Summary

Throughout this chapter, we have provided an overview of baselining to help you understand its importance and its role within the overall security program. You have learned about policies, standards, procedures, and guidelines, as well as their importance as part of your overall security strategy. We also looked at how these policies, standards, procedures, and guidelines interact with and build on each other to structure the baseline model. We then covered the change management process with regard to baseline management.

Finally, we reviewed frameworks and their role within the security function of your organization, discussing the more widely adopted frameworks that are implemented. Following this section was an overview of the baseline controls that are available for Windows. These options include CIS and the Windows security baselines, as well as directions on where to retrieve predefined templates, configurations, and images before outlining the best practices of baselining.

In the next chapter, we will cover server infrastructure management. This chapter will provide an overview of the data center and the cloud, along with the models that are available. You will learn about the different tools available for Windows server management, including the traditional on-premises and hybrid solutions available in Azure that extend your workloads to the cloud.