Building a Baseline Flashcards
(27 cards)
Define “security baselining”
The practice of implementing a minimum set of standards and configuration within your environment.
What is the purpose of a security baseline?
Provides a minimum defined standard to ensure a more secure and consistent environment; Helps businesses align with compliance or governance regulations
What current products help to create baselines at an enterprise level?
Group Policy Objects (GPOs) and Mobile
Device Management (MDM).
What are the different types of devices/systems that can benefit from baselining?
- Network devices (switches, routers, firewalls, and so on)
- Windows systems: servers and clients
- Linux/Unix systems
- Storage/file servers
- Database servers
- Web servers
- Application servers
- Operational Technology (OT)
- Internet of Things (IoT)
Before baselines are created, what must be implemented to set the stage for baselines?
Polices, standards, and procedures signed off and enforced by leadership; Without this support, it becomes more difficult to enforce and collectively get behind
security at an organizational level
What is the role of polices in a security program?
A security policy is the first level of formalized documentation for your organization’s security program and is mandatory.
How do policies differ from standards and procedures?
Policies are very broad and general with no direct tie to the technology or solutions within the organization.
What are basic procedures that every business that uses windows devices hvae?
- Security updates
- Encryption
- Firewall
- Password policy, Multi-Factor Authentication (MFA), and biometrics
- Local administrative access strategy
- Security protection tools and antivirus
- Compliance and protection policies
- Data loss prevention and information protection
Define a “standard”
Standards define the specifics of a policy and are mandatory; They provide the direction needed to support the policies and specifics on the technology to
be deployed.
What are examples of standards used in windows envrionments?
- All Windows servers and end user workstations will be encrypted using BitLocker and/or Azure Disk Encryption.
- A Windows firewall will be enabled and configured on all Windows end-user
devices and servers. Connection rules will be documented. - MFA will be required for all users accessing the corporate environment
and resources. - There will be no standard user accounts assigned with local admin access on
any Windows device.
Define a “procedure”
Procedures are the step-by-step instructions used to accomplish a repeatable task or process; Intended to achieve a specific goal and assist with
implementing the defined policies and standards.
Define a “guideline”
Guidelines provide recommendations or best practices and are not mandatory
requirements.
How does a guideline differ from a procedure?
They are complementary controls that
provide guidance where a standard may not apply
What is the purpose of a guideline?
Although not mandatory, guidelines provide a lot of value to users to help them to be
more productive with technology.
What is best practice for communicating policies, standards, and procedures?
- Insert a section on guidelines in the company newsletters and/or communications.
- Link your guidelines back to a central repository for users to come back and
access it. - Keep your guidelines short and to the point.
- Make your guidelines relevant to both professional and personal usage.
What is a standard change management flow process?
Submit request -> Review with CAB -> Receive Approval -> Test change -> validate change -> close request
Should policies, procedures, standards, and baselines go through a change management flow process?
Yes
Define a “security framework”
A security framework is a set of documented standards, policies, procedures, and best practices designed to build a well-defined basis for your
organization’s security program.
What is the purpose of a security framework?
To provide a structured approach to architecting security solutions, implementing security controls, and characterizing threats, vulnerabilities, and mitigation tactics intended to enhance an organization’s security and reduce risk.
What are common security frameworks?
- International Standards Organization 27000 Family (ISO)
- National Institute of Standards and Technology (NIST)
- NIST SP 800-53: Security and Privacy Controls for Federal Information Systems
and Organizations - NIST SP 800-171: Protecting Controlled Unclassified Information in Nonfederal
Systems and Organizations
- NIST SP 800-53: Security and Privacy Controls for Federal Information Systems
- Health Information Trust Alliance Common Security Framework (HITRUST
CSF) - Center for Internet Security (CIS)
What are the 5 pillars of National Institute of Standards and Technology (NIST)?
- Identify
- Protect
- Detect
- Respond
- Recover
Describe Center for Internet Security (CIS) controls framework
CIS Controls are a broader set of 18 foundational and advanced controls that provide a more comprehensive approach to overall security protection.
Describe Center for Internet Security (CIS) benchmarch framework
CIS Benchmarks are focused more on the specific hardening of your systems, software, networks, and more.
Does Microsoft offer security basslines?
Yes; Windows security baselines from the Microsoft Security Compliance Toolkit (SCT), which provides recommended configurations to harden your Windows systems.
https://www.microsoft.com/en-us/download/details.aspx?id=55319
