day Instructor-led security workshop provides insight into security practices to improve the security posture of an organization. The workshop examines the concept of Red team – Blue team security professionals, where one group of security pros--the red team--attacks some part or parts of a company’s security infrastructure, and an opposing group--the blue team--defends against the attack. Both teams work to strengthen a company’s defenses. Since the goal of the two teams is to help the business attain a higher level of security, the security industry is calling this function, the Purple team.


This workshop is part of a larger series of Workshops offered by Microsoft on the practice of Security. While it is not required that you have completed any of the other courses in the Security Workshop series before taking this workshop, it is highly recommended that you start with this workshop in the series, Microsoft Security Workshop: Enterprise Security Fundamentals.

AUDIENCE

This 1-day workshop is intended for IT Professionals that require a deeper understanding of Windows Security that wish to increase their knowledge level. This course also provides background in cyber-security prior to taking the other security courses in this track.

PREREQUISITES

In addition to their professional experience, students who take this training should already have the following technical knowledge:

• The current cyber-security ecosystem

• Analysis of hacks on computers and networks

• Basic Risk Management


METHODOLOGY

This program will be conducted with interactive lectures, PowerPoint presentation, discussion and practical exercise.

COURSE OBJECTIVES

After completing this course, students will be able to:

• Describe the current cybersecurity landscape

• Describe the assume compromise philosophy

• Identify factors that contribute to the cost of a breach

• Distinguish between responsibilities of red teams and blue teams

• Identify typical objectives of cyber attackers

• Describe a kill chain carried out by read teams

• Describe the role, goals, and kill chain activities of the blue team in red team exercises

• Describe the ways limiting how an attacker can compromise unprivileged accounts.

• Describe the methods used to restrict lateral movement.

• Describe how telemetry monitoring is used to detect attacks.

• Explain the concept of Confidentiality, Integrity, and Availability (CIA) triad.

• Describe the primary activities that should be included in organization preparations

• Identify the main principles of developing and maintaining policies.


Expand All

Modules

Module 1: Understanding the cyber-security landscape

In this module, you will learn about the current cybersecurity landscape and learn how adopting the assume compromise philosophy, you can you restrict an attacker’s ability to move laterally between information systems and to restrict their ability to escalate privileges within those systems. The current cyber-security landscape is vast and likely impossible for any one individual to comprehend in its entirety. There are, however, several aspects of that landscape to which those interested in the fundamentals of enterprise security should pay attention.


Lessons
• Current Cyber-security Landscape
• Assume Compromise Philosophy

After completing this module, students will be able to:
• Describe the current cybersecurity landscape.
• Describe the Assume Compromise Philosophy.
• Identify factors that contribute to the cost of a breach.

Module 2: Red Team: Penetration, Lateral Movement, Escalation, and Exfiltration

Red team versus blue team exercises involve the simulation of an attack against an organization’s information system. The red team simulates and, in some cases, performs proof of concept steps taken in the attack against the organization’s IT systems. The blue team simulates the response to that attack. This adversarial approach not only allows for the identification of security vulnerabilities in the way that the organization’s IT systems are configured, but also allows members of the organization’s information systems staff to learn how to detect and respond to attacks. In this module you will learn the Practice Red team versus Blue team approach to detecting and responding to security threats.


Lessons

• Red Team versus Blue Team Exercises

• The Attackers Objective

• Red Team Kill Chain


After completing this module, students will be able to:

• Distinguish between responsibilities of red teams and blue teams.

• Identify typical objectives of cyber attackers.

• Describe a kill chain carried out by red teams.


Module 3: Blue Team Detection, Investigation, Response, and Mitigation

In this module you will learn about the Blue Team roles and goals in the attack exercises. You will learn the structure of an attack against an objective (Kill Chain) and the ways limiting how an attacker can compromise unprivileged accounts. You will also learn the methods used to restrict lateral movement that prevent attackers from using a compromised system to attack other systems and how telemetry monitoring is used to detect attacks.


Lessons

• The Blue Team

• Blue Team Kill Chain

• Restricting Privilege Escalation

• Restrict Lateral Movement

• Attack Detection


After completing this module, students will be able to:

• Describe the Blue Team rRole, and Ggoals, and kill chain activities of the blue team in the red team exercises.

• Describe the structure of an attack against an objective (Kill Chain).

• Describe the ways limiting how an attacker can compromise unprivileged accounts.

• Describe the methods used to restrict lateral movement.

• Describe how telemetry monitoring is used to detect attacks.


Module 4: Organizational Preparations

There are several ongoing preparations that an organization can take to improve their overall approach to information security. In this module, we will take a closer look at some of them. You will learn about a conceptual model for thinking about the security of information and how to approach information security and to prepare properly including ensuring your organization has a deliberate approach to information security.


Lessons

• CIA Triad

• Organizational Preparations

• Developing and Maintain Policies


Lab : Designing a Blue Team strategy


After completing this module, students will be able to:

• Explain the concept of Confidentiality, Integrity, and Availability (CIA) triad.

• Describe the primary activities that should be included in organization preparations.

• Identify the main principles of developing and maintaining policies.


After completing this lab, students will be able to:

• Design a high-level approach to mitigating threats

• Recommend tools and methodology facilitating tracking down origins of cyberattacks

• Provide high level steps of a recovery effort

• Recommend methods of preventing cyberattacks

• Describe regulatory challenges that result from malware exploits


Ong Kian Boon

Ong Kian Boon

Have been working in the IT industry since 2004 and exposed to all the common challenges faced by IT and security professionals. With years of experience working with business and management, IT service delivery and end users, he understands the importance of business value, infrastructure efficiency, user productivity as well as the protection of all these assets.Having started training with Info Trek in 2009, he has been sharing his passion and experiences in Microsoft infrastructure servers, Cisco routing and switching, as well as Novell SuSE Linux. He also specialises in security implementations and audit as no implementation can survive without it. Read More

Mohd Adam Kane

Mohd Adam Kane

Started training in early 1997 after returning from Singapore and have been actively participating in IT projects and consultation while conducting freelance training. He was a Senior Trainer with Info Trek focus on Unified Communications, Messaging Infrastructure, Network Infrastructure Management and Microsoft Server Systems.He brings to the classroom for all to share his many years of experience in project roll out and consultancy such as Operating System Migration, Messaging Infrastructure Deployment & Migration, System Center Deployment, Data Center Planning & Management, Identity Management, Unified Communication Implementation, Disaster Recovery, Fibre Network Implementation, High Availability Deployment and Network Management. Read More

Ali Reza Bin Azmi

Ali Reza Bin Azmi

Ali Reza Azmi has been working in the IT industry since 2000 and he has more than 14 years of experience in IT training. He is well - versed in the configuration and troubleshooting of Window Server 20012 network infrastructure, Windows identity and access solutions with Windows Server 20012 active directory, Window Server 2012 active directory domain services and Windows Servers 2012 servers. He is knowledgeable in the planning and implementation of Windows Server 20012, Windows 8 desktop deployments and environments and in supporting Windows 8 for enterprise among others.


Read More

Course Reviews

No Remarks

0

0 Ratings