We will talk about the Baseline Reporting, and Assessment Techniques. The security administrator has to gather the baseline for the Operating System, applications and others that will help to monitor the security network. To maintain security we need to see whether there is any deviation in the baseline.
We also have the Code Review where we follow the principle of separation of duties. The programmers should not be the same person to review the code in order to ensure that there is no malicious activity.
Under Determining the Attack Surface we know all sorts of possible entry and exit the malicious content. We can check it immediately to mitigate the risks.
We should also Review the Architecture, that is, we review the entire network to check which devices are where, are they working and doing exactly what they are meant to do.
The Network Design is also essential as it defines where we place objects and controls in the network. A robust design will ensure defense in depth with multiple layer of security.