David Clinton
Outline
All the tutorials in this course:
- Identifying the Modern Threat Environment
- Understanding Incident Prevention
- Preparing for Incident Response and Recovery
- Utilizing Resources and Opportunities
Great to see you here! Allow me to quickly introduce myself so you can get to the content without any any unnecessary delay.
I'm an AWS solutions architect and Linux server administrator from Toronto, Canada. I've been creating technology training content for more than a decade. In that time, more than 60,000 of my books were sold and more than a half a million people just like you viewed my video courses.
Let's see whether I can deliver some solid value to you, too.
One general note: You're perfectly welcome to simply watch the videos and absorb the information. But actually getting your hands dirty by running everything you see here on your own machine will give the information a real turbo-boost. Keep an eye on the notes to each lesson for code and guides that'll help you recreate all of the demos you'll see here.
There may be no reasonable likelihood that we'll ever achieve 100% security for our systems. But that doesn't mean we shouldn't try. For one thing, 95% is a still whole lot better than 0%. And for another, security means so much more than simply trying to stop attacks. It's also about preparing now so we'll be able to quickly respond once an attack does get through, and carefully thinking through a complete restore and recovery plan so we can get ourselves back on our feet as fast as possible.
Here's a sharp saying that's been repeated so often that it's getting tired. But it's still true. If you fail to plan, you're planning to fail. And here's another familiar old saying that's also true: Hope isn't a plan.
Even if your IT infrastructure is eventually hit - and hit hard - if you've got a solid plan in place, your organization will stand a good chance of recovering. And you'll probably get to keep your job.
With that in mind, let me share a simple framework around which everything we're going to do here can be organized. Way back in the 1970's the US government's National Institute of Standards and Technology (known as NIST) published what they called the CIA Triad of security goals: Confidentiality, Integrity, and Availability. Confidentiality means that the privacy of your system's operations and of the data it manages must be protected. Integrity is the requirement for the short and long-term reliability of both our data and system performance. And Availability represents the needs of our users for timely and reliable access to our systems.
In the decades since the CIA Triad appeared, there have been plenty of far more detailed and complicated frameworks published. I've added links to many of those in the text that accompanies this lesson. In a way, you can think of this course itself as a kind of framework. I won't be demonstrating any specific technologies - like firewalls or penetration testing tools or intrusion detecting system - but instead I'll give you a big picture view of what processes you'll need to incorporate into your own organization's plans.
We'll talk about common threat categories and how you can perform an effective risk assessment to help you understand just how vulnerable your infrastructure and business operations are to the specific kinds of threats you face. To generate useful insights in that area, you'll need to understand your actual real business needs: how long can a lights-out event stretch before your survival is no longer assured? How much data loss can you withstand and still fully recover?
Then we'll address incident prevention. What controls - like password rules or system design patterns - can you apply that'll make it harder for criminals to infiltrate your systems and, if they do manage to get in, what will help reduce the damage they're able to inflict on you. We'll also discuss the value of compliance with various regulatory regimes - like the PCI-DSS standard - and the importance of both internal and external audits.
From incident prevention, we'll move on to incident response and recovery. There, we'll learn about creating formal and comprehensive plans. Those will include all the individual steps required for full event management execution. They'll also include some discussion of testing your response and backup restoration plans. Because a plan that's not fully tested is a plan that probably won't work.
We'll finish up the course with a look at the key job roles and professional skills that're important for building successful cyber security implementations. What'll it take to train your team and what tools are you going to need to raise your defences to a sustainable level.