Skip to content

Dated: 14-11-2024

Ch03. Security Hardening Strategy

  • Depending upon the size and type of the organization, there will be dozens, hundreds, or even thousands of IT assets to secure
  • Priority is a key factor in all security undertakings
  • Prioritize what is most important and needs to be done first
  • Cascade as we go along

Pasted image 20241114115840.png

  • Separate security engineering (Step 3) from security hardening (step 1)
  • Security engineering requires more thorough working so will slow down the security implementation
  • Do the low hanging fruit first (security hardening)
  • Minimum security baseline (MSB) refers to the obvious assets which need to be secured and the threshold which is the minimum expectation from the security program
  1. it infrastructure
  2. isms doc & processes
  3. software app
  4. other apps/utilities/3rd parties
  5. desktops & browsers
  6. vulnerability management
  7. mobile security
  • For a successful security transformation project, good planning, organization, and effective project management is essential