is the process of applying secure configurations (to reduce the attack surface) and locking down various hardware, communications systems and software, including the operating system, web server, application server and applications, etc. In this module, we will introduce configuration management practices that will ensure systems are installed and maintained according to industry and organizational security standards.
Hardening
they are part of implementing controls to protect classified information.
Security labels
Information and data should be kept only for as long as it is beneficial, no more and no less.
retention
policies indicate how long an organization is required to maintain information and assets.
Records retention
is the primary form of instrumentation that attempts to capture signals generated by events.
Logging
are any actions that take place within the systems environment and cause measurable or observable change in one or more elements or resources within the system.
Events
are implemented to protect against unauthorized changes to log information.
Controls
refers to surveillance and assessment of all inbound communications traffic and access attempts.
Ingress monitoring
is used to regulate data leaving the organization’s IT environment.
Egress monitoring
is used to protect information by keeping its meaning or content secret and making it unintelligible to someone who does not have a way to decrypt (unlock) that protected information.
Cryptography
The objective of every encryption system is to transform an original set of data, called the plaintext, into an otherwise unintelligible encrypted form, called ___?
ciphertext
is a process and discipline used to ensure that the only changes made to a system are those that have been authorized and validated. It is both a decision-making process and a set of control processes.
Configuration management
is a minimum level of protection that can be used as a reference point.
security baseline
