Updating security procedures
Just as security policies should be reviewed and updated on a regular basis, security procedures need the same care and feeding.For those procedures that are executed on a regular basis (e.g.
onboarding of a new employee and assignment of access privileges).
Although pilots may have flown thousands of hours, they still follow the checklist.
Following the checklist ensures consistency of behavior each and every time.
If the hardening procedure is not followed, the system administrator could leave out a step that results in an unacceptable exposure of the server or data (e.g., leaving unneeded ports open on the server or the permissions on a directory open to unauthorized users).
The best option would be to automate the hardening procedure through scripts or other automation tools (e.g. This will ensure the consistent execution of the hardening “procedure.”The following is an example of how security procedures build upon or enable security policy.