According to its definition, baseline is something you can measure all the time and compare it to identify the difference between the current state and the starting point. In general, the business and technical requirements reflect the core of a baseline policy. It can also be a combination of your business requirements and industry-best practices. As a security administrator, your job is to translate these polices into a technical policy that you can apply in your IT environment.

Different companies and industries follow different standards and policies to secure their IT infrastructure. The following are some of the popular standards that are widely used in the industry: