Security Posture

Print

The term security posture is synonymous with security analysis baseline. A security analysis baseline is a holistic approach to determining the general level of security and risk within an organization at a given point. It can also be referred to as the "normal" security posture of an organization. This analysis is usually conducted by a review team. Skilled team members generally produce higher-quality baselines.

While developing a security analysis baseline, an inventory analysis of the hardware and software being deployed on a network is conducted. This helps determine the vulnerability level of systems based on presence or absence of patching. Furthermore, the criticality of the systems can be determined based on the value of the data and the communication links to the outside environment.

A thorough risk analysis should be conducted to identify threats and vulnerabilities, the likelihood of the threat landscape exploiting these vulnerabilities, as well as the risk mitigation strategy. During a baseline security analysis, policies and procedures are thoroughly reviewed to determine the controls that are in place. In addition, the current levels of security tools and technologies in place, such as encryption, firewalls, applications, and endpoints, are also examined.

Going deeper, penetration tests are conducted to further determine the likelihood of system vulnerabilities being exploited. A white box or black box test can be conducted. During a white box test, the attacker knows about the internal structure of the attack landscape. By contrast, during a black box test, the attacker does not have any information on the internals of the systems and is attempting to perform the penetration test as an actual malicious attacker.

During these tests, attempts are made to exploit vulnerabilities by conducting attacks as well as packet and network analysis to get deeper into the network and to learn more about its users. A security analysis baseline provides a clearer picture of the current state of the security posture of an organization.