Skip to content

Dated: 14-11-2024

Ch03. Who Will Conduct the Security Hardening

  • Involvement of various stakeholders for security hardening
    • Operations teams
    • Security team
    • IT management
    • Consultant
    • Business

Pasted image 20241114120758.png

  • IT Operations teams:
    • Study the security controls (CIS/DISA)
    • Apply the security controls in pilot/test environment
    • Report the completion of control implementation to ISMC
    • Assist InfoSec team with validation
  • InfoSec team:
    • Conduct validation of security controls implementation
    • Acquire checklist of controls from relevant IT team
    • Document the status of controls in the form of a checklist
    • Forward validation report to ISMC
  • IT management:
    • Ensure IT operations teams receive required guidance and support
    • Sign-off on change management requests
    • Assist with planning down-time and business related downtime
  • Consultant or project director:
    • Drives the security program
    • Ensures that strategy is aligned with project objectives
    • Ensures process and activities are moving at good momentum as per timeline
  • Business stakeholders:
    • Provide downtime approvals if required
    • Help to engage other vendors if applicable