Why Security Baselines are Important

Posted by Winnie Melda on November 26th, 2018


            The need to ensure data integrity, confidentiality, and reliability are among the crucial aspects of every IT security system. It is necessary that the IT-related staff has adequate measures to ensure that all the data and information that circulates within the network is secure from compromise by malicious agents. Every organization should have a basic security baseline upon which they adhere to in a bid to enhance the security of the information systems.  A security baseline outlines a set of fundamental security objectives that must be met for any service or system (Fitzgerald, 1995). The objectives are complete without imposing technical means. The implementation of the security objectives depends on the working environment, thus important to have a security implementation document separate from the security baselines. The security baselines focus on the guidelines for the servers and the physical systems, the file hosting services, web hosting services, and the embedded devices used within the system. The need to have the security baselines is to reduce the risk of unauthorized access to the IT resources and other sensitive data.  The baselines ensure that organizations comply with the specific industry security standard.

            The mandate of protecting the information systems of an organization requires the use of an appropriate set of security guidelines whose installation and management is good. Some organizations conduct a risk analysis to ensure that they have the right information about the status of their security. The strategy ensures that the organization put in place the most effective set of controls. Security baselines provide the guidelines on the most effective controls under general circumstances to install and offer an accepted level of protection. An organization that has improved security baselines does not need to have risk analysis processes (von Solms, 1997). The awareness of information security is usually low in many organizations and do not see the need for conducting a thorough risk analysis. As such, the approach of setting a minimum set of security controls helps to improve the information security awareness in such organizations (Campbell, Calvert & Boswell, 2003).

            An effective network security requires an integrated defense approach through the enforcement of the basic elements of network security. The basic security elements are the security baselines that create a sure foundation for building the advanced methods and techniques. The development and deployment of a security baseline are challenging due the features available. However, no organization can understate the importance of such guidelines. The security baselines seek to assist in outlining the crucial security elements to address in the implementation phases of the defense approach. At the heart of a security, the baseline is to secure the infrastructure that hosts the control and the management systems. The key areas of baseline security as earlier identified are the servers and the physical systems, the file hosting services, web hosting services, and the embedded devices (Fitzgerald, 1995).

            It is important to address the baseline security elements as a preliminary step towards improving the security of the systems. The additional security technologies and features would be less important without meeting the security baselines. The baselines give the necessary protection to every tool in the IT system infrastructure. As such, it is paramount that organizations strive to adhere to the security protocols and policies that in turn maintain the safety of all their data and system features.

The importance of the security baselines

            There are progressive high profile data breaches every day and organizations can no longer rely on the physical methods of prevention to protect their systems against malware. Network Baselining is becoming one of the most crucial security tools that organizations can deploy (Cisco, n.d). One of the major reasons for having security baselines is to provide a starting point for the operating system to use. It requires that the organization has a written security policy that helps to deploy the security baseline. The system administrators can then check the existing systems alongside the security baselines as a verification test for security. An organization has several security baselines to cater for different needs. There can be one for the end user operating system, generic servers, and the specialty servers. Thus, the security baselines will be effective in securing the operating system in use by use of policies on different issues.

            The implementation of the Security baselines ensures that the organization examine the potential risks to the business critical systems and reduce their impacts. The security baseline is a protection against the loss of data confidentiality, integrity, and disruption of service. The success of an attack against the organization discloses the sensitive data that leads to losing of confidentiality. The sensitive business plans are available to third parties and the sensitive, confidential research and development data; is available to the competitors. The loss of data integrity is not a common occurrence, but a successful security breach would be detrimental to the sensitive business data exchanging hands with the attackers. The need to deploy the security baselines helps in reducing the impacts of disruption of service. The attackers may deprive the clients and the organization their interaction freedom, as well as the personnel unable to perform certain tasks. Any of the three threats has a likelihood of disrupting the normal business operations, hence important to adhere to the security baselines (von Solms, 1997).

            A security baseline acts as a source of information for the necessary actions required to ensure that the IT security plan reduces the risk of unauthorized access. Many of the attackers target the IT resources and sensitive data out of which they can acquire all the information they need about the target organization. The requirements create acceptable security standards that every organization can rely on for their security. The security baseline works with the Information Technology units to offer a centralized set of IT practices that report reliable results through controlled mechanisms. The security baseline helps to accomplish the goal of implementing a common set of tools, processes, and procedures that reduce the risk of unauthorized access to the information systems. It also helps to implement a common set of procedures to ensure easy detection of the intrusions and timely taking of the appropriate action. The security baselines also help to accomplish the goal of monitoring and verifying the security metrics to ensure that the units operate at minimally acceptable security baseline (Janczewski & Shi, 2002).


            The need to have security baselines in the organization is a major step towards ensuring that it is safe from intrusion. The baselines are only basic requirements for the IT systems hence organizations can have advanced security measures. The critical functions of a business rely on the ability to have a secure system. Thus, security baselines are critical aspects that every organization should have. The importance of the baselines cannot be undervalued. It acts as a starting point to the operating system, helps to examine the potential risks, and also reduces the risk of unauthorized access. 


Campbell, P., Calvert, B., & Boswell, S. (2003). Security+ guide to network security         fundamentals. Thomson Course Technology.

Cisco (n.d) Network Security Baseline.

Fitzgerald, K. J. (1995). Information security baselines. Information Management & Computer     Security, 3(2), 8-12.

Janczewski, L., & Shi, F. X. (2002). Development of information security baselines for     healthcare information systems in New Zealand. Computers & Security, 21(2), 172-192.

von Solms, R. (1997). Can security baselines replace risk analysis?. In Information Security in     Research and Business (pp. 91-98). Springer US.


Sherry Roberts is the author of this paper. A senior editor at MeldaResearch.Com in customized term papers if you need a similar paper you can place your order for research paper custom.

Like it? Share it!

Winnie Melda

About the Author

Winnie Melda
Joined: December 7th, 2017
Articles Posted: 364

More by this author