Creating a Baseline Definition for Information Systems Security
Taking your policies and building security baselines is a good way to ensure compliance. For example, suppose you have about 200 servers and an Active Directory (AD) server that enforces password rules. Configuring the servers to use AD to authenticate ensures that their passwords meet standard requirements. Additionally, if the password rules within the policy are compliant with NIST standards, then AD might be an effective tool to enforce that aspect of regulatory compliance. So, a baseline is a good starting point for enforcing compliance.
Within IT, a baseline provides a standard focused on a specific technology used within an organization. When applied to security policies, ...
Get Security Policies and Implementation Issues, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
