Implementation of Automated Security Focused Configuration Management in an Academic Organization Through Scap (NIST)

Abstract

Information system at large are at a greater risk than before by the hands of malicious attacker. The most overlooked is the configurations, with the efficient configuration managed and enforced by the organizations the lapses of security can be easily managed.Maintenance and configuration of multiple systems is an administrative nightmare and has resulted in multiple breaches of security. In order to defend any educational setting from external threats and to develop a coherent security fixated configuration management strategiesacompetitive and cost effective method is proposed. The technique in argument tightens the security of information systems in general. It‘ll profit an ordinary user and guises the intricacy of policy from them. It would cut the training costs of both the users and the implementers. The proposed system enables the addition and deletion of devices/hardware in an organization as it‘ll implement the same policies pre-defined to a particular subdivision of systems. There are a limitation to the techniques proposed by SCAP in general and this problem is addressed in this thesis contribution.