- Managed Cyber Security Services
- Cyber Security Services
- Cyber Security Incident Response Services
- CONTACT US
- 1300 931 727
Baselining systems provides your business with a point of reference and allow you to recognise when something is out of place on a critical system. A baseline can be either static (configuration-based) or dynamic (activity-based) and can be used to alert the business of non-compliant, unauthorised and potentially malicious changes on likely-targeted systems.
For baseline security implementation to be reliable, we first need to ensure that we have established practices for the ownership and classification of all data. With this foundation in place, we can have confidence that our baseline will enforce the correct protections from now and in the future.
Steps to create baseline security for your network:
List components and systems that get utilised in your essential operations, those that process or hold sensitive data, and those subject to additional requirements such as legislative compliance. Remember to include any business continuity sites and equipment in this process as they get used for actual IT disaster; they must be suitable for production use.
Ensure your critical assets are hardened (locked down) using a predetermined secure configuration benchmark for each platform. Here we are ensuring that access control lists of folders and files have the least privileges and only authorised people can access secure folders.
Next, enforce patching compliance of current software and firmware to build systems up to comply with the set baseline. Any new devices or software added must adhere to the baseline before connecting them to the production network from this point forward.
Define business-as-usual activities, including regular authorised access, typical daily activities, regular CPU-intensive reports and cyclical peaks. End of month, end of quarter and end of year reporting may exceed norms; this will require a decision to be made whether to incorporate these into your baseline or create activity-specific baselines for these in-frequent activities.
You need a process that will alert technical staff and business owners when there are events that do not conform to our baseline. This is to ensure that security events do not go unnoticed. Alerts may be email, SMS or raise a ticket via your incident management system. Configure alerts in your:
Examples of the types of alerts to create:
As your processes mature, you can include alerts around changes by an authorised user and deviation from a previously established compliant state.
Take steps to ensure that your business can quickly remediate issues and provide a secure operating platform without delay. Routine and approved activity can lead to critical assets losing compliance with your static baselines over time. In this case, you should modify your procedures to avoid this happening again. You may need to perform forensic analysis to understand an incident fully, document what happened without blaming individuals who did or did not do what is somewhat academic. Consider the big picture and place emphasis on learning and improving as an organisation. Questions to ask as part of the recovery process:
Certainly, there is a deal of work required and some challenges to face when implementing baseline security and the necessary associated practices. You should expect impediments and see these as facilitative hurdles rather than immobilising obstructions. The upside is that once established, baseline security processes provide genuine benefits. With baseline security in place, you can:
Provided you have a proper implementation, your overall costs associated with security compliance will be reduced in the long term, thus enhancing the ongoing viability of the organisation. Get in touch with Intrix Cyber Security for products and solutions to assist your business obtain comprehensive cyber security.
Send us your requirements, and we’ll be in touch soon!
1300 931 727
Level 13, 333 George Street
Sydney NSW 2000