Identify the Confidentiality, Integrity, and Availability needs
3
Classify data and assign appropriate level of sensitivity
4
Select appropriate security policies and controls
5
Configure user permissions according to the principle of least privilege
6
Configure audit settings to track user activities
7
Enable encryption for data at rest and data in transit
8
Implement secure backup and recovery strategy
9
Configure and test the security settings
10
Perform vulnerability assessments and penetration testing
11
Approval: Security Testing Results
12
Implement data loss prevention measures
13
Determine version control and update policies
14
Compliance check with industry regulations and standards
15
Approval: Compliance Check
16
Set up alerts for suspicious activities
17
Develop an incident response plan
18
Approval: Incident Response Plan
19
Document the security configuration and setup
20
Train users on security awareness and practices
Identify the SharePoint sites to be secured
In this task, you will identify the SharePoint sites that need to be secured. The security of these sites is crucial to protect sensitive data and maintain confidentiality. Think about the different departments or teams that use SharePoint and consider if any specific sites require extra security measures. The outcome of this task will be a list of SharePoint sites that need to be secured.
Identify the Confidentiality, Integrity, and Availability needs
This task will help you determine the Confidentiality, Integrity, and Availability (CIA) needs of the SharePoint sites. Consider the nature of the data stored in the sites and the level of protection it requires. Confidentiality ensures that only authorized individuals can access the data, Integrity ensures the accuracy and consistency of the data, and Availability ensures timely access to the data. The outcome of this task will be an understanding of the CIA needs for each SharePoint site.
1
Low
2
Medium
3
High
1
Low
2
Medium
3
High
1
Low
2
Medium
3
High
Classify data and assign appropriate level of sensitivity
In this task, you will classify the data stored in the SharePoint sites and assign an appropriate level of sensitivity to each category. Consider the type of data (e.g., personal information, financial data) and its potential impact if accessed by unauthorized individuals. The outcome of this task will be a classification of data categories and their corresponding sensitivity levels.
1
Low
2
Medium
3
High
Select appropriate security policies and controls
This task involves selecting the appropriate security policies and controls to implement for the SharePoint sites. Think about the CIA needs and the sensitivity levels of the data categories identified in previous tasks. Consider policies and controls such as access controls, encryption, authentication mechanisms, and monitoring systems. The outcome of this task will be a list of selected security policies and controls.
1
Access controls
2
Encryption
3
Authentication mechanisms
4
Monitoring systems
5
Intrusion detection systems
Configure user permissions according to the principle of least privilege
In this task, you will configure user permissions for the SharePoint sites according to the principle of least privilege. This principle ensures that users have the minimum permissions required to perform their tasks. Consider the roles and responsibilities of different users and assign permissions accordingly. The outcome of this task will be a configuration of user permissions based on the principle of least privilege.
1
Read
2
Write
3
Modify
4
Admin
Configure audit settings to track user activities
This task involves configuring audit settings to track user activities in the SharePoint sites. Audit logs help monitor and detect any unauthorized access or suspicious activities. Consider what activities should be logged (e.g., file downloads, document edits) and how long the logs should be retained. The outcome of this task will be a configuration of audit settings for user activity tracking.
1
File downloads
2
Document edits
3
Login attempts
4
User account changes
1
30 days
2
90 days
3
1 year
4
Forever
Enable encryption for data at rest and data in transit
In this task, you will enable encryption for data at rest and data in transit in the SharePoint sites. Encryption helps protect the data from unauthorized access during storage and transmission. Consider using encryption protocols such as SSL/TLS for data in transit and encryption algorithms for data at rest. The outcome of this task will be the encryption setup for data at rest and data in transit.
1
AES-256
2
RSA-2048
3
Triple DES
1
SSL/TLS 1.2
2
SSL/TLS 1.3
3
IPsec
Implement secure backup and recovery strategy
This task involves implementing a secure backup and recovery strategy for the SharePoint sites. Backups help protect against data loss in case of hardware failures, natural disasters, or other incidents. Consider backup frequency, storage location, and the recovery process. The outcome of this task will be a secure backup and recovery strategy for the SharePoint sites.
1
Daily
2
Weekly
3
Monthly
Configure and test the security settings
In this task, you will configure and test the security settings you have implemented for the SharePoint sites. This includes verifying user permissions, encryption setup, audit settings, and backup and recovery processes. Consider conducting tests to ensure that the security measures are functioning as expected. The outcome of this task will be the configuration and successful testing of the security settings.
1
User permissions
2
Encryption setup
3
Audit settings
4
Backup and recovery processes
1
Pass
2
Fail
Perform vulnerability assessments and penetration testing
This task involves performing vulnerability assessments and penetration testing on the SharePoint sites. Vulnerability assessments help identify weaknesses in the system, while penetration testing simulates real-world attacks to test the effectiveness of the security measures. Consider using security tools and following best practices for vulnerability assessments and penetration testing. The outcome of this task will be a report on identified vulnerabilities and the results of the penetration testing.
Approval: Security Testing Results
Will be submitted for approval:
Perform vulnerability assessments and penetration testing
Will be submitted
Implement data loss prevention measures
In this task, you will implement data loss prevention measures for the SharePoint sites. Data loss prevention helps prevent the unauthorized disclosure of sensitive information. Consider using techniques such as content filtering, data classification, and policy enforcement. The outcome of this task will be the implementation of data loss prevention measures for the SharePoint sites.
1
Content filtering
2
Data classification
3
Policy enforcement
Determine version control and update policies
This task involves determining version control and update policies for the SharePoint sites. Version control helps manage changes to documents and ensure that the latest version is always available. Update policies help ensure that the SharePoint sites and related software are up to date with the latest security patches. The outcome of this task will be the version control and update policies for the SharePoint sites.
1
Major versioning
2
Minor versioning
3
No versioning
1
Automatic updates
2
Manual updates
3
Scheduled updates
Compliance check with industry regulations and standards
In this task, you will conduct a compliance check to ensure that the SharePoint sites adhere to relevant industry regulations and standards. Consider regulations such as GDPR, HIPAA, or ISO 27001, depending on the nature of the data stored in the sites. The outcome of this task will be a compliance check report indicating any areas of non-compliance and recommended actions.
Approval: Compliance Check
Will be submitted for approval:
Configure and test the security settings
Will be submitted
Set up alerts for suspicious activities
This task involves setting up alerts for suspicious activities in the SharePoint sites. Alerts help notify administrators of any potential security breaches or unauthorized access. Consider setting up alerts for activities such as failed login attempts, large file downloads, or unusual file access patterns. The outcome of this task will be the setup of alerts for suspicious activities.
1
Failed login attempts
2
Large file downloads
3
Unusual file access patterns
Develop an incident response plan
In this task, you will develop an incident response plan for the SharePoint sites. An incident response plan outlines the steps to be taken in the event of a security incident or breach. Consider including procedures for investigation, containment, mitigation, and communication. The outcome of this task will be an incident response plan for the SharePoint sites.
Approval: Incident Response Plan
Will be submitted for approval:
Develop an incident response plan
Will be submitted
Document the security configuration and setup
This task involves documenting the security configuration and setup of the SharePoint sites. Documentation helps maintain an overview of the implemented security measures and serves as a reference for future audits or updates. Consider documenting user permissions, encryption settings, backup and recovery processes, and other relevant security configurations. The outcome of this task will be a documented security configuration and setup.
Train users on security awareness and practices
In this task, you will train users on security awareness and practices for the SharePoint sites. User training is essential to ensure that everyone understands their roles and responsibilities in maintaining security. Consider covering topics such as strong password practices, phishing awareness, and data handling guidelines. The outcome of this task will be trained users with improved security awareness and practices.
