Level 1 of the Capability Maturity Model is where an organization must lay the foundation for the success of the cyber intelligence program. The processes and procedures that are developed at this level will set the tone of how the rest of the capability is built to support this initiative. This level largely concentrates on ensuring that basic information can flow between IT operations and IT security.

Use the following as examples for information requests:

• Inventory of authorized and unauthorized devices and software:
  • Do we have an inventory of authorized devices and software?
    
    • Where is it located?
    • Who administers this list?
  • Do we have an inventory of unauthorized devices and software?
    • Do we have a policy that addresses this?
    • What are the procedures to control this situation?
• Secure configuration management for hardware and software:
  • Do we have hardware and software hardening standards?
  • Are they communicated to our vendors who support us?
  • How do we ensure compliance to our standards?
• Vulnerability assessment and remediation:
  • Do we have the capability to perform vulnerability scans on our network?
  • Who is responsible for remediation?
  • Do we have timelines to remediate specific vulnerabilities?
• Administrative privilege control:
  • Who has administrative privileges?
  • Who doesn't need administrative privileges?
  • What do they have access to?

We will go through some maturity models for different points throughout the book in more detail. To help us understand how to establish and maintain each level of capability, we will introduce the concept of operational security.