SC100 Design a Zero Trust strategy and architecture

vaughan mason - 2022-04-20

Design a Zero Trust strategy and architecture (30–35%)

Build an overall security strategy and architecture

• identify the integration points in an architecture by using Microsoft Cybersecurity Reference Architecture (MCRA)
  • MCRA
• translate business goals into security requirements
• translate security requirements into technical capabilities, including security services, security products, and security processes
• design security for a resiliency strategy
  • Resilience
• integrate a hybrid or multi-tenant environment into a security strategy
  • Hybrid Security
• develop a technical and governance strategy for traffic filtering and segmentation
  • Security Governance
  • Design Segmentation

Useful Links

• Define Security Strategy
• Innovation Security

Design a security operations strategy

• design a logging and auditing strategy to support security operations
  • Log Audit
• develop security operations to support a hybrid or multi-cloud environment
  • Hybrid Cloud App
  • Azure Security Center
• design a strategy for SIEM and SOAR
  • Sentinel
• evaluate security workflows
  • Workflow Automation
• evaluate a security operations strategy for incident management lifecycle
  • Security Operation
  • Security Controls v3 Incident Response
• evaluate a security operations strategy for sharing technical threat intelligence
  • Security Operation
  • Threat Intelligence

Useful Links

• Sentinel

Design an identity security strategy

Note: includes hybrid and multi-cloud

• design a strategy for access to cloud resources
  • Design Cloud Strategy to maximize value on Azure
  • Build a cloud governance strategy on Azure
• recommend an identity store (tenants, B2B, B2C, hybrid)
  • External Identities Overview
• recommend an authentication strategy
  • Design Identity Authentication
  • Concept Autehication Method
  • Design autehtication and credential strategies
• recommend an authorization strategy
  • Design Identity Authorization
• design a strategy for conditional access
  • Plan Conditional Access
• design a strategy for role assignment and delegation
  • Best Practices for Azure AD Roles
• design security strategy for privileged role access to infrastructure including identity based firewall rules, Azure PIM
  • PIM Configure
  • Azure security baseline for Azure Firewall Manager
• design security strategy for privileged activities including PAM, entitlement management, cloud tenant administration
  • Security Planning
  • Privileged Access Intermediaries

Useful Links

• Microsoft Azure Well-Architected Framework
• Overview of the Azure Security Benchmark

Go Back

Link

This page was last updated at 2022-04-21

If you don't agree with the content on this page, please click here