SlideShare a Scribd company logo

Security & Compliance: Core Concepts Explained

Download as PPTX, PDF
A
Alan Eardley

An introduction to the core concepts of Microsoft tools for security and compliance in Microsoft 365 and Azure

Technology
1 of 51
Security & Compliance: Core Concepts Explained Azure Thames Valley User Group Alan Eardley • @al_eardley 16 March 2021
Al Eardley @al_eardley blog.eardley.org.uk Head of Modern Workplace www.cps.co.uk greyhatbeard.com @greyhatbeard PowerPlatform.London/Home @LondonPPUG M365SandCUG.tech/Home @M365SandCUG
What will I cover? The problem The solution The benefits Next steps
The problem
Terminology • The experts talk about technology using words no-one understands • The differences between features are not always obvious • Microsoft have used words interchangeably over the years • … and they change the names of products 🤨
Definitions • The protection of computer systems and networks from the theft of or damage to their hardware, software, or electronic data, as well as from the disruption or misdirection of the services they provide Security • Conforming to a rule, such as a specification, policy, standard or law Compliance • The system by which the current and future use of ICT is directed and controlled Governance
The solution
Stories, metaphors and pictures BORDER CONTROL FAIRGROUNDS LIBRARIES
Who are you?
Are you allowed? Allowed? User Device Location Content
And who are you again? Allowed? User Device Location Content Who are you? Are you who you say you are? How do we know?
Authentication • Who are you? • How do you prove it? • Do I trust your proof? This Photo by Unknown Author is licensed under CC BY-SA-NC
Multi-Factor Authentication Fingerprint Device Eyeball
Single-Sign On • If you pay at the entrance can you go on any ride? • Do you have to pay for each ride? This Photo by Unknown Author is licensed under CC BY-NC-ND
Are you allowed? Allowed? User Device Location Content What device are you using? Is it secure? Have you lent it to a child or friend?
Microsoft Intune
Are you allowed? Allowed? User Device Behaviour Content Where are you? Our network? Coffee shop? North Korea? Is that normal?
Microsoft Defender for Identity
Are you allowed? Allowed? User Device Location Content What are you accessing? Finance data? HR data? Secret sauce recipes?
Conditional Access
Are you allowed? Allowed? User Device Location Content What are you accessing? Finance data? HR data? Secret sauce recipes? Where are you? Our network? Coffee shop? North Korea? What device are you using? Is it secure? Have you lent it to a child or friend? Who are you? Are you who you say you are? How do we know?
Where do you want to go?
Permissions
Entitlements • Request keys • Approve the request • Track who has the keys • Get the keys back when they are no longer needed
Sharing and Collaboration
What do you want to look at?
Sites and Libraries
What do you want to do with it?
Sensitivity Labels
Data Loss Prevention
Microsoft Defender for Office 365
How must we manage it?
Content Lifecycle Create Retain Dispose
Retention
Disposition
eDiscovery
Monitoring
Microsoft Cloud App Security
Microsoft Defender for Office 365
Azure Sentinel
Manage and Train
Secure Score and Compliance Score
Attack Simulation
Summary
Definitions • The protection of computer systems and networks from the theft of or damage to their hardware, software, or electronic data, as well as from the disruption or misdirection of the services they provide Security • Conforming to a rule, such as a specification, policy, standard or law Compliance • The system by which the current and future use of ICT is directed and controlled Governance
Are you allowed? Allowed? User Device Location Content What are you accessing? Finance data? HR data? Secret sauce recipes? Where are you? Our network? Coffee shop? North Korea? What device are you using? Is it secure? Have you lent it to a child or friend? Who are you? Are you who you say you are? How do we know?
Permissions Request Grant Review Revoke/Renew
Content Lifecycle Create Retain Dispose
Govern Train Monitor Test
Questions?
Thank-you Alan Eardley @al_eardley

Recommended

Ayala mar23
Ayala mar23Ayala mar23
Ayala mar23
National Information Standards Organization (NISO)
 
How Machine Learning & AI Will Improve Cyber Security
How Machine Learning & AI Will Improve Cyber SecurityHow Machine Learning & AI Will Improve Cyber Security
How Machine Learning & AI Will Improve Cyber Security
DevOps.com
 
AI In Cybersecurity – Challenges and Solutions
AI In Cybersecurity – Challenges and SolutionsAI In Cybersecurity – Challenges and Solutions
AI In Cybersecurity – Challenges and Solutions
ZoneFox
 
Exploration Draft Document- CEM Machine Learning & AI Project 2018
Exploration Draft Document- CEM Machine Learning & AI Project 2018Exploration Draft Document- CEM Machine Learning & AI Project 2018
Exploration Draft Document- CEM Machine Learning & AI Project 2018
Leslie McFarlin
 
Data Analytics in Real World
Data Analytics in Real WorldData Analytics in Real World
Data Analytics in Real World
geetachauhan
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
justyogesh
 
ethical hacking
ethical hackingethical hacking
ethical hacking
samprada123
 
Artificial Intelligence and Cybersecurity
Artificial Intelligence and CybersecurityArtificial Intelligence and Cybersecurity
Artificial Intelligence and Cybersecurity
Olivier Busolini
 

Recommended

Ayala mar23
Ayala mar23Ayala mar23
Ayala mar23
National Information Standards Organization (NISO)
 
How Machine Learning & AI Will Improve Cyber Security
How Machine Learning & AI Will Improve Cyber SecurityHow Machine Learning & AI Will Improve Cyber Security
How Machine Learning & AI Will Improve Cyber Security
DevOps.com
 
AI In Cybersecurity – Challenges and Solutions
AI In Cybersecurity – Challenges and SolutionsAI In Cybersecurity – Challenges and Solutions
AI In Cybersecurity – Challenges and Solutions
ZoneFox
 
Exploration Draft Document- CEM Machine Learning & AI Project 2018
Exploration Draft Document- CEM Machine Learning & AI Project 2018Exploration Draft Document- CEM Machine Learning & AI Project 2018
Exploration Draft Document- CEM Machine Learning & AI Project 2018
Leslie McFarlin
 
Data Analytics in Real World
Data Analytics in Real WorldData Analytics in Real World
Data Analytics in Real World
geetachauhan
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
justyogesh
 
ethical hacking
ethical hackingethical hacking
ethical hacking
samprada123
 
Artificial Intelligence and Cybersecurity
Artificial Intelligence and CybersecurityArtificial Intelligence and Cybersecurity
Artificial Intelligence and Cybersecurity
Olivier Busolini
 
How is ai important to the future of cyber security
How is ai important to the future of cyber security How is ai important to the future of cyber security
How is ai important to the future of cyber security
Robert Smith
 
Managing Cyber Security Risks
Managing Cyber Security RisksManaging Cyber Security Risks
Managing Cyber Security Risks
David Kondrup
 
Mobile App Security - Best Practices
Mobile App Security - Best PracticesMobile App Security - Best Practices
Mobile App Security - Best Practices
RedBlackTree
 
#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm
#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm
#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm
Shawn Tuma
 
Application Security: What do we need to know?
Application Security: What do we need to know?Application Security: What do we need to know?
Application Security: What do we need to know?
Jose L. Quiñones-Borrero
 
Information Security & Ethical Hacking
Information Security & Ethical HackingInformation Security & Ethical Hacking
Information Security & Ethical Hacking
Ishan Agarwal
 
TYPES OF HACKING
TYPES OF HACKINGTYPES OF HACKING
TYPES OF HACKING
SHERALI445
 
Privacy and Security in the Internet of Things
Privacy and Security in the Internet of ThingsPrivacy and Security in the Internet of Things
Privacy and Security in the Internet of Things
Jeff Katz
 
Ethi mini1 - ethical hacking
Ethi mini1 - ethical hackingEthi mini1 - ethical hacking
Ethi mini1 - ethical hacking
Being Uniq Sonu
 
Cyber security and AI
Cyber security and AICyber security and AI
Cyber security and AI
DexterJanPineda
 
Thread Legal and Microsoft 365 Security
Thread Legal and Microsoft 365 SecurityThread Legal and Microsoft 365 Security
Thread Legal and Microsoft 365 Security
Thread Legal
 
AI and cyber security: new directions, old fears
AI and cyber security: new directions, old fearsAI and cyber security: new directions, old fears
AI and cyber security: new directions, old fears
David Strom
 
Hacking 1
Hacking 1Hacking 1
Hacking 1
sonal bisla
 
Etical hacking
Etical hackingEtical hacking
Etical hacking
talhaabid
 
Encryption-Decryption of Email
Encryption-Decryption of EmailEncryption-Decryption of Email
Encryption-Decryption of Email
Shashank Singhal
 
10. penetration-testing-training-for-beginners-cyber51
10. penetration-testing-training-for-beginners-cyber5110. penetration-testing-training-for-beginners-cyber51
10. penetration-testing-training-for-beginners-cyber51
Doree Garcia, CCNA, OSWP
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
Garla Prajwal
 
Cybersecurity service provider
Cybersecurity service providerCybersecurity service provider
Cybersecurity service provider
Vishvendra Saini
 
AI for CyberSecurity
AI for CyberSecurityAI for CyberSecurity
AI for CyberSecurity
Satnam Singh
 
Current trends in information security โดย ผศ.ดร.ปราโมทย์ กั่วเจริญ
Current trends in information security โดย ผศ.ดร.ปราโมทย์ กั่วเจริญCurrent trends in information security โดย ผศ.ดร.ปราโมทย์ กั่วเจริญ
Current trends in information security โดย ผศ.ดร.ปราโมทย์ กั่วเจริญ
BAINIDA
 
Community IT Innovators - IT Security Best Practices
Community IT Innovators - IT Security Best PracticesCommunity IT Innovators - IT Security Best Practices
Community IT Innovators - IT Security Best Practices
Community IT Innovators
 
Webinar - Compliance with the Microsoft Cloud- 2017-04-19
Webinar - Compliance with the Microsoft Cloud- 2017-04-19Webinar - Compliance with the Microsoft Cloud- 2017-04-19
Webinar - Compliance with the Microsoft Cloud- 2017-04-19
TechSoup
 

More Related Content

What's hot

How is ai important to the future of cyber security
How is ai important to the future of cyber security How is ai important to the future of cyber security
How is ai important to the future of cyber security
Robert Smith
 
Managing Cyber Security Risks
Managing Cyber Security RisksManaging Cyber Security Risks
Managing Cyber Security Risks
David Kondrup
 
Mobile App Security - Best Practices
Mobile App Security - Best PracticesMobile App Security - Best Practices
Mobile App Security - Best Practices
RedBlackTree
 
#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm
#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm
#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm
Shawn Tuma
 
Application Security: What do we need to know?
Application Security: What do we need to know?Application Security: What do we need to know?
Application Security: What do we need to know?
Jose L. Quiñones-Borrero
 
Information Security & Ethical Hacking
Information Security & Ethical HackingInformation Security & Ethical Hacking
Information Security & Ethical Hacking
Ishan Agarwal
 
TYPES OF HACKING
TYPES OF HACKINGTYPES OF HACKING
TYPES OF HACKING
SHERALI445
 
Privacy and Security in the Internet of Things
Privacy and Security in the Internet of ThingsPrivacy and Security in the Internet of Things
Privacy and Security in the Internet of Things
Jeff Katz
 
Ethi mini1 - ethical hacking
Ethi mini1 - ethical hackingEthi mini1 - ethical hacking
Ethi mini1 - ethical hacking
Being Uniq Sonu
 
Cyber security and AI
Cyber security and AICyber security and AI
Cyber security and AI
DexterJanPineda
 
Thread Legal and Microsoft 365 Security
Thread Legal and Microsoft 365 SecurityThread Legal and Microsoft 365 Security
Thread Legal and Microsoft 365 Security
Thread Legal
 
AI and cyber security: new directions, old fears
AI and cyber security: new directions, old fearsAI and cyber security: new directions, old fears
AI and cyber security: new directions, old fears
David Strom
 
Hacking 1
Hacking 1Hacking 1
Hacking 1
sonal bisla
 
Etical hacking
Etical hackingEtical hacking
Etical hacking
talhaabid
 
Encryption-Decryption of Email
Encryption-Decryption of EmailEncryption-Decryption of Email
Encryption-Decryption of Email
Shashank Singhal
 
10. penetration-testing-training-for-beginners-cyber51
10. penetration-testing-training-for-beginners-cyber5110. penetration-testing-training-for-beginners-cyber51
10. penetration-testing-training-for-beginners-cyber51
Doree Garcia, CCNA, OSWP
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
Garla Prajwal
 
Cybersecurity service provider
Cybersecurity service providerCybersecurity service provider
Cybersecurity service provider
Vishvendra Saini
 
AI for CyberSecurity
AI for CyberSecurityAI for CyberSecurity
AI for CyberSecurity
Satnam Singh
 
Current trends in information security โดย ผศ.ดร.ปราโมทย์ กั่วเจริญ
Current trends in information security โดย ผศ.ดร.ปราโมทย์ กั่วเจริญCurrent trends in information security โดย ผศ.ดร.ปราโมทย์ กั่วเจริญ
Current trends in information security โดย ผศ.ดร.ปราโมทย์ กั่วเจริญ
BAINIDA
 

What's hot (20)

How is ai important to the future of cyber security
How is ai important to the future of cyber security How is ai important to the future of cyber security
How is ai important to the future of cyber security
 
Managing Cyber Security Risks
Managing Cyber Security RisksManaging Cyber Security Risks
Managing Cyber Security Risks
 
Mobile App Security - Best Practices
Mobile App Security - Best PracticesMobile App Security - Best Practices
Mobile App Security - Best Practices
 
#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm
#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm
#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm
 
Application Security: What do we need to know?
Application Security: What do we need to know?Application Security: What do we need to know?
Application Security: What do we need to know?
 
Information Security & Ethical Hacking
Information Security & Ethical HackingInformation Security & Ethical Hacking
Information Security & Ethical Hacking
 
TYPES OF HACKING
TYPES OF HACKINGTYPES OF HACKING
TYPES OF HACKING
 
Privacy and Security in the Internet of Things
Privacy and Security in the Internet of ThingsPrivacy and Security in the Internet of Things
Privacy and Security in the Internet of Things
 
Ethi mini1 - ethical hacking
Ethi mini1 - ethical hackingEthi mini1 - ethical hacking
Ethi mini1 - ethical hacking
 
Cyber security and AI
Cyber security and AICyber security and AI
Cyber security and AI
 
Thread Legal and Microsoft 365 Security
Thread Legal and Microsoft 365 SecurityThread Legal and Microsoft 365 Security
Thread Legal and Microsoft 365 Security
 
AI and cyber security: new directions, old fears
AI and cyber security: new directions, old fearsAI and cyber security: new directions, old fears
AI and cyber security: new directions, old fears
 
Hacking 1
Hacking 1Hacking 1
Hacking 1
 
Etical hacking
Etical hackingEtical hacking
Etical hacking
 
Encryption-Decryption of Email
Encryption-Decryption of EmailEncryption-Decryption of Email
Encryption-Decryption of Email
 
10. penetration-testing-training-for-beginners-cyber51
10. penetration-testing-training-for-beginners-cyber5110. penetration-testing-training-for-beginners-cyber51
10. penetration-testing-training-for-beginners-cyber51
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Cybersecurity service provider
Cybersecurity service providerCybersecurity service provider
Cybersecurity service provider
 
AI for CyberSecurity
AI for CyberSecurityAI for CyberSecurity
AI for CyberSecurity
 
Current trends in information security โดย ผศ.ดร.ปราโมทย์ กั่วเจริญ
Current trends in information security โดย ผศ.ดร.ปราโมทย์ กั่วเจริญCurrent trends in information security โดย ผศ.ดร.ปราโมทย์ กั่วเจริญ
Current trends in information security โดย ผศ.ดร.ปราโมทย์ กั่วเจริญ
 

Similar to Security & Compliance: Core Concepts Explained

Community IT Innovators - IT Security Best Practices
Community IT Innovators - IT Security Best PracticesCommunity IT Innovators - IT Security Best Practices
Community IT Innovators - IT Security Best Practices
Community IT Innovators
 
Webinar - Compliance with the Microsoft Cloud- 2017-04-19
Webinar - Compliance with the Microsoft Cloud- 2017-04-19Webinar - Compliance with the Microsoft Cloud- 2017-04-19
Webinar - Compliance with the Microsoft Cloud- 2017-04-19
TechSoup
 
4 . future uni presentation
4 . future uni presentation4 . future uni presentation
4 . future uni presentation
Rashid Khatmey
 
Office 365 Security, Privacy and Compliance - SMB Nation 2015
Office 365 Security, Privacy and Compliance - SMB Nation 2015Office 365 Security, Privacy and Compliance - SMB Nation 2015
Office 365 Security, Privacy and Compliance - SMB Nation 2015
Robert Crane
 
Microsoft Cloud GDPR Compliance Options (SUGUK)
Microsoft Cloud GDPR Compliance Options (SUGUK)Microsoft Cloud GDPR Compliance Options (SUGUK)
Microsoft Cloud GDPR Compliance Options (SUGUK)
Andy Talbot
 
AWS Cloud Security
AWS Cloud SecurityAWS Cloud Security
AWS Cloud Security
Amazon Web Services LATAM
 
Marcos de Pedro Neoris authenware_cybersecurity step1
Marcos de Pedro Neoris authenware_cybersecurity step1Marcos de Pedro Neoris authenware_cybersecurity step1
Marcos de Pedro Neoris authenware_cybersecurity step1
Marcos De Pedro
 
Security in an age of collaboration 201903 - tvaug
Security in an age of collaboration 201903 - tvaugSecurity in an age of collaboration 201903 - tvaug
Security in an age of collaboration 201903 - tvaug
Alan Eardley
 
How To Eliminate Security Exposures in Office 365 Webinar
How To Eliminate Security Exposures in Office 365 WebinarHow To Eliminate Security Exposures in Office 365 Webinar
How To Eliminate Security Exposures in Office 365 Webinar
Concept Searching, Inc
 
Whose Cloud Is It Anyway: Exploring Data Security Ownership and Control
Whose Cloud Is It Anyway: Exploring Data Security Ownership and ControlWhose Cloud Is It Anyway: Exploring Data Security Ownership and Control
Whose Cloud Is It Anyway: Exploring Data Security Ownership and Control
SafeNet
 
Aligning Application Security to Compliance
Aligning Application Security to ComplianceAligning Application Security to Compliance
Aligning Application Security to Compliance
Security Innovation
 
Square Pegs In Round Holes: Rethinking Data Availability in the Age of Automa...
Square Pegs In Round Holes: Rethinking Data Availability in the Age of Automa...Square Pegs In Round Holes: Rethinking Data Availability in the Age of Automa...
Square Pegs In Round Holes: Rethinking Data Availability in the Age of Automa...
Denodo
 
Understanding Database Encryption & Protecting Against the Insider Threat wit...
Understanding Database Encryption & Protecting Against the Insider Threat wit...Understanding Database Encryption & Protecting Against the Insider Threat wit...
Understanding Database Encryption & Protecting Against the Insider Threat wit...
MongoDB
 
Tsc2021 cyber-issues
Tsc2021 cyber-issuesTsc2021 cyber-issues
Tsc2021 cyber-issues
Ernest Staats
 
BATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdfBATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern
 
Identity and Security in the Cloud
Identity and Security in the CloudIdentity and Security in the Cloud
Identity and Security in the Cloud
Richard Diver
 
System Security on Cloud
System Security on CloudSystem Security on Cloud
System Security on Cloud
Tu Pham
 
Cybersecurity…real world solutions
Cybersecurity…real world solutions Cybersecurity…real world solutions
Cybersecurity…real world solutions
ErnestStaats
 
Data Loss Prevention in SharePoint 2016 Webinar with Crow Canyon
Data Loss Prevention in SharePoint 2016 Webinar with Crow CanyonData Loss Prevention in SharePoint 2016 Webinar with Crow Canyon
Data Loss Prevention in SharePoint 2016 Webinar with Crow Canyon
Vlad Catrinescu
 
CYBER SECURITY WHAT IS IT AND WHAT YOU NEED TO KNOW.pdf
CYBER SECURITY WHAT IS IT AND WHAT YOU NEED TO KNOW.pdfCYBER SECURITY WHAT IS IT AND WHAT YOU NEED TO KNOW.pdf
CYBER SECURITY WHAT IS IT AND WHAT YOU NEED TO KNOW.pdf
Jenna Murray
 

Similar to Security & Compliance: Core Concepts Explained (20)

Community IT Innovators - IT Security Best Practices
Community IT Innovators - IT Security Best PracticesCommunity IT Innovators - IT Security Best Practices
Community IT Innovators - IT Security Best Practices
 
Webinar - Compliance with the Microsoft Cloud- 2017-04-19
Webinar - Compliance with the Microsoft Cloud- 2017-04-19Webinar - Compliance with the Microsoft Cloud- 2017-04-19
Webinar - Compliance with the Microsoft Cloud- 2017-04-19
 
4 . future uni presentation
4 . future uni presentation4 . future uni presentation
4 . future uni presentation
 
Office 365 Security, Privacy and Compliance - SMB Nation 2015
Office 365 Security, Privacy and Compliance - SMB Nation 2015Office 365 Security, Privacy and Compliance - SMB Nation 2015
Office 365 Security, Privacy and Compliance - SMB Nation 2015
 
Microsoft Cloud GDPR Compliance Options (SUGUK)
Microsoft Cloud GDPR Compliance Options (SUGUK)Microsoft Cloud GDPR Compliance Options (SUGUK)
Microsoft Cloud GDPR Compliance Options (SUGUK)
 
AWS Cloud Security
AWS Cloud SecurityAWS Cloud Security
AWS Cloud Security
 
Marcos de Pedro Neoris authenware_cybersecurity step1
Marcos de Pedro Neoris authenware_cybersecurity step1Marcos de Pedro Neoris authenware_cybersecurity step1
Marcos de Pedro Neoris authenware_cybersecurity step1
 
Security in an age of collaboration 201903 - tvaug
Security in an age of collaboration 201903 - tvaugSecurity in an age of collaboration 201903 - tvaug
Security in an age of collaboration 201903 - tvaug
 
How To Eliminate Security Exposures in Office 365 Webinar
How To Eliminate Security Exposures in Office 365 WebinarHow To Eliminate Security Exposures in Office 365 Webinar
How To Eliminate Security Exposures in Office 365 Webinar
 
Whose Cloud Is It Anyway: Exploring Data Security Ownership and Control
Whose Cloud Is It Anyway: Exploring Data Security Ownership and ControlWhose Cloud Is It Anyway: Exploring Data Security Ownership and Control
Whose Cloud Is It Anyway: Exploring Data Security Ownership and Control
 
Aligning Application Security to Compliance
Aligning Application Security to ComplianceAligning Application Security to Compliance
Aligning Application Security to Compliance
 
Square Pegs In Round Holes: Rethinking Data Availability in the Age of Automa...
Square Pegs In Round Holes: Rethinking Data Availability in the Age of Automa...Square Pegs In Round Holes: Rethinking Data Availability in the Age of Automa...
Square Pegs In Round Holes: Rethinking Data Availability in the Age of Automa...
 
Understanding Database Encryption & Protecting Against the Insider Threat wit...
Understanding Database Encryption & Protecting Against the Insider Threat wit...Understanding Database Encryption & Protecting Against the Insider Threat wit...
Understanding Database Encryption & Protecting Against the Insider Threat wit...
 
Tsc2021 cyber-issues
Tsc2021 cyber-issuesTsc2021 cyber-issues
Tsc2021 cyber-issues
 
BATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdfBATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdf
 
Identity and Security in the Cloud
Identity and Security in the CloudIdentity and Security in the Cloud
Identity and Security in the Cloud
 
System Security on Cloud
System Security on CloudSystem Security on Cloud
System Security on Cloud
 
Cybersecurity…real world solutions
Cybersecurity…real world solutions Cybersecurity…real world solutions
Cybersecurity…real world solutions
 
Data Loss Prevention in SharePoint 2016 Webinar with Crow Canyon
Data Loss Prevention in SharePoint 2016 Webinar with Crow CanyonData Loss Prevention in SharePoint 2016 Webinar with Crow Canyon
Data Loss Prevention in SharePoint 2016 Webinar with Crow Canyon
 
CYBER SECURITY WHAT IS IT AND WHAT YOU NEED TO KNOW.pdf
CYBER SECURITY WHAT IS IT AND WHAT YOU NEED TO KNOW.pdfCYBER SECURITY WHAT IS IT AND WHAT YOU NEED TO KNOW.pdf
CYBER SECURITY WHAT IS IT AND WHAT YOU NEED TO KNOW.pdf
 

More from Alan Eardley

Model driven Power Apps for Dummies (and non-Dynamics Folks)
Model driven Power Apps for Dummies (and non-Dynamics Folks) Model driven Power Apps for Dummies (and non-Dynamics Folks)
Model driven Power Apps for Dummies (and non-Dynamics Folks)
Alan Eardley
 
Inclusion by Design - Scottish Summit 2020
Inclusion by Design - Scottish Summit 2020Inclusion by Design - Scottish Summit 2020
Inclusion by Design - Scottish Summit 2020
Alan Eardley
 
SPS Oslo - To-Do: How to manage tasks effectively
SPS Oslo - To-Do: How to manage tasks effectivelySPS Oslo - To-Do: How to manage tasks effectively
SPS Oslo - To-Do: How to manage tasks effectively
Alan Eardley
 
Productivity in an age of collaboration sps leicester
Productivity in an age of collaboration sps leicesterProductivity in an age of collaboration sps leicester
Productivity in an age of collaboration sps leicester
Alan Eardley
 
Productivity in an age of collaboration sps london 2019
Productivity in an age of collaboration sps london 2019Productivity in an age of collaboration sps london 2019
Productivity in an age of collaboration sps london 2019
Alan Eardley
 
Cloud First: Be Prepared
Cloud First: Be PreparedCloud First: Be Prepared
Cloud First: Be Prepared
Alan Eardley
 
To-Do: How to manage tasks effectively
To-Do: How to manage tasks effectivelyTo-Do: How to manage tasks effectively
To-Do: How to manage tasks effectively
Alan Eardley
 
Cloud First: Be Prepared
Cloud First: Be PreparedCloud First: Be Prepared
Cloud First: Be Prepared
Alan Eardley
 
Cloud First: Be Prepared
Cloud First: Be PreparedCloud First: Be Prepared
Cloud First: Be Prepared
Alan Eardley
 
How did we do? Feedback Made Easy
How did we do? Feedback Made EasyHow did we do? Feedback Made Easy
How did we do? Feedback Made Easy
Alan Eardley
 
To Do: How to manage tasks effectively
To Do: How to manage tasks effectivelyTo Do: How to manage tasks effectively
To Do: How to manage tasks effectively
Alan Eardley
 
Cloud First: Be Prepared
Cloud First: Be PreparedCloud First: Be Prepared
Cloud First: Be Prepared
Alan Eardley
 
Office 365: The Art of the Possible (201603)
Office 365: The Art of the Possible (201603)Office 365: The Art of the Possible (201603)
Office 365: The Art of the Possible (201603)
Alan Eardley
 
SharePoint Databases: What you need to know (201512)
SharePoint Databases: What you need to know (201512)SharePoint Databases: What you need to know (201512)
SharePoint Databases: What you need to know (201512)
Alan Eardley
 
SharePoint Databases: What you need to know (201509)
SharePoint Databases: What you need to know (201509)SharePoint Databases: What you need to know (201509)
SharePoint Databases: What you need to know (201509)
Alan Eardley
 
201509 sp sat-cambridge-o365-theartofthepossible
201509 sp sat-cambridge-o365-theartofthepossible201509 sp sat-cambridge-o365-theartofthepossible
201509 sp sat-cambridge-o365-theartofthepossible
Alan Eardley
 
SharePoint Databases: What you need to know (201504)
SharePoint Databases: What you need to know (201504)SharePoint Databases: What you need to know (201504)
SharePoint Databases: What you need to know (201504)
Alan Eardley
 
Office 365 Intranet
Office 365 IntranetOffice 365 Intranet
Office 365 Intranet
Alan Eardley
 
How does SharePoint access data
How does SharePoint access dataHow does SharePoint access data
How does SharePoint access data
Alan Eardley
 
To-Do: How to manage tasks effectively
To-Do: How to manage tasks effectivelyTo-Do: How to manage tasks effectively
To-Do: How to manage tasks effectively
Alan Eardley
 

More from Alan Eardley (20)

Model driven Power Apps for Dummies (and non-Dynamics Folks)
Model driven Power Apps for Dummies (and non-Dynamics Folks) Model driven Power Apps for Dummies (and non-Dynamics Folks)
Model driven Power Apps for Dummies (and non-Dynamics Folks)
 
Inclusion by Design - Scottish Summit 2020
Inclusion by Design - Scottish Summit 2020Inclusion by Design - Scottish Summit 2020
Inclusion by Design - Scottish Summit 2020
 
SPS Oslo - To-Do: How to manage tasks effectively
SPS Oslo - To-Do: How to manage tasks effectivelySPS Oslo - To-Do: How to manage tasks effectively
SPS Oslo - To-Do: How to manage tasks effectively
 
Productivity in an age of collaboration sps leicester
Productivity in an age of collaboration sps leicesterProductivity in an age of collaboration sps leicester
Productivity in an age of collaboration sps leicester
 
Productivity in an age of collaboration sps london 2019
Productivity in an age of collaboration sps london 2019Productivity in an age of collaboration sps london 2019
Productivity in an age of collaboration sps london 2019
 
Cloud First: Be Prepared
Cloud First: Be PreparedCloud First: Be Prepared
Cloud First: Be Prepared
 
To-Do: How to manage tasks effectively
To-Do: How to manage tasks effectivelyTo-Do: How to manage tasks effectively
To-Do: How to manage tasks effectively
 
Cloud First: Be Prepared
Cloud First: Be PreparedCloud First: Be Prepared
Cloud First: Be Prepared
 
Cloud First: Be Prepared
Cloud First: Be PreparedCloud First: Be Prepared
Cloud First: Be Prepared
 
How did we do? Feedback Made Easy
How did we do? Feedback Made EasyHow did we do? Feedback Made Easy
How did we do? Feedback Made Easy
 
To Do: How to manage tasks effectively
To Do: How to manage tasks effectivelyTo Do: How to manage tasks effectively
To Do: How to manage tasks effectively
 
Cloud First: Be Prepared
Cloud First: Be PreparedCloud First: Be Prepared
Cloud First: Be Prepared
 
Office 365: The Art of the Possible (201603)
Office 365: The Art of the Possible (201603)Office 365: The Art of the Possible (201603)
Office 365: The Art of the Possible (201603)
 
SharePoint Databases: What you need to know (201512)
SharePoint Databases: What you need to know (201512)SharePoint Databases: What you need to know (201512)
SharePoint Databases: What you need to know (201512)
 
SharePoint Databases: What you need to know (201509)
SharePoint Databases: What you need to know (201509)SharePoint Databases: What you need to know (201509)
SharePoint Databases: What you need to know (201509)
 
201509 sp sat-cambridge-o365-theartofthepossible
201509 sp sat-cambridge-o365-theartofthepossible201509 sp sat-cambridge-o365-theartofthepossible
201509 sp sat-cambridge-o365-theartofthepossible
 
SharePoint Databases: What you need to know (201504)
SharePoint Databases: What you need to know (201504)SharePoint Databases: What you need to know (201504)
SharePoint Databases: What you need to know (201504)
 
Office 365 Intranet
Office 365 IntranetOffice 365 Intranet
Office 365 Intranet
 
How does SharePoint access data
How does SharePoint access dataHow does SharePoint access data
How does SharePoint access data
 
To-Do: How to manage tasks effectively
To-Do: How to manage tasks effectivelyTo-Do: How to manage tasks effectively
To-Do: How to manage tasks effectively
 

Recently uploaded

"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota
Fwdays
 
Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity serverDandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
Antonios Katsarakis
 
From Natural Language to Structured Solr Queries using LLMs
From Natural Language to Structured Solr Queries using LLMsFrom Natural Language to Structured Solr Queries using LLMs
From Natural Language to Structured Solr Queries using LLMs
Sease
 
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptxPRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
christinelarrosa
 
Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |
AstuteBusiness
 
What is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE VisionWhat is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE Vision
DianaGray10
 
Apps Break Data
Apps Break DataApps Break Data
Apps Break Data
Ivo Velitchkov
 
High performance Serverless Java on AWS- GoTo Amsterdam 2024
High performance Serverless Java on AWS- GoTo Amsterdam 2024High performance Serverless Java on AWS- GoTo Amsterdam 2024
High performance Serverless Java on AWS- GoTo Amsterdam 2024
Vadym Kazulkin
 
inQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
inQuba Webinar Mastering Customer Journey Management with Dr Graham HillinQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
inQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
LizaNolte
 
Christine's Product Research Presentation.pptx
Christine's Product Research Presentation.pptxChristine's Product Research Presentation.pptx
Christine's Product Research Presentation.pptx
christinelarrosa
 
"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba
"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba
"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba
Fwdays
 
Day 2 - Intro to UiPath Studio Fundamentals
Day 2 - Intro to UiPath Studio FundamentalsDay 2 - Intro to UiPath Studio Fundamentals
Day 2 - Intro to UiPath Studio Fundamentals
UiPathCommunity
 
Session 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdfSession 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdf
UiPathCommunity
 
Leveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and StandardsLeveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and Standards
Neo4j
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
Hiroshi SHIBATA
 
Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving | Modern Metal Trim, Nameplates and Appliance PanelsNorthern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving
 
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
Jason Yip
 
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Pitangent Analytics & Technology Solutions Pvt. Ltd
 
"What does it really mean for your system to be available, or how to define w...
"What does it really mean for your system to be available, or how to define w..."What does it really mean for your system to be available, or how to define w...
"What does it really mean for your system to be available, or how to define w...
Fwdays
 
Must Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during MigrationMust Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during Migration
Mydbops
 

Recently uploaded (20)

"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota
 
Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity serverDandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
 
From Natural Language to Structured Solr Queries using LLMs
From Natural Language to Structured Solr Queries using LLMsFrom Natural Language to Structured Solr Queries using LLMs
From Natural Language to Structured Solr Queries using LLMs
 
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptxPRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
 
Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |
 
What is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE VisionWhat is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE Vision
 
Apps Break Data
Apps Break DataApps Break Data
Apps Break Data
 
High performance Serverless Java on AWS- GoTo Amsterdam 2024
High performance Serverless Java on AWS- GoTo Amsterdam 2024High performance Serverless Java on AWS- GoTo Amsterdam 2024
High performance Serverless Java on AWS- GoTo Amsterdam 2024
 
inQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
inQuba Webinar Mastering Customer Journey Management with Dr Graham HillinQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
inQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
 
Christine's Product Research Presentation.pptx
Christine's Product Research Presentation.pptxChristine's Product Research Presentation.pptx
Christine's Product Research Presentation.pptx
 
"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba
"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba
"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba
 
Day 2 - Intro to UiPath Studio Fundamentals
Day 2 - Intro to UiPath Studio FundamentalsDay 2 - Intro to UiPath Studio Fundamentals
Day 2 - Intro to UiPath Studio Fundamentals
 
Session 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdfSession 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdf
 
Leveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and StandardsLeveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and Standards
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
 
Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving | Modern Metal Trim, Nameplates and Appliance PanelsNorthern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
 
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
 
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
 
"What does it really mean for your system to be available, or how to define w...
"What does it really mean for your system to be available, or how to define w..."What does it really mean for your system to be available, or how to define w...
"What does it really mean for your system to be available, or how to define w...
 
Must Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during MigrationMust Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during Migration
 

Security & Compliance: Core Concepts Explained

Editor's Notes

  1. Problem – Why is it so hard to explain security and compliance? In fact what is the difference, and where does governance come in to it? Solution – Use images and stories to explain the features Benefits – hopefully much easier to remember Next steps – what should you do if you need to assess and implement changes to your tenant
  2. Why is it so hard to explain security and compliance? In fact what is the difference, and where does governance come in to it?
  3. Do I have data to compare your answers to? Password only
  4. Please provide two forms of identification As well as seeing your passport, I want to check that you are the same person so I will check that your physical attributes match those stored on the passport I will check that you have another device that you can use to enter the right information - I trust you if you have two devices that are both aligned to your identity
  5. Imagine a fairground with many rides. Single sign-on would be paying to get in at the entrance to the fair ground and then being able to go on every ride without having to pay any more The alternative is not paying at the front gate and then paying for every ride individually
  6. If the device you are using doesn’t have a PIN, it may not be secure, it may not be you If the Apps are not allowed by the organisation Even apps need to have security so that in a restaurant when your child is playing they can’t accidentally send your boss or a client an email
  7. When you suddenly turn up in a Ferrari rather than the Ford you usually drive, that will trigger a warning If your credentials have been found on the dark web You may be asked to go through a higher level of authentication, or have your access blocked Security Posture assessments – check for known vulnerabilities Alerts aligned to industry standard events and monitoring tools Monitor and profile user behaviour and activities Protect user identities and reduce the attack surface What is Microsoft Defender for Identity? | Microsoft Docs
  8. I choose the level of authentication based different factors: Where have you authenticated What device are you using Where you are coming from Where you want to go - Are you passing through or staying for a while Is your identity safe? What application are you logging in to? Terms of Use Different level of authentication
  9. Some doors are open Some doors are locked You have a bunch of keys that you have been given that allow you in to certain rooms You can ask for other keys
  10. Complex set of controls Invite a user into our environment Send a link to a specific item and change the permissions on that item What application? What location Sensitivity classification of location
  11. Each room contains content Documents, data To be created and edited
  12. Marking – make sure people know that the document is important Secure documents by forcing people to have a key to open If you borrow a book We may want you to use the key every time to open the book - encrypted You might be able to use the book for a while without a key – time between auth
  13. Warnings Set off an alarm if a book or document passes out of the organisation Prevention Slam the shutters down to prevent the book leaving
  14. Check for malicious content in emails arriving Check that links are to safe locations – Email and Teams Anti-virus Anti-phising policies Attack simulation
  15. Keep content for a period of time Tax records Guarantees Design documents
  16. When should content be removed? Should it be deleted Should it be reviewed
  17. When you need to find information from the whole library
  18. Monitor activity React to activity Notifications Rules based on frequency or quantity Pro-actively add sensitivity to content What is Cloud App Security? | Microsoft Docs
  19. Microsoft 365 Defender - Microsoft 365 security | Microsoft Docs Unified management of For EndPoint For Office 365 For Identity MCAS Manage incidents and see timeline of attack Manage investigations
  20. Listening not just to Microsoft 365 but any system Azure Firewalls Custom solutions Complex rules on how to identify anomalous behaviour Sophisticated responses What is Azure Sentinel? | Microsoft Docs
  21. Compare your configuration to required legislation Get recommendations on how to improve the scores Manage tasks to improve your score
  22. Send an emails to test how well staff respond to threats Identify where more awareness and training is needed