Scribd Logo
Upload

Welcome to Scribd!

  • 4 Layer Infosec Transformation Framework

    Uploaded by

    Muhammad Asim Mubarik
    183 views6 pages
    The document outlines a 4 layer framework for infosec transformation: 1) security hardening by establishing minimum security baselines and implementing controls; 2) vulnerability management through conducting regular vulnerability assessments and remediation; 3) security engineering such as designing security architectures and implementing solutions; and 4) security governance including policies, risk management, and core governance activities.

    Original Description:

    Original Title

    Information Security Transformation-nahil Mahmood-lecture 6

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document outlines a 4 layer framework for infosec transformation: 1) security hardening by establishing minimum security baselines and implementing controls; 2) vulnerability management through conducting regular vulnerability assessments and remediation; 3) security engineering such as designing security architectures and implementing solutions; and 4) security governance including policies, risk management, and core governance activities.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    183 views6 pages

    4 Layer Infosec Transformation Framework

    Uploaded by

    Muhammad Asim Mubarik
    The document outlines a 4 layer framework for infosec transformation: 1) security hardening by establishing minimum security baselines and implementing controls; 2) vulnerability management through conducting regular vulnerability assessments and remediation; 3) security engineering such as designing security architectures and implementing solutions; and 4) security governance including policies, risk management, and core governance activities.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 6

    Infosec Transformation Framework 4 Layers

    1. Security hardening
    2. Vulnerability
    management
    3. Security engineering
    4. Security governance

    1
    Infosec Transformation Framework 4 Layers

    4. Security Governance

    3. Security Engineering
    2. Vulnerability
    Management
    1. Security
    Hardening

    2
    Infosec Transformation Framework 4 Layers
    • 1: Security hardening:
    – Compile IT assets
    – Establish minimum
    security baseline
    (MSB)
    – Research security
    controls and
    benchmarks
    – Pilot (test)
    – Implement controls
    – Monitor and update
    controls
    3
    Infosec Transformation Framework 4 Layers

    • 2: Vulnerability
    management:
    – Purchase internal tool
    (NESSUS, Qualys, etc)
    – Conduct vulnerability
    assessment
    – Prioritize and
    remediate
    – Report
    – Repeat cycle on
    quarterly/monthly
    basis
    4
    Infosec Transformation Framework 4 Layers

    • 3: Security engineering:
    – Assess risk profile
    – Research security
    solutions
    – Design security
    architecture
    – Implement security
    controls & solutions
    – Test and validate
    security posture

    5
    Infosec Transformation Framework 4 Layers
    • 4: Security governance:
    – Policies and
    procedures
    – Risk management
    – Core governance
    activities (change
    management,
    incident
    management,
    END
    internal audit)
    – Training & awareness
    – Performance reviews
    6

    You might also like