A security baseline refers to an individual set of necessary security procedures and objectives set aside for a given system or service to meet. The choice of the above objectives must conform to pragmatism and completeness, and should not impose any technical means. As a result, all the details of security baseline objectives are set and fulfilled by one particular system service, and are documented in an entirely different document of security implementation. Primarily, the details highlighted in a security baseline depend upon the background of the specific operational environments in which the systems or services run. As a result, the kind of security measures used is limited to the developers’ creativity and relevant application of the rules. Although derogations from the security baselines are expected and possible to happen, it is advisable to keep watch and mark them explicitly.
The Types of Security Baseline Standards
Security baseline standards are classified into two basic types. One type is the high-level rules, and the other is the technical standards. It is possible to choose and implement either of them independently or develop both at the same time. The choice of performing either or both depends entirely upon the particular needs and requirements of a system or service (TDi Technologies, Inc., 2011).
All security baseline standards of the high-level kind are independent of the operating system. They reach a broadly and reflect the respective mandates and goals stipulated by the provisions of the security policy. They articulately spell out an optimally achievable baseline in reference to the application in systems of varying levels of security. One of the best strategies suitable for implementing security baselines especially in a system whose security awareness is in the blossoming state is starting with the high-level security baseline standards. The rationale for the above finds its basis in the fact that these kinds of measures are easy to implement and help in tightening up the security baselines as needed. As a result, smaller systems are in a position to excel by just applying the high-level baseline standards.
For technical security baseline standards, there is a provision for separate documentation for every type of system the organization uses. The above case calls for the identification of every operating system configurations applied by the system, as well as relevant functions of every system type used. Technical security baselines require the documentation to follow a classification based on the functional type of the systems or services. In order to develop the most optimal technical security baseline standards, every operating system should follow a system hardening guide that utilizes just the parts that optimally fit the needs of the system or service.
The Benefits of Security Baselines
The primary objective of establishing and following up a security baseline is in order to strengthen and promote an organization’s security, specifically to its computing assets. The first step necessary for the success of the above is the adoption of the Minimum Security Baselines (MSB). The adoption and implementation of various security system types help in enhancing the security of a system’s host. It also helps in allowing the use of time more efficiently and makes the provision of technical support to the system and service users easier. All the above is possible due to the system’s compliance to a known and tested set of applications used by the organization.
It is common for various stakeholders to challenge the importance of the MSB while a system has a security policy. However, there is no point of confusion between the two. The security baselines are set in a way that they never conflict with a security system (WhiteHat Security, 2012). The security baseline objectives are optimized as tools for implementing the goals and ideas stipulated by the security system. Mostly, the security baseline goals reflect on ways and means of making the prevailing security system work more efficiently. The security baseline first reflects upon the provisions of the security policy, then highlights on some necessary guidelines necessary in the preparation of individual systems applicable for production purposes.
According to the performance of various standards, the main challenge of security policies results from excessive rigidity. However, with the establishment of security baseline standards, such rigidity is reduced or removed. The technical security baseline standards span widely on matters concerning risk articulation for online systems and services (Rohmeyer, 2006).
Of great importance, the Minimum Security Baselines are very easy to learn and incorporate. Additionally, they are easily available and integrate with ease to complementary tools such as software and scripts used in the systems and services. The ability to avail the security baselines on web servers in addition to linking them to various other related system configuration tools makes their application easy. The above is more important than just operating under the provisions of the security policy only (Livingston, 2008).
The adoption of security standards for all aspects of computer systems stands out as a vital step in enhancing secure networks. The secure a system is, the better it performs. The ability of an organization to adopt optimal security baseline standards guarantees risk reduction through the elimination of primary vulnerabilities. In light of the above, the implementation of Minimum Security Baselines is crucial in helping a system achieve all the goals and provisions stipulated in the security policy.
References
Livingston, G. (2008). How to Develop Your Company’s First Security Baseline Standard. Retrieved April 18, 2015, from giac.org: http://www.giac.org/paper/gsec/170/develop-companys-first-security-baseline-standard/100648
Rohmeyer, P. (2006). An Evaluation of Information Security Management Effectiveness. Retrieved April 18, 2015, from proquest.com: http://search.proquest.com/buscoll/docview/304945500/C7A5F7B95FE54E45PQ/1?accountid=30552
TDi Technologies, Inc. . (2011). Closing the Security Gaps: Baseline Configuration Management. Retrieved April 18, 2015, from tditechnologies.com: http://www.tditechnologies.com/wp-content/uploads/2011/09/BaselineConfigurationManagementSecurityWhitePaper.pdf
WhiteHat Security. (2012). WhiteHat Security Introduces Sentinel Baseline Edition Enterprise. Retrieved April 18, 2015, from proquest.com: http://search.proquest.com/buscoll/docview/918703977/C7A5F7B95FE54E45PQ/2?accountid=30552
