Lab 3 - Prioritising Controls
There are no right or wrong answers for this lab, this is purely to get you in the mindset of prioritising controls.
This lab can be completed by using a diagramming tool of choice, or simply pen and paper to:
Print or copy the Prioritising Controls Background PDF or PNG
Place the controls below in the quadrant that you believe is most appropriate for BCTL.
Here is a list of the controls that we're reviewing in this lab, which are also in the Jamboard above:
C2 - Automated vulnerability scanning C3 - Static config scanning C5 - Through-life software supply chain controls C6 - Pod-level network policy C8 - VPC endpoint access policies C9 - Pod-level encryption of data in transit C11 - Management of workload identities C14 - Kubernetes-native projected volumes C15 - Encryption of data at rest C18 - Static code analysis C19 - Password manager for storage of developer creds C21 - Multi-Factor Authentication C22 - Repo Access Control C25 - Custom Seccomp and Apparmor profiles 