README.md

Lab 3 - Prioritising Controls

• Back to Threat Modelling Labs

Setup

There are no right or wrong answers for this lab, this is purely to get you in the mindset of prioritising controls.

This lab can be completed in one of the following two ways:

• Google Jamboard
• Pen and Paper

Google Jamboard

• Use Google Jamboard
• Create a copy in your Google Drive account by clicking the 3 vertical dots on the top right corner of the screen > Make a copy
• Move the post-it notes on your Google Jamboard

Pen and Paper

• Print or copy the Prioritising Controls Background PDF or PNG
• Place the controls below in the quadrant that you believe is most appropriate for BCTL.

Controls

Here is a list of the controls that we're reviewing in this lab, which are also in the Jamboard above:

C1 - Admission Control

C2 - Automated vulnerability scanning

C3 - Static config scanning

C4 - Hardened images

C5 - Through-life software supply chain controls

C6 - Pod-level network policy

C7 - AWS SGs/NACLs

C8 - VPC endpoint access policies

C9 - Pod-level encryption of data in transit

C10 - Ingress security

C11 - Management of workload identities

C12 - Service mesh

C13 - Secrets management

C14 - Kubernetes-native projected volumes

C15 - Encryption of data at rest

C16 - AWS RBAC

C17 - Kubernetes RBAC

C18 - Static code analysis

C19 - Password manager for storage of developer creds

C20 - Egress control

C21 - Multi-Factor Authentication

C22 - Repo Access Control

C23 - Code signing

C24 - Image signing

C25 - Custom Seccomp and Apparmor profiles

C26 - Container IDS

Resources

• Course Materials