I am currently a student at the University of Advancing Technology and I am learning about security implementation frameworks this week. I was looking into a framework named Security Knowledge in Practice (SKiP) and I noticed some things about the framework and I wonder if anyone who has implemented it would agree.
1. Very high level, and could probably work for anyone.
2. Covers the main steps of securing a network quite well.
3. The "Improve the System" Step insures that the security of a network will change with the threats over time.
1. Very high level, most of the advice is useless to someone who doesn't already know how to secure a network.
2. If a new system admin attempted to follow the "Respond" step, more bad than good would probably happen.
3. The "Prepare" step is quite superfluous as it is the first step in hardening any network anyway.
Overall it is a solid framework, but if I was a new network administrator looking for guidance on how to secure a network I don't think I would use it. Honestly, it is just to high level and security is too fine grain. If anyone has had success converting this framework into a implementable framework, how did you accomplish this?