12 Secure Configuration Baseline

This chapter is about creating a secure configuration baseline. Remember that security is a journey, and you can’t do everything at once. This is why risk management is so important—being able to weigh your risks, impacts, likelihood, and budget considerations. The company you work for is a business, so you have to balance controls, risk, and budget. As far as executive management goes, they aren’t going to care as much about security as you do. We will discuss how to decide what controls should be enforced and what security baseline you should follow. Next, we’ll discuss CIS and STIGs, why to choose either one and the best way to go about deploying your new security baseline.

In this chapter, we’re going to ...

Get A CISO Guide to Cyber Resilience now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

A CISO Guide to Cyber Resilience by Debra Baker

12

Secure Configuration Baseline

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly