2023 IT Examiner School

Internal Use Only

Baseline Configuration Institutions should use standard builds & baselines to allow one documented configuration to be applied to multiple computers in a controlled manner

When information systems change, management should update baselines; confirm security settings; and track, verify & report configuration items

Configurations should be monitored for unauthorized changes & misconfigurations should be identified

Management can use automated solutions to help track, manage & identify necessary corrections

Internal Use Only

Hardening

Institutions typically use off-the-shelf software that provides more functions than are required for the institution’s purpose

Unnecessary software & services represent a potential security weakness

When deploying applications & systems, management should harden applications by determining the desired purpose & limiting the installation, configuration & access as much as possible