MOC-40551 Microsoft Security Workshop: Enterprise Security Fundamentals

This workshop is part of a larger series of Workshops offered by Microsoft on the practice of Security. While it is not required that you have completed any of the other courses in the Security Workshop series before taking this workshop, it is highly recommended that you start with this workshop in the series, Microsoft Security Workshop: Enterprise Security Fundamentals.

Target audience:
This 1-day workshop is intended for IT Professionals that require a deeper understanding of Windows Security that wish to increase their knowledge level. This course also provides background in cyber-security prior to taking the other security courses in this track.

Prerequizities:
In addition to their professional experience, students who take this training should already have the following technical knowledge:

• The current cyber-security ecosystem
• Analysis of hacks on computers and networks
• Basic Risk Management

Program:

• Module 1: Understanding the cyber-security landscape
  • In this module, you will learn about the current cybersecurity landscape and learn how adopting the assume compromise philosophy, you can you restrict an attacker’s ability to move laterally between information systems and to restrict their ability to escalate privileges within those systems. The current cyber-security landscape is vast and likely impossible for any one individual to comprehend in its entirety. There are, however, several aspects of that landscape to which those interested in the fundamentals of enterprise security should pay attention.
• Module 2: Red Team: Penetration, Lateral Movement, Escalation, and Exfiltration
  • Red team versus blue team exercises involve the simulation of an attack against an organization’s information system. The red team simulates and, in some cases, performs proof of concept steps taken in the attack against the organization’s IT systems. The blue team simulates the response to that attack. This adversarial approach not only allows for the identification of security vulnerabilities in the way that the organization’s IT systems are configured, but also allows members of the organization’s information systems staff to learn how to detect and respond to attacks. In this module you will learn the Practice Red team versus Blue team approach to detecting and responding to security threats.
• Module 3: Blue Team Detection, Investigation, Response, and Mitigation
  • In this module you will learn about the Blue Team roles and goals in the attack exercises. You will learn the structure of an attack against an objective (Kill Chain) and the ways limiting how an attacker can compromise unprivileged accounts. You will also learn the methods used to restrict lateral movement that prevent attackers from using a compromised system to attack other systems and how telemetry monitoring is used to detect attacks.
• Module 4: Organizational Preparations
  • There are several ongoing preparations that an organization can take to improve their overall approach to information security. In this module, we will take a closer look at some of them. You will learn about a conceptual model for thinking about the security of information and how to approach information security and to prepare properly including ensuring your organization has a deliberate approach to information security.

More information: https://www.microsoft.com/en-us/learning/course.aspx?cid=40551

After completing this course, students will be able to:

• describe the current cybersecurity landscape;
• describe the assume compromise philosophy;
• identify factors that contribute to the cost of a breach;
• distinguish between responsibilities of red teams and blue teams;
• identify typical objectives of cyber attackers;
• describe a kill chain carried out by read teams;
• describe the role, goals, and kill chain activities of the blue team in red team exercises;
• describe the ways limiting how an attacker can compromise unprivileged accounts;
• describe the methods used to restrict lateral movement;
• describe how telemetry monitoring is used to detect attacks;
• explain the concept of Confidentiality, Integrity, and Availability (CIA) triad;
• describe the primary activities that should be included in organization preparations;
• identify the main principles of developing and maintaining policies.

Koolitaja:
Peep Võrno on serverite ja võrkude vastu suurt huvi tundnud juba aastast 1992. Koolitajana on ta aktiivsemalt tegutsenud alates aastast 2003.
Sertifikaadid ja tunnistused: Microsoft Certified Trainer (MCT) aastast 2003

Koolitushind sisaldab:

• klassikoolitust;
• Microsofti ametlikke õppematerjale;
• koolitaja konsultatsiooni õpitud teemade kohta e-posti teel pärast koolitust;
• tunnistust.

Lisaväärtusena saad:

• vajadusel tasuta korduskoolituse kui tunned, et mõni oskus vajab täiendamist või pidid endast mittesõltuvatel põhjustel koolituse katkestama;
• sooje jooke koos küpsistega;
• lõunasööki igal koolituspäeval

Küsin koolituse kohta lisainfot