Mastering Windows Security and Hardening
上QQ阅读APP看书,第一时间看更新

Summary

In this chapter, we covered, at a high level, what you can expect to read throughout this book. We provided an overview of the security in an enterprise and briefly covered the different roles that you can expect to see within security departments. Next, we looked at how security relates to the digital world and how relevant it's become as the world becomes more digital. We also looked at the usage of the Windows OS throughout the world to better understand the adoption by users.

We then reviewed the current threat landscape and the types of cyber threat sources. We moved on to provide an overview of the threats we typically see in an enterprise today. We then provided details on where you can go to learn and view all of the recent Microsoft vulnerabilities with correlating patches and instructions on how to keep your devices up to date. In addition to Microsoft's vulnerability resources, we provided additional insight into where the patches get their naming standards via CVE along with NVD, which is provided by NIST. Next, we looked at some of the biggest breaches that have occurred to date and provided some popular sources to keep you up to date with the latest cyber news. We finished the chapter with an insight into some of today's general security challenges and, more specifically, those with Windows systems, before closing with an overview of Zero Trust security and what it entails.

In the next chapter, we will review building a baseline. The chapter will review what a baseline is, and then go into detail as to why a baseline must be formed. As part of the baseline, you need to ensure your policies, standards, and procedures are in place, that they are well-defined, and that they are signed off by the leadership and all the stakeholders who are liable for protecting the data. Having these documented is important for security reasons as well as for compliance and auditing purposes. Following this, we will briefly cover change management and its importance as it relates to baselining. We will then review frameworks and what they entail before moving on to some common frameworks that should be referenced to build your baseline. We will finish the chapter with a review of baseline controls and how to implement them before providing the best practices around baselining.