Merge pull request #53172 from ceperezb/CEPEREZB-sc100-design-resiliency

module refresh

Author: JillGrant615

learn-pr/wwl-sci/design-resiliency-strategy-common-cyberthreats-like-ransomware/0-introduction.yml

@@ -0,0 +1,13 @@
+### YamlMime:ModuleUnit
+uid: learn.wwl.design-resiliency-strategy-common-cyberthreats-like-ransomware.introduction
+title: Introduction
+metadata:
+  title: Introduction
+  description: "Introduction to the module, Design a resiliency strategy for ransomware and other attacks based on Microsoft Security Best Practices."
+  ms.date: 01/21/2026
+  author: ceperezb
+  ms.author: ceperezb
+  ms.topic: unit
+durationInMinutes: 10
+content: |
+  [!include[](includes/0-introduction.md)]

learn-pr/wwl-sci/design-resiliency-strategy-common-cyberthreats-like-ransomware/1-common-cyberthreats-attack-patterns.yml

@@ -4,10 +4,10 @@ title: Common cyberthreats and attack patterns
 metadata:
   title: Common cyberthreats and attack patterns
   description: "You'll learn about common cyberthreats like ransomware and what kinds of attack patterns an organization must be prepared for."
-  ms.date: 09/26/2024
+  ms.date: 01/21/2026
   author: ceperezb
   ms.author: ceperezb
   ms.topic: unit
-durationInMinutes: 10
+durationInMinutes: 7
 content: |
   [!include[](includes/1-common-cyberthreats-attack-patterns.md)]

learn-pr/wwl-sci/design-resiliency-strategy-common-cyberthreats-like-ransomware/2-support-business-resiliency.yml

@@ -4,10 +4,10 @@ title: Support business resiliency
 metadata:
   title: Support business resiliency
   description: "Learn how to support business resiliency."
-  ms.date: 09/26/2024
+  ms.date: 01/21/2026
   author: ceperezb
   ms.author: ceperezb
   ms.topic: unit
-durationInMinutes: 10
+durationInMinutes: 5
 content: |
   [!include[](includes/2-support-business-resiliency.md)]

learn-pr/wwl-sci/design-resiliency-strategy-common-cyberthreats-like-ransomware/3-ransomware-protection.yml

@@ -4,7 +4,7 @@ title: Design solutions for mitigating ransomware attacks, including prioritizat
 metadata:
   title: Design solutions for mitigating ransomware attacks, including prioritization of BCDR and privileged access
   description: "Learn Microsoft best practices for ransomware protection."
-  ms.date: 09/26/2024
+  ms.date: 01/21/2026
   author: ceperezb
   ms.author: ceperezb
   ms.topic: unit

learn-pr/wwl-sci/design-resiliency-strategy-common-cyberthreats-like-ransomware/4-configurations-secure-backup-restore.yml

@@ -4,7 +4,7 @@ title:  Design solutions for business continuity and disaster recovery (BCDR), i
 metadata:
   title:  Design solutions for business continuity and disaster recovery (BCDR), including secure backup and restore
   description: "Learn how to design solutions for business continuity and disaster recovery (BCDR), including secure backup and restore."
-  ms.date: 5/17/2024
+  ms.date: 01/21/2026
   author: ceperezb
   ms.author: ceperezb
   ms.topic: unit

learn-pr/wwl-sci/design-resiliency-strategy-common-cyberthreats-like-ransomware/5-security-updates.yml

@@ -4,10 +4,10 @@ title: Evaluate solutions for security updates
 metadata:
   title: Evaluate solutions for security updates
   description: "SC-100 preparatory unit on the topic: Evaluate solutions for security updates."
-  ms.date: 09/26/2024
+  ms.date: 01/21/2026
   author: ceperezb
   ms.author: ceperezb
   ms.topic: unit
-durationInMinutes: 10
+durationInMinutes: 7
 content: |
   [!include[](includes/5-security-updates.md)]

learn-pr/wwl-sci/design-resiliency-strategy-common-cyberthreats-like-ransomware/7-summary.yml

@@ -4,7 +4,7 @@ title: Summary - Design a resiliency strategy for common cyberthreats like ranso
 metadata:
   title: Summary - Design a resiliency strategy for common cyberthreats like ransomware
   description: "Summary of the module on design a resiliency strategy for common cyberthreats like ransomware."
-  ms.date: 09/26/2024
+  ms.date: 01/21/2026
   author: ceperezb
   ms.author: ceperezb
   ms.topic: unit

learn-pr/wwl-sci/design-resiliency-strategy-common-cyberthreats-like-ransomware/includes/0-introduction.md

@@ -0,0 +1,15 @@
+This module covers common cyberthreats, business resiliency, secure backup and restore configurations, and security update management.
+
+Imagine that you work for a medium-sized company that has recently experienced a ransomware attack. The attack has caused significant damage to the company's systems and data, and the company is struggling to recover. As a cybersecurity architect, you've been tasked with designing a comprehensive resiliency strategy that protects against ransomware and other attacks. In this module, you learn how to identify and prioritize threats to business-critical assets, design solutions for business continuity and disaster recovery (BCDR) including secure backup and restore for hybrid and multicloud environments, implement ransomware mitigation strategies with emphasis on privileged access protection, and evaluate solutions for security updates. You'll also discover how AI-powered security operations can accelerate threat detection and response.
+
+## Learning objectives
+
+In this module, you learn how to:
+
+* Understand common cyberthreats like ransomware and attack patterns organizations must defend against.
+* Design security strategies to support business resiliency goals, including identifying and prioritizing threats to business-critical assets.
+* Design solutions for mitigating ransomware attacks, including prioritization of BCDR and privileged access protection.
+* Design solutions for business continuity and disaster recovery (BCDR), including secure backup and restore for hybrid and multicloud environments.
+* Evaluate solutions for security updates.
+
+The content in the module helps you prepare for the certification exam SC-100: Microsoft Cybersecurity Architect.

learn-pr/wwl-sci/design-resiliency-strategy-common-cyberthreats-like-ransomware/includes/1-common-cyberthreats-attack-patterns.md

@@ -1,26 +1,4 @@
-This module covers common cyberthreats, business resiliency, secure backup and restore configurations, and security update management.
 
-Imagine that you work for a medium-sized company that has recently experienced a ransomware attack. The attack has caused significant damage to the company's systems and data, and the company is struggling to recover. As a cybersecurity architect, you have been tasked with designing a comprehensive backup and restore plan that will help the company recover from future attacks. In this module, you'll learn how to design secure backup and restore configurations using Azure Backup, and how to integrate with Configuration Manager for on-premises resources. You'll also learn how to manage security updates using Update Management and how to support business resiliency in the face of cyberthreats.
-
-The module is divided into four sections: Understanding Cyberthreats, Designing Secure Backup and Restore Configurations, Managing Security Updates, and Supporting Business Resiliency.
-
-## Learning objectives
-
-In this module, you learn how to:
-
-*   Understand common cyberthreats like ransomware.
-*   Understand how to support business resiliency.
-*   Design configurations for secure backup and restore.
-*   Design solutions for managing security updates.
-
-The content in the module helps you prepare for the certification exam SC-100: Microsoft Cybersecurity Architect.
-
-## Prerequisites
-
-- Conceptual knowledge of security policies, requirements, zero trust architecture, and management of hybrid environments
-- Working experience with zero trust strategies, applying security policies, and developing security requirements based on business goals
-
-## Cyberthreats
 
 ### What is the threat landscape?
 
@@ -43,7 +21,7 @@ An attack vector is an entry point or route for an attacker to gain access to a
 
 Here are some examples of common attack vectors:
 
-- **Email** is perhaps the most common attack vector. Cybercriminals send seemingly legitimate emails that result in users taking action. This might include downloading a file, or selecting a link that will compromise their device.
+- **Email** is perhaps the most common attack vector. Cybercriminals send seemingly legitimate emails that result in users taking action. This might include downloading a file, or selecting a link that will compromise their device. Advanced AI technologies now enable attackers to create highly convincing phishing emails with proper grammar, context-aware content, and personalized details that make detection more difficult.
 -   **Removable media**. An attacker can use media such as USB drives, smart cables, storage cards, and more to compromise a device. For example, attackers might load malicious code into USB devices that are later provided to users as a free gift, or left in public spaces to be found. When they're plugged in, the damage is done.
 -   **Browser**. Attackers can use malicious websites or browser extensions to get users to download malicious software on their devices, or change a user's browser settings. The device can then become compromised, providing an entry point to the wider system or network.
 -   **Cloud services**. Organizations rely more on cloud services for day-to-day business and processes. Attackers can compromise poorly secured resources or services in the cloud. For example, an attacker could compromise an account in a cloud service, and gain control of any resources or services accessible to that account. They could also gain access to another account with even more permissions.
@@ -55,7 +33,7 @@ Any attack that results in someone gaining unauthorized access to devices, servi
 
 Security breaches come in different forms, including the following:
 
-- Social engineering attacks - In social engineering, impersonation attacks happen when an unauthorized user (the attacker), aims to gain the trust of an authorized user by posing as a person of authority to access a system from some nefarious activity. For example, a cybercriminal might pretend to be a support engineer to trick a user into revealing their password to access an organization’s systems.
+- Social engineering attacks - In social engineering, impersonation attacks happen when an unauthorized user (the attacker), aims to gain the trust of an authorized user by posing as a person of authority to access a system from some nefarious activity. For example, a cybercriminal might pretend to be a support engineer to trick a user into revealing their password to access an organization's systems. AI-powered tools enable attackers to create convincing deep fake audio or video, making impersonation attacks more sophisticated and harder to detect.
 - Browser attacks - Whether on a desktop, laptop, or phone, browsers are an important access tool for the internet. Security vulnerabilities in a browser can have a significant impact because of their pervasiveness. 
 - Password attacks - A password attack is when someone attempts to use authentication for a password-protected account to gain unauthorized access to a device or system. Attackers often use software to speed up the process of cracking and guessing passwords. 
 

learn-pr/wwl-sci/design-resiliency-strategy-common-cyberthreats-like-ransomware/includes/2-support-business-resiliency.md

@@ -1,4 +1,4 @@
-An organization can never have perfect security, but it can become resilient to security attacks. Like we are never perfectly immune to all health and safety risks in the physical world, the data and information systems we operate are also never 100 percent safe from all attacks all the time.
+An organization can never have perfect security, but it can become resilient to security attacks. Like we're never perfectly immune to all health and safety risks in the physical world, the data, and information systems we operate are also never 100 percent safe from all attacks, all the time.
 
 Focus your security efforts on increasing the resilience of business operations in the face of security incidents. These efforts can reduce risk and enable continuous improvements in security posture and your ability to respond to incidents.
 
@@ -19,10 +19,45 @@ Security resiliency is focused on supporting the resiliency of your business.
 
 -   **Enable your business** to rapidly innovate and adapt to the ever changing business environment. Security should always be seeking safe ways to say _yes_ to business innovation and technology adoption. Your organization can then adapt to unexpected changes in the business environment, like the sudden shift to working from home during COVID-19.
 -   **Limit the impact** and likelihood of disruptions before, during, and after active attacks to business operations.
+## Identifying and prioritizing threats to business-critical assets
 
+Effective business resiliency requires identifying which assets are most critical to business operations and understanding the threats that could disrupt them. This risk-based approach ensures security investments align with business priorities.
+
+Key steps include:
+
+1. **Identify business-critical assets**: Work with business stakeholders to determine which systems, data, and processes are essential for maintaining operations. Consider both customer-facing services and internal capabilities. In modern organizations, this increasingly includes:
+   - AI and machine learning systems that support business decisions
+   - AI-powered customer service and support systems
+   - Predictive analytics platforms
+   - Automated business process systems
+
+2. **Assess threats and vulnerabilities**: For each critical asset, identify the most likely and impactful threats:
+   - Ransomware and extortion attacks
+   - Distributed denial-of-service (DDoS) attacks
+   - Data breaches and exfiltration
+   - Insider threats
+   - Supply chain compromises
+   - AI-specific threats (model poisoning, prompt injection, training data exfiltration)
+   - Natural disasters and infrastructure failures
+
+3. **Prioritize based on business impact**: Evaluate threats based on:
+   - Likelihood of occurrence
+   - Potential business impact (financial, operational, reputational, regulatory)
+   - Time to recover
+   - Complexity of mitigation
+
+4. **Map controls to threats**: For each prioritized threat, identify specific security controls and recovery capabilities:
+   - Preventive controls to reduce likelihood
+   - Detective controls for early warning
+   - Response procedures to contain damage
+   - Recovery capabilities to restore operations
+
+5. **Establish recovery objectives**: Define specific Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO) for each critical asset based on business requirements, not technical convenience.
+
+This threat-informed, business-aligned approach ensures security strategies directly support business resiliency goals rather than implementing generic security measures.
 ## Security resilience and assume breach
 
-Good security starts with assuming breach or assuming compromise. Understand that information technology (IT) systems operate over the open internet where criminals are constantly attacking and compromising organizations. This assumption is a key principle of zero trust, which drives healthy and pragmatic security behaviors. Zero trust prepares your organization to prevent attacks, limit their damage, and quickly recover from them.
+Good security starts with assuming breach or assuming compromise. Understand that information technology (IT) systems operate over the open internet where criminals are constantly attacking and compromising organizations. This assumption is a key principle of Zero Trust, which drives healthy and pragmatic security behaviors. Zero Trust prepares your organization to prevent attacks, limit their damage, and quickly recover from them.
 
 Assuming compromise should drive changes across people, process, and technology in your organization. Education, exercises, and other incident preparation activities are good examples. For more information, see [Incident preparation](/azure/cloud-adoption-framework/organize/cloud-security-incident-preparation).