摘要:The organization trying to manage information security manually or automatically. The preliminary task is to first understand and identifying the security requirements, which generally includes everything starting from hardware, software and information assets, threats and vulnerabilities associated with them, different network connections and topologies used for transferring information to and from the enterprise. Security infrastructure advisory is a specified set of entities, both physical as well as software, in order to implement the set of identified controls. It tells an individual/organization the details regarding the security tools and the exact location of security tools, required to mitigate the security risks of the organization. In this phase, the security infrastructure advisories for different assets and platforms are generated. After getting the security infrastructure specification, the organization decides on the particular infrastructure that it would like to implement..
