Professional Documents
Culture Documents
This week we studying continuous monitoring, this process allows an organization to track a device or component and ensure
that any changes to the device are authorized changes. Effective monitoring occurs on a continuous basis and provides alerts
when suspicious activity occurs. We also learned that a security configuration checklist can be an effective tool for securely
configuring a device/component. Table 1 is an example of a technical implementation guide when updating the software on a
laptop.
Table 1
Laptop Technical Implementation Guide
Initiative/Release Name Laptop Lockdown
Maintenance: Update Laptop hard
Project Type drive encryption
System Changes Bitlocker app update
Baseline Changes Update Bitlocker software
Security Risks PCI or PII data loss
Planned Deployment Initiation Date 15-Mar-21
Planned Deployment Completion Date 31-Mar-21
System(s) Impacted by change All Corp Laptops
Current Security Categorization of
Impacted System(s) High
[Insert initiative/release background info All Corp Laptops open to internet
required by the organization as applicable] and potentially confidential data
What are the business requirements Bitlocker new software provides
driving the change? better encryption of hard drives
Please describe the proposed change(s), Remove and replace Bitlocker
including ALL additions, deletions, and X.X with Bitlocker Y.Y
modifications
Yes, this is a software push to
Corporate laptops. All systems
Is the Technical Lead and/or Project Lead will force a reboot to the
aware of any potential security-related employees, the forced reboot can
issues or challenges associated with this be snoozed or scheduled by the
change? If so, briefly describe them or employee so long as the update
provide an attachment describing them. occurs prior to 31-Mar-21
Note: This table was derived from an example in NIST SP 800-128
References
Johnson, A., Dempsey, K., Ross, R., Gupta, S., & Bailey, D. (2011, August). Guide for Security-Focused Configuration Management of
Information Systems (NIST Special Publication 800-128). National Institute of Standards and
Technology. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-128.pdf
What is Risk Management | Risk Management | Marquette University. (2021). Www.marquette.edu; Marquette University.
https://www.marquette.edu/riskunit/riskmanagement/whatis.shtml#:~:text=Risk%20management%20is%20the
%20continuing