From the course: Microsoft Cybersecurity Architect (SC-100) Cert Prep by Microsoft Press
Join today to access over 25,500 courses taught by industry experts.
Evaluate security workflows
From the course: Microsoft Cybersecurity Architect (SC-100) Cert Prep by Microsoft Press
Evaluate security workflows
As we implement our security strategy, we need to make sure that we have workflows built in for when an attack might happen. This workflow should include both technical and administrative tasks. First, we need to try to identify the scope of the attack operation. Most attacks use multiple persistence mechanisms, not just one. Then we need to identify the objective of the attack, if that's possible. Find out what data or what system they're trying to access. This can help us limit the response scope so that we can ensure that our recovery operations can be done in less than 24 hours. We should also have clear plan ownership of who's going to designate the project lead and run the day-to-day tasks of making sure these workflows are executed. Then, of course, some of the administrative tasks is that we need to maintain communication. This could be cross team leadership teams that are expecting timely updates for any type of…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
(Locked)
Learning objectives42s
-
(Locked)
Designing a logging and auditing strategy1m 15s
-
(Locked)
Security operation considerations1m 51s
-
(Locked)
Design a SIEM and SOAR strategy1m 30s
-
(Locked)
Evaluate security workflows1m 8s
-
(Locked)
Evaluate incident management1m 22s
-
(Locked)
Evaluate technical threat intelligence54s
-
(Locked)
-
-
-
-
-
-
-
-