Dated: 31-10-2024
Ch01. what Are the Four Layers of Information Security Transformation Layer
Security Hardening
- Compile IT assets
- Establish minimum security baseline (MSB)
- Research security controls and benchmarks
- Pilot (test)
- Implement controls
- Monitor and update controls
Vulnerability Management
- Purchase internal tool (NESSUS, Qualys, etc)
- Conduct vulnerability assessment
- Prioritize and remediate
- Report
- Repeat cycle on quarterly/monthly basis
Security Engineering
- Assess risk profile
- Research security solutions
- Design security architecture
- Implement security controls & solutions
- Test and validate security posture
Security Governance
- Policies and procedures
- Risk management
- Core governance activities (change management, incident management, internal audit)
- Training & awareness
- Performance reviews
In context of security hardening, MSB stands for
- Minimum Security Baseline
- Minor Security Breach
- Major Security Break
- Major Security Baseline