Security Posture


Security posture is “the security status of an enterprise’s networks, information, and systems based on information assurance resources (e.g., people, hardware, software, policies) and capabilities in place to manage the defense of the enterprise and to react as the situation changes.” (NIST SP 800-30 R1)

In other words, security posture is the overall security status of an organization determined by the effectiveness of total security controls. Security posture is established by embedding security controls throughout the life cycle of assets and the systems development life cycle (SDLC). An organization takes inventory of assets, classifies them based on business values, selects controls from security control frameworks, customizes security controls according to business requirements as the security baseline. The baseline security controls are then implemented for certification, assessed for authorization, and monitored for assurance. Changes are managed, and actions are taken to improve continuously.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.