“When good people in any country cease their vigilance and struggle, then evil men prevail.” - Pearl S. Buck

Best practices

Though it might sometimes seem complicated, a solid InfoSec foundation can be built by implementing well-known security best practices. These can be broken down into individual controls and processes implemented in a phased approach. As they’re used, the three tenets of information security will be served:

  • Protect

  • Detect

  • Respond

If best practices are focused on and implemented effectively, an organization’s exposure to attacks can be significantly reduced.

Note: At an Enterprise Security webcast in November 2015, Microsoft CEO Satya Nadella summed up the challenge nicely: “The core hygiene, which we sometimes take for granted, is so important. Because once you start with the operational security posture, you recognize that, more often than not, most of the issues have to deal with the lack of patching and the lack of strong credentials. And it’s so important for us to not only improve the technology but the security posture you have around the basics.”

Course overview

We learned the following:

Security basics

  • General security concepts which should be a part of every good security system and the ways to implement them.

  • The concept of security maturity levels that indicate the level of expertise an organization should have to implement respective security controls.

Protect against threats

  • Ways to guard our endpoint devices, such as servers or laptops, from cyber attacks.

  • How an organization needs to use many techniques to protect its networks from attackers aiming to monitor activity and extract sensitive data from the network.

  • The importance of training employees to prevent them from falling into certain traps set by attackers that may compromise an organization’s security system.

Detect threats

  • The importance of continuous monitoring of networks and the endpoints connected to them. This is done through sensors installed on endpoint devices that generate alerts when a threat is detected. The monitored data is stored in a centralized repository such as a security information and event management (SIEM) system.

  • The different kinds of network activity that are vulnerable and should be monitored to detect malware installations, attacks, scans, and other unwanted activities.

  • The importance of scanning networks to discover the assets connected to them. This is important to identify rogue and unregistered devices. The connected devices can then be scanned further for vulnerabilities that can be patched.

  • The importance of collecting relevant information on time. This is done to ensure that this information doesn’t become trivial, thereby losing its value. This information can then be used to identify various types of malicious activities.

Respond to threats

  • Identifying alerts and classifying them as events if they fit the criteria . In addition, we were given an overview of some common security events that could occur, along with ways to create use case documents and support tickets to document them.

  • Finally, we were shown that certain security events could be severe enough to transition to incidents. These incidents must be handled promptly through an incident response plan (IRP) as they prove detrimental to the organization if left unattended. A thorough evaluation and change management process needs to be performed after these incidents are resolved.

The road ahead

Good information security is about the basics. Establish a sound foundation for each of the pillars of information security, then continue to improve on them.

Get hands-on with 1200+ tech skills courses.