A security baseline is a set of minimum security requirements for a system or asset type. The CISM Review Manual states that a baseline should be uniform for all assets of the same type to ensure consistency, enforceability, and ease of monitoring. This standardization supports effective compliance and security operations. While other factors can influence baseline adjustments, uniformity for similar asset types is most critical.
[Reference:ISACA CISM Review Manual, 16th Edition, Page 207, "Establishing Security Baselines"., , , ]
Submit