IT Essentials — Introduction to IT























            Trevor: Would we also want to ask for the hardening checklist and have the administrator use a
            couple of devices to confirm that the software was installed and is operating effectively?

            Wendy: Yes. That is a very good observation, Trevor. We would definitely want to ask for those.
            Would you explain what hardening is, and talk about the checklist?

            Trevor: Hardening is the process of preparing a device or software system and deploying them on
            our network. We have requirements to ensure all devices and software systems meet our internal
            standards. For example, all devices need to be monitored, and hardware requires antivirus software.
            The hardening checklist identifies all these tasks to make sure they are accomplished successfully
            before the updates are moved to production.

            Trevor: I always ask for hardening checklists to get a sampling of each device type deployed so I can
            make sure the checklist is complete. Because our IT department uses a combination of Security
            Technical Implementation Guides (STIG) and the Center of Internet Security benchmarks in addition
            to the product vendor recommended installation procedures, I also check ahead of time to see
            which hardening guideline was followed.
















            Copyright © 2020 by The Institute of Internal Auditors, Inc. All rights reserved.