The healthy and secure computing program is easy enough to use that you can successfully engage in the program on your own using the resources available here:
http://www.compumentor.org/HSC
If your organization has complicated IT infrastructures or limited IT know-how on staff, you may want to use the HSC materials in the context of a workshop or a one-to-one engagement with an IT consultant.
Your first step should be to choose staff to attend a workshop or review the workbook in full. Examine the organizational benefits of HSC, review the process to reach HSC goals, assess the costs associated with HSC, and evaluate whether the technology guidelines will be appropriate or not, based on the planning considerations outlined in Step 1 below. At this point you should have enough information to make an informed decision on whether to commit the needed resources to HSC.
The HSC process is roughly divided into two parts: getting there, and staying there. Getting there focuses on gathering the right information, making the right decisions, deciding how to improve your technology infrastructure. Staying there focuses on maintaining a solid technology infrastructure with the most efficient use of ongoing investment.
Begin getting there by conducting an IT inventory. This inventory covers the basics of computer hardware and software, network hardware and configuration, servers and shared systems, Internet connections and resources, technology management and maintenance capability, and IT strategy and planning resources. Use the inventory to develop a gap analysis. Develop an implementation plan using the gap analysis, general security recommendations, and our prioritization guidelines.
The HSC guidelines define implementation and configuration processes for your technology. Begin by repairing or replacing existing IT systems that the inventory found to be in crisis. After your existing IT infrastructure is stable, you can begin to work through the HSC guidelines.
HSC recommends maintenance and support procedures as the basis of staying there. These are necessary to maintain a healthy and secure computing environment. The goal of the implementation and configuration guidelines is to minimize the resources and effort needed to maintain your IT systems.
The HSC guidelines themselves are a community resource, reflecting the practical needs and technical knowledge of organizations like yours. Organizations that adopt the HSC guidelines are encouraged to participate in the HSC community, which will guide the evolution of HSC guidelines.