IVI Framework Viewer

Security Architecture

B1

Build security criteria into the design of IT solutions – for example, by defining coding protocols, depth of defence, configuration of security features, and so on.

Improvement Planning

Practices-Outcomes-Metrics (POM)

Representative POMs are described for Security Architecture at each level of maturity.

1Initial
  • Practice
    Set minimal security concepts like firewalls and anti-virus in the architecture.
    Outcome
    Significant volumes of unwanted external traffic are blocked at the firewall.
    Metric
    # Staff for firewall maintenance. # Open/close requests by port
2Basic
  • Practice
    Provide basic architectural security descriptions.
    Outcome
    Security layers and depth of defence, while considered, may not always be implemented or provisioned in delivered solutions. However, policies and procedures can be partially aligned with security recommendations.
    Metric
    % Policies reviewed for security compliance % Relevant IT processes reviewed for security alignment
3Intermediate
  • Practice
    Develop and document a shared vision for security layers and most security architecture features across IT and some business units.
    Outcome
    Concepts such as depth of defence are enabled. Security efforts are aligned and consistent.
    Metric
    % Components mapped to security layers % Components reviewed for security compliance
4Advanced
  • Practice
    Develop, document and implement organization-wide security architecture layers across the organization.
    Outcome
    Security measures are deployed consistently and the risk from weak links is reduced.
    Metric
    % Devices compliant with security policy. % Sites compliant with security policy
5Optimized
  • Practice
    Apply the multi-layered security architecture framework across the business ecosystem.
    Outcome
    Security is extended beyond the organization. Supplier and customer touch points are reviewed and restricted as appropriate. Externally visible security measures boost consumer and business partnership confidence.
    Metric
    % Suppliers reviewed for security % Customers reporting security matters % External facing interfaces reviewed for security features