A Risk Profile is a way to categorize the security level. Some Security guidelines are “1” or some are “2” & “3” because these are things you should be doing as per the organization requirement
Example: Setting users is something you do for all Risk Profiles. We should look at Risk Profile “3” is that it’s based on common sense/industry standard practice IT Operations.
Here is the detailed categorization for the each or the Risk profile.
Risk Profile 1: These security guidelines that can only be applicable in the highest security environments. E.g. Top-secret government or military, extremely sensitive data, etc.
Risk Profile 2: These security guidelines that can be implemented for more sensitive environments, E.g. HIPAA, PCI , PHI, Financial Organization Handling more sensitive data, Having compliance rules, etc.
Risk Profile 3: These security guidelines that should be implemented in all environments. E.g. Standard Datacenters, COLO’s, Company LAB Environments etc.
As this is the Risk profiles and the environments they are suited for, There should be some extra security peoples may be using to protect there environment they they are okay to do so. This is not a hard and fast until if the security is going on the +Size.
As i am continuing on the same series i will try to explain all the Security guidelines which should be used to protect the environment with examples in my next blogs.
Happy Reading …. !!