Establishing a Security Baseline / Policy

By Jeffrey LushSep 3, 2017

Setup the Baseline

The bapBaseline is a security baseline that leverages all of the components found within bapSoftware. It is not uncommon to have multiple security baselines within an organization. Services provided by your IT infrastructure range from email to accounting to human resources. Although many of the IT solutions share a common architecture, for example, network switches and storage, the applications often vary considerably. Each of the applications will have unique security requirements, therefore, organizations will have a separate security baseline for email, accounting, etc.. bapSoftware allows you to share components with multiple bapBaselines… giving you the flexibility to secure services individually, while not costing you extra.

Security Baseline

The security baseline is a collection of the bapControls that you have created. It will monitor events in the environment, allowing you full visibility into the health of that environment's security. Get started by adding a unique name and description of the baseline.

Adding Controls

All security baselines are built from a collection of security controls. A security baseline typically focuses on a specific objective, for example, email. If you are developing an email security baseline, you will want to make certain that you select AC-1 for Access Control, SC-13 for encryption…and so on. bapSoftware allows complete flexibility for our customers, although if you prefer a "pre-packaged" security baseline, complete with controls, KPs, events, etc… simply go to the bapMarketplace and purchase a bapBaseline that makes sense for your business objectives.

Changing Priorities

When key phrases are associated with a security control a specific weight is assigned. The weight represents the impact that a comprise of the security control will have on the security health of an organization. Assigning weights to a control is a universal application, meaning that the weight is applied to every security baseline that leverages the security control. Although we understand on some occasions the impact of the control will vary based on the security baseline, hence we have created "Priorities" to deflate the importance of the control for a specific security baseline.