IVI Framework Viewer

Representative POMs are described for Security Architecture at each level of maturity.

1Initial

• Practice

  Set minimal security concepts like firewalls and anti-virus in the architecture.

  Outcome

  Significant volumes of unwanted external traffic are blocked at the firewall.

  Metric

  # Staff for firewall maintenance. # Open/close requests by port

2Basic

• Practice

  Provide basic architectural security descriptions.

  Outcome

  Security layers and depth of defence, while considered, may not always be implemented or provisioned in delivered solutions. However, policies and procedures can be partially aligned with security recommendations.

  Metric

  % Policies reviewed for security compliance % Relevant IT processes reviewed for security alignment

3Intermediate

• Practice

  Develop and document a shared vision for security layers and most security architecture features across IT and some business units.

  Outcome

  Concepts such as depth of defence are enabled. Security efforts are aligned and consistent.

  Metric

  % Components mapped to security layers % Components reviewed for security compliance

4Advanced

• Practice

  Develop, document and implement organization-wide security architecture layers across the organization.

  Outcome

  Security measures are deployed consistently and the risk from weak links is reduced.

  Metric

  % Devices compliant with security policy. % Sites compliant with security policy

5Optimized

• Practice

  Apply the multi-layered security architecture framework across the business ecosystem.

  Outcome

  Security is extended beyond the organization. Supplier and customer touch points are reviewed and restricted as appropriate. Externally visible security measures boost consumer and business partnership confidence.

  Metric

  % Suppliers reviewed for security % Customers reporting security matters % External facing interfaces reviewed for security features