Welcome to this program on Docker Risk and Security

Welcome to the Docker Security pilot Learning Management System (LMS)

This LMS contains the background material for the Docker Risk and Security workshop.

You are supposed to be able to navigate it top to bottom. After each 'lecture' you can click in the top right corner to 'Complete and continue'.

There is also a comments section on most lectures. Feel free to contribute, but be aware that the LMS has no automatic notification of submitted comments.

The program assumes some basic Docker knowledge. See the next unit for suggestions on getting up to speed on that.

If you have not done so yet, please fill in the intake survey here.

Learning Objectives

Even though Docker is very new technology, there is already a ton of example risks and risk mitigation strategies out there. The point if this program is not to go over all of that in detail. That would not be very helpful.

The most important learning objective of this program is to develop a common language and classification around Docker risk engineering. This is developed in a number of steps, as you can see in this LMS. Each step is a section.

The steps in this program

We are assuming some basic Docker knowledge in this program, i.e. some understanding of the primary use cases of containers.

  • We begin with evaluating the business drivers for containers and Docker. This will fund our risk management effort.
  • Then we will have a good overview of the Docker ecosystem from the perspective of ownership, control and responsibilities.
  • IT risk management and its application to Docker is then covered. The focus is on the process, although we do give some examples of specific risks.
  • Risks should not be treated in isolation but grouped into 'control areas'. This step gives you a good start in creating your own Docker control framework.
  • Finally, there is a small bonus section with a real world discussion on advanced threats.