Lesson 1

To survey and administer user activity, you must understand the practices and principles that comprise an effective security infrastructure.
This module will explain the elements of security and discuss how to administer and audit activity.

By the end of this module, you will be able to

1. Identify the most important security elements
2. Describe security standards in current use
3. Identify key authentication techniques
4. Understand the need for access control methods
5. Describe the three main encryption methods
6. Describe the application of encryption to security
7. Explain the need for auditing and some auditing basics

To survey and administer user activity and understand the practices and principles that comprise an effective security infrastructure, you should follow these best practices and guidelines:

1. User Activity Monitoring (UAM): Implement a UAM solution to track user behavior on devices, networks, and other company-owned IT resources. This includes monitoring all system, data, application, and network actions users take, such as web browsing activity, unauthorized file access, and more. This will help detect misuse of access privileges or data protection policies.
2. Identity and Access Management (IAM): Ensure effective IAM in cloud-native infrastructure to create policies for identifying active endpoints, keeping them up to date, and monitoring their activity. Use the Zero Trust model to establish high-level access controls, and individually control the wide variety of endpoints in cloud-native environments
3. Endpoint Security: Adopt and implement multiple defensive techniques and programs in a layered approach to provide a complex barrier to entry, increase the likelihood of detection, and decrease the likelihood of a successful attack. This includes monitoring for anomalous DNS traffic, unauthorized remote connections, and suspicious website access
4. Security Monitoring: Use security monitoring solutions that can combine user activity monitoring features with data discovery and classification, policy-based controls, and advanced reporting capabilities. This will help protect information while ensuring availability and compliance with data privacy and security regulations
5. Health and Availability Monitoring: Monitor the health and availability of the system to ensure all components are functioning as expected. This includes collecting and analyzing telemetry data to produce an overall view of the state of the system and applications
6. User and Entity Behavior Analytics (UEBA): Deploy UEBA to focus on detecting insider threats, targeted attacks, and financial fraud by analyzing user and entity behavior
7. Threat Modeling: Implement a full threat modeling process to identify potential threats and vulnerabilities in your system and develop appropriate countermeasures
8. Redaction and Anonymization: Use redaction and anonymization techniques to protect user information and meet privacy regulations such as GDPR and HIPAA
9. Online Activity Logging and Behavioral Analysis: Monitor online activity, behavioral patterns, and suspicious activities across multiple channels to identify and respond to potential threats
10. Continuous Vigilance and Adaptation: Maintain a continuous focus on security, regularly updating and adapting your security infrastructure to address emerging threats and vulnerabilities

By following these best practices and principles, you can effectively survey and administer user activity and establish a robust security infrastructure to protect your organization's sensitive data and resources.

The purpose of this module is to take the wide variety of regulations combined with industry best practices and define the essential elements of an effective IT security program. An effective program includes many elements and the task seems impossible as you begin reading the literally thousands of pages of security documentation published by the (NIST) National Institute of Standards and Technology, the Office of Management and Budget (OMB), the National Security Agency (NSA). This module is not intended to identify every security program element in detail, but should give the reader a good basis on how to implement an effective security program. The five critical elements of a security program are the following:

1. Periodically Assess Risk
2. Document an entity-wide security program plan
3. Establish a security management structure and clearly assign security responsibilities
4. Implement effective security-related personnel policies
5. Monitor the effectiveness of a security program and make changes as necessary