📖 What is Baseline?
A Baseline is a minimum set of security controls and configurations that must be applied to a system to ensure a consistent level of protection. It provides a known good state that can be used to detect unauthorized changes over time.
"Think of a baseline as the security floor. Anything below the baseline is considered non-compliant and must be remediated."
📚 Certification: Certified in Cybersecurity (CC)
🔑 What are the Key Concepts of Baseline?
- ▸ Baselines are central to configuration management, ensuring all systems start from a standardized, approved security posture to significantly reduce the overall attack surface.
- ▸ By comparing current system states against the established baseline, administrators can quickly identify unauthorized changes, potential compromises, or what is known as configuration drift.
- ▸ Baselines serve as the technical benchmark for audits, allowing organizations to prove that their systems meet minimum regulatory requirements or internal security standards.
- ▸ When a system falls below the baseline, it is flagged as non-compliant, triggering a remediation process to return the system to its known good state.
- ▸ Standardized baselines prevent the creation of 'snowflake' systems, which are unique, undocumented configurations that are significantly harder to secure, patch, and manage at scale.
🎯 How does Baseline appear on the CC Exam?
You may be asked to identify the best method for detecting unauthorized changes to a server's configuration. The correct answer will involve comparing the current system state against a documented security baseline to find discrepancies.
A scenario might describe a company deploying hundreds of new workstations. Expect questions about how to ensure every machine meets the same minimum security standards by applying a pre-approved baseline image.
Expect questions where you must distinguish between a high-level security policy and a technical baseline, specifically when asked which document provides the actual minimum configuration settings for a system.
❓ Frequently Asked Questions
What is the difference between a security policy and a security baseline?
A policy is a high-level directive stating what must be achieved, such as 'all systems must be hardened.' A baseline is the specific technical implementation, such as 'disable Telnet and set password length to 14 characters.'
How does a baseline help in incident response?
During an investigation, a baseline provides a 'known good' reference point. By comparing the compromised system to the baseline, responders can isolate exactly which files or settings the attacker modified to gain access.