
Infrastructure & Systems compliance
セキュリティコンプライアンス
An organization's infrastructure is composed of different layers. On top, there are usually applications, which in turn are served by a multitude of systems that act as containers for these applications (usually operating systems or containers). At the end the infrastructure layer interconnects these systems in order to provide a medium of communication between systems and applications.
The purpose of the Infrastructure & Systems compliance is to ensure that the infrastructure and systems layers are positioned in the appropriate security posture. This security posture can be defined as the condition where the configuration of a specific asset comply with a specific benchmark, such as:
Definition of:
The purpose of the Infrastructure & Systems compliance is to ensure that the infrastructure and systems layers are positioned in the appropriate security posture. This security posture can be defined as the condition where the configuration of a specific asset comply with a specific benchmark, such as:
- Best practices, that is widely accepted from the community
- A standard (Community, like CIS or government, like DISA STIG)
- An organization predefined configuration
Definition of:
- Scope
- Reference benchmark
- Operational prerequisites
- Technical analysis on the assets under scope
- Gap-analysis with respect to chosen benchmark