Want the safest vehicle you can buy? Volvo? Hummer? A Challenger Tank is fitted with composite ceramic and tungsten-alloy armor and can withstand a direct missile strike. It’s noisy and slow, and maneuvering in tight spaces is difficult although this may not be much of an issue: You can literally park it anywhere you want.
Safety for IT systems is similar in that you may set maximum security as the objective but there will always be compromises in favor of optimizing service delivery. The two key principles of system hardening are to remove unnecessary function and apply secure configuration settings. Unlike most security frameworks, the Center for Internet Security (CIS) provide prescriptive guidance for configuration settings and, in the CIS Benchmark guides, even provide the required remediation commands.
Read the full article written by NNT CTO Mark Kedgley with InfoSecurity Magazine