Step 1: Determining Organizational Readiness
The first step of the program assesses whether or not the organization is ready to take a more formal approach to IT security management. Use the “Security Formalization Readiness Assessment Tool" to find out if the capabilities of this program match the needs of the organization.
Info-Tech Tip: Determining Organizational Readiness
|
 |
1.1 Assessing Current Security Stance
Each organization’s readiness to implement a more secure IT infrastructure will depend on a number of factors. Determining organizational readiness and requirements will allow IT leaders to understand just how much effort they should be making towards improving security operations.
|
|
- Need a Security Clue? The Answer Is in the Cards
|
Step 2: Threats and Inventory
The second step of the program will perform a number of tasks, with the end goal of calculating the impact and severity of the threats that can be leveraged against each of the organization’s assets. Find the vulnerabilities present in the organization’s assets first, then use the “SecureIT Master Tool” to evaluate the threat posed by these vulnerabilities.
Info-Tech Tip: Complete the "Vulnerability Scanning Guide" prior to beginning the "SecureIT Master Tool."
|
|
2.1 Locating and Rating Vulnerabilities
Before organizations can begin to build a more secure infrastructure, they must understand where any weaknesses may currently exist. Vulnerability assessment allows organizations to identify those weaknesses and prepare to correct them.
|
|
- Highlight Perimeter Security Weakness with Vulnerability Assessment
- Vulnerability Assessment More Sensible Than Pen Testing
|
|
2.2 Inventorying Assets and Determining Importance
Because assets do not all have the same value, and because vulnerabilities do not all have the same impact, organizations must take the time to assess the criticality of any discovered problems, to ensure that corrective measures are taken in the right order. Inventorying all assets, establishing their organizational importance and cross referencing this with vulnerability information allows IT leaders to make informed choices about what risk to eliminate, what to mitigate and what to accept.
|
|
|
Step 3: Accounts and Permissions
The third step of the program will create a cross-referenced inventory of the user groups and resources in the organization. This allows IT leaders to quickly see the resources and permissions that each user group should have access to, versus those they have actually been provided.
|
 |
3.1 Inventory Accounts and Permissions
To limit both inappropriate user activity, as well as the exploitation of user accounts by criminal organizations must ensure that user accounts and the permissions associated with them are setup as restrictively as possible. Inventorying which accounts users should be provided, and what permissions they should have within those tools allows IT leaders to identify where potential security problems may exist.
|
|
- SharePoint Server Security: Painless Permissions Planning
|
Security Formalization Readiness Assessment Tool
