Security Configuration Management is tough work.
It’s a hard job to collect and assess millions of configuration items on disparate systems. It’s almost impossible to harden systems and stay ahead of configuration drift. And it can practically be murder to get operations teams to toe the line with security policies, cooperate with your efforts and help improve security posture.
But help is here. (Literally. Click right here: http://www.SCMforDummies.com)
Security Configuration Management For Dummies, the newest “Dummies” guide from Wiley Publishing, is available now. This Tripwire Special Edition version shows you not only how to accomplish a wide-scale security hardening project, but how to make it stick.
This concise book provides detailed advice, industry best practices, and case studies that can help you make a case for introducing security configuration management into your infosec programs.
And best of all — it’s free from Tripwire.
Whether you’ve got a system hardening project planned or are just now thinking about how to fit it into your security programs, this book can help.
PS: You may want to take a look at Adam Montville’s latest post on SANS CSC #3. It does a good job looking at SCM through a SANS lens.