Modern computer systems are almost universally connected, which creates wider attack surfaces well beyond code to users, hardware, and more. Securing systems is thus a fundamental skill for modern software engineers.

This course is a comprehensive introduction to cyber security best practices. You’ll start with an overview of common threats and vulnerabilities, as well as high-level concepts like privilege, integrity, logging, and mediation. With these concepts in mind, you’ll then learn common protection mechanisms and defense strategies from endpoint protection to firewalls, gateways, and proxy servers. Next, you’ll learn monitoring and detection techniques, alerts, and event management. Finally, when you detect a threat, you’ll know how to respond with support tickets, data preservation, and change management.

By the end of this course, you’ll have a better understanding of modern cyber security practices and a clear roadmap to implementing these as a developer.

Cyber Security Best Practices for Developers

## Map onto security principles

Each decision made about controls and processes should be mapped to one or more of the security principles discussed in this section. If it isn’t, reconsider whether the effort will improve security or if it will result in security theater.

## Complexity

An increase in complexity has a potentially adverse impact on the security of an organization’s network, systems, and software. 

## Maturity levels

Consider the maturity levels assigned to the security controls that are discussed. These security maturity levels are intended to serve as a guide to help determine which controls are appropriate for an organization’s information security program.

## Wrap up

Bret Arsenault, Chief Information Security Officer of Microsoft, summed it up well when he said, “I firmly believe that security is a journey and not a destination. It’s also an issue that must be addressed holistically by the industry and not by a single vendor. It’s only by working closely with our partners, the security ecosystem, and governments around the world that we can ensure consumers and businesses can trust the technology they use and don’t view security as a barrier to technology adoption.”

___

# Map onto security principles

Each decision made about controls and processes should be mapped to one or more of the security principles discussed in this section. If it isn’t, reconsider whether the effort will improve security or if it will result in security theater.

# Complexity

An increase in complexity has a potentially adverse impact on the security of an organization’s network, systems, and software. 

# Maturity levels

Consider the maturity levels assigned to the security controls that are discussed. These security maturity levels are intended to serve as a guide to help determine which controls are appropriate for an organization’s information security program.

# Wrap up

Bret Arsenault, Chief Information Security Officer of Microsoft, summed it up well when he said, “I firmly believe that security is a journey and not a destination. It’s also an issue that must be addressed holistically by the industry and not by a single vendor. It’s only by working closely with our partners, the security ecosystem, and governments around the world that we can ensure consumers and businesses can trust the technology they use and don’t view security as a barrier to technology adoption.”

___

Get a recap of the basic security techniques we've learned in this chapter.

Introduction

Basics of Security

Detect

Protect

Respond

Conclusion

Summary: Basics of Security

Map onto security principles

Complexity

Maturity levels

Wrap up