Dated: 14-11-2024
Ch03. what is the 8-step Methodology for Security Hardening (part 2)
Step 1: Identify Critical Assets & Asset Owner
- Asset inventory & infrastructure diagram
- Examine risks
- Analyze assets at a high level and prioritize
- Minimum security baseline (MSB)
- Break into phases
Step 2: Research on Applicable Security Controls
- CIS, DISA
- Search on google
- Review standards/frameworks (ISO27001, PCI, etc)
- Look at OWASP, CSA, NIST, CIS Top 20
- Selection of controls
Step 3: Checklist of Applicable Security Controls
- Checklist for progress tracking
- Share with appropriate IT team
- Forms record for controls trail
Step 4: Document Controls into Sop
- Enter controls set into draft SOP
- Who will do what when, (and briefly how)
- Get Dept Head agreement and sign-off on checklist and SOP
Post Assessment
In perspective of information security controls, OWASP stands for
- Open Web Application Standard Procedure
- Open Web and Security Process
- Open Web Application Security Project
- Open Web Alliance Security Protocol
In the context of Information security controls, CIS is short for
- Combined Industry Security
- Controlled Internal Security
- Care for Information Security
- Center for Internet Security
CSA is short for
- Cloud Security Alliance
- Combined Security Architecture
- Cloud Security Architecture
- Combined Security Alliance