Securing Critical IT Infrastructure.

By now most everyone has some form of a plan in place for the security of their infrastructure. Unfortunately, the plan may not be complete, omit critical processes, or is based on someone's idea of what is acceptable. Regardless of what is incorporated into the infrastructure, the plan hopefully includes a systemic and methodical process of beginning, maintaining, and changing throughout the lifecycle. No matter how you are structured, you must have management buy in or you have nothing! Although most “security professionals” have either just begun, are in an intermediate stage, or have years of experience with the common bodies of knowledge (CBK), most forget the basics or are unable to incorporate them due to client misunderstanding of them or the process of developing a secure infrastructure. Information Technology Infrastructure Library (ITIL) took the industry standards of business and built the processes to follow to build a structured environment. When you evaluate the requirements of ITIL and then evaluate what the National Institute of Standards and Technology (NIST) have developed over the years, in conjunction with the Rainbow Series, you have it all. NIST takes you a little further because they build the infrastructure from a secure foundation, whereas ITIL relates two paragraphs to the discipline. A secure environment starts with your foundation of security; every process thereafter falls into place as you develop your baseline security requirements (BLSR). Asset Management, Configuration Management, Change Management, Incident Management, Capacity Management, and Financial Management become a by-product of your foundation. [ABSTRACT FROM AUTHOR]