Abstract:
With technological advancement, our community is getting more linked day by day than we have ever been previously. However, while such advances make our everyday life convenient, they also increase additional exposure to our data. Hence, making it difficult for individuals and corporations to flourish in an extraordinarily complicated and challenging landscape. Mainly, issues such as adopting appropriate enterprise administration practices to tackle data breaches and monetary scandals, the variety of corporate exposure, and legal requirements exert influence on corporate administration to develop a comprehensive solution or utilize the existing solution. However, the current approaches for identifying and managing risk are either unreliable or too complicated and overpriced for usage by every company or single person. As a result, we employed a structured method to suggest a cost-effective and dependable solution. In order to develop a comprehensive solution, this thesis lays down a foundation in order to be compliant with Information Security Standards in the context of Operating System, as a result safeguarding the information resources. Moreover, it concentrates on the windows platform retrieving the data critical for making the Operating System compliant with Information Security Standards like NIST SP 800-53. Finally, it lays out the framework for securing the Windows system, which users can adopt, and calculates the percentage compliance of the assessed PC. To make the process of compliance easy, a proof-of-concept solution (toolkit) is constructed for automatically auditing the Windows operating system’s security and consistently validating the gap within the standard and current configurations on Windows machines. To validate the framework, the toolkit was used to scan a windows PC. The toolkit examines windows machines’ compliance state by producing a comprehensive report for the system. Finally, an operating system security strategy has been presented; companies or individual users may implement that to assure compliance with NIST SP 800-53. Keywords — Security Standard Compliance, Operating System Hardening, Cyber Security Standard, Security Auditing, Automation.
