So in this video we're going to talk about enterprise security operations what that is and what it means. Enterprise security comprises the strategist techniques that companies undertake to reduce the risk of unauthorized access or loss of confidentiality or loss of availability to data IT. Systems and information, really anything that is going to affect an organization's assets that encompasses technology people and process involved in maintaining a secure environment for assets. So the idea here is within an organization of government or corporation, anything like that you're going to have assets. Assets can be people can be ideas that can be technology, it can be hardware can be software, basically anything that has value to the organization as an asset and the idea behind enterprise security is to protect all assets. So there's various types of domains of defenses are going to play. So you've got physical security that might be fire extinguishers or security guards, gates, doors, locks and then you've got IT. Security and that's when we get into network defense operations, application defenses, things of that nature. And one of the things that we talk about is a sock right sock is only part of enterprise security. And the goal overall for enterprise security is to defend their assets. The way they do that is by reducing the risk. And they do they reduce the risk through a series of other methods. And so what is the risk, a risk is basically the combination of threat plus a vulnerability and a threat is an incident or circumstance. It's an event or circumstance with the potential to adversely impact an organization and this has harm system. So harm a system would cause harm to an organization, adverse impact an organization and a vulnerability is a weakness and information system or system procedure. Internal controls something in that source that could be exploited or triggered by a threat. So if we think about this as we are a bank were a physical bank, our threat might be bank robbers. And the risk that a bank robber might try impose on us is robbing a bank and the vulnerability might try and exploit would be unlocked front doors. So then as a security organization, we say, well we've got unlocked front doors that bank robbers can try and exploit to rob us. And how do we address that, maybe we put locks on the doors, we put bulletproof glass in place, we put security guards and cameras and what that does, that reduces the risk. Because there's a lot of other factors are going to like likelihood and impact, right? So what is the likelihood that a bank robber will come through our front doors and then come through a blitz? Well, if we don't have anything in place, that likelihood might be high. Well, what's the impact of that happens? Well, it depends on how much money we have in our bank, it's that we have a million dollars and they come through. Well, and there's still everything that might, that's a million dollars loss plus potential other loss from reputational damage or things of that nature. So we start to implement things well, it would put bulletproof glass in place and put guards and cameras that's going to reduce the likelihood. The impact stays the same, but it's going to reduce the likelihood and the lower the likelihood to lower the risk. What we can reduce our impact, right, so now maybe we can get insurance that might help reduce our impact, right? Because if we get robbed from bank robbers we can make an insurance claim and cover the damages. So now we reduce our risk pretty far down and that's just one threat scenario. So there's enterprise security goes through this process that identifies all of these types of threat scenarios. It comes up all the mitigating controls for all of them and it works on implementing them maintaining them and keeping them up to date. So in this slide, this is a bit of a busy slide, but this is the cyber risk organization at Microsoft, kind of a high level and you can see here all the different teams, operations and things that go on within the umbrella, that is. Enterprise security specifically really to cyber risk in this case doesn't even including things like physical risk and at the top, you've got your directors, your board, your managers, they write policies and standards. You've got technical under that's an information risk management, right? They come up with policies and standards, those policies and standards are going to inform everything else you've got your technical risk management that deals with government governance, risk and compliance. Right, making sure that any sort of mandated protections that we are or should be in place that an organization adheres to them so that they're complying with regulations. They're taking a proper assessment of the risk of the organization and they're working to reduce that risk as much as possible. You've got posture management which is going to deal with monitoring, remediating those risks that are identified. That's going to with everything from people education to, developer awareness and training, developing your application security programs in point engineering or in point security. Which you can deal with vulnerably management, various network security things, flying tools, ensuring logging, ensuring that credentials people use are correct and up to date and functional. And that's going to find I am as well, identity and key management. Then we've got our threat intelligence, threat intelligence is a group of people that they look at outside influencers. They look at what's going on in the world at large, a different attack organizations, different criminal organizations or different vulnerabilities that come out and they see how those threats can impact the organization. And if it's something that has the potential to impact organization, they digest it and internalize it in a way that the or can then process and they give you kind of idea there with that what I mean by that. If we go back to our bank robbers scenario our bank threat intelligence group might say hey the bank robbers now have they've upgraded they become more efficient at getting through blocks, right? And these are they specifically know how to pick brown locks so they would then say do we have ground lots in our organization? If we do then maybe we should look at changing that. If we don't then it's not something we need to worry about right now. We want to the next thing and that helps kind of informed decisions all across the board there. And then on the far right where we've got our security operations center and this group is going to go over incident preparation and incident management. So they respond instance they look for potential threats and they practice plan and coordinate the response to kind of practice exercises that would mimic real world situations. What happens if our bank does get robbed, how do we respond? And that's something that they would help organize and work through. They're also going to work tightly with the slightly left there the IT. Operations with that vulnerable management groups and the deployment groups. Network security groups detract things like logging and as we talk a little bit more about the security operation center we'll talk about concepts like no normal log analysis. And all these kinds of things and this is where your IT operations and your security operation centers kind of blur almost together in certain aspects. And then in the bottom there it shows you on the far right, we've got our most operations, my operations, we mean on keyboard technical roles and as we move across the left, its governance. So now we're talking about documentation, controls various enforcement policy, stuff like that. So at a snap, this is kind of enterprise security at a high level and then this is a little bit of a breakdown of how Microsoft does there. As you can see the link there at the bottom if you want to read more about it for the remainder of the course. So we're really going to be focusing on the right hand side of our screen. We're going to be talking about security operations center and operations and and how those blur and something I want to point out here is this how Microsoft does it, but it's going to be different at different organizations. I've worked organizations where the network security is very much within the security operations center or you've got your identity. I think Hugh management kind of stuff is maybe more on the government side or whatever it's going to depend on the organization. That might change this break down a little bit in the next video, we're talking about security operation center. What it is, how it works in some of the structure of IT.
