Scribd Logo
Upload

Welcome to Scribd!

  • Information Security Transformation-Nahil Mahmood-Lecture 60

    Uploaded by

    Qasim Khan
    8 views5 pages
    The 8 step methodology for security hardening involves: 1. Identifying critical assets and their owners. 2. Researching applicable security controls from sources like CIS, DISA, ISO27001, and NIST. 3. Creating a checklist of applicable controls to track progress. 4. Documenting the controls into standard operating procedures including responsibilities. 5. Implementing controls on a test setup. 6. Validating control implementation. 7. Establishing a change management process for production. 8. Implementing controls on production and monitoring.

    Original Description:

    Original Title

    Information Security Transformation-nahil Mahmood-lecture 60

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The 8 step methodology for security hardening involves: 1. Identifying critical assets and their owners. 2. Researching applicable security controls from sources like CIS, DISA, ISO27001, and NIST. 3. Creating a checklist of applicable controls to track progress. 4. Documenting the controls into standard operating procedures including responsibilities. 5. Implementing controls on a test setup. 6. Validating control implementation. 7. Establishing a change management process for production. 8. Implementing controls on production and monitoring.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    8 views5 pages

    Information Security Transformation-Nahil Mahmood-Lecture 60

    Uploaded by

    Qasim Khan
    The 8 step methodology for security hardening involves: 1. Identifying critical assets and their owners. 2. Researching applicable security controls from sources like CIS, DISA, ISO27001, and NIST. 3. Creating a checklist of applicable controls to track progress. 4. Documenting the controls into standard operating procedures including responsibilities. 5. Implementing controls on a test setup. 6. Validating control implementation. 7. Establishing a change management process for production. 8. Implementing controls on production and monitoring.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 5

    8 Step Methodology – Security Hardening (2)

    • Step 1: Identify Critical


    Assets & Asset Owner:
    – Asset inventory &
    infrastructure
    diagram
    – Examine risks
    – Analyze assets at a
    high level and
    prioritize
    – Minimum security
    baseline (MSB)
    – Break into phases
    1
    8 Step Methodology – Security Hardening (2)

    1. Identify critical 6. Validation of 7. Change


    assets (& asset control management
    owner) implementation process for PROD

    2. Research on 5. Implement
    8. Implement on
    applicable controls on test
    PROD & monitor
    security controls setup

    3. Checklist of
    4. Document
    applicable
    controls into SOP
    controls

    2
    8 Step Methodology – Security Hardening (2)
    • Step 2: Research on
    applicable security
    controls
    – CIS, DISA
    – Search on google
    – Review
    standards/framework
    s (ISO27001, PCI, etc)
    – Look at OWASP, CSA,
    NIST, CIS Top 20
    – Selection of controls

    3
    8 Step Methodology – Security Hardening (2)
    • Step 3: Checklist of
    applicable security
    controls
    – Checklist for
    progress tracking
    – Share with
    appropriate IT team
    – Forms record for
    controls trail

    4
    8 Step Methodology – Security Hardening (2)
    • Step 4: Document
    controls into SOP
    – Enter controls set
    into draft SOP
    – Who will do what
    when, (and briefly
    how)
    – Get Dept Head
    agreement and sign-
    off on checklist and
    END SOP

    You might also like