I'm looking for advice on creating a solid 30-60-90 day plan focused on auditing an environment. Any tips on how to build one or examples would be great! I'm especially interested in identifying gaps or issues effectively and would appreciate any frameworks or resources that could guide me through this process.
4 Answers
Just curious, why does IT get tied into performance plans for new hires?
When setting up a plan for an audit, consider the criticality of findings. For instance, prioritize high-severity vulnerabilities to be resolved within a month, medium ones in 1-2 months, and so on. If you're new to this, starting with a Security+ certification could be helpful, and aiming for a CISSP is a good bonus. Don't forget about NIST standards and the NISPOM for solid resources, especially if you're in the U.S!
If you're embarking on an audit, first assess how chaotic the environment is—it's common for new admins to inherit messy setups without proper documentation. I recommend gathering insights from community experiences to create a list of necessary tasks. Start with a baseline framework, such as the CIS, and gradually work towards STIG compliance. As you conduct your audit, rank the controls by their importance to your business—high, medium, or low. Let these findings shape your 30-60-90 day plan!
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures