IT Component Security
Implement measures to protect all IT components, both physical and virtual, such as client computing devices, servers, networks, storage devices, printers, and smart phones.
Improvement Planning
Practices-Outcomes-Metrics (POM)
Representative POMs are described for IT Component Security at each level of maturity.
- 1Initial
- Practice
- Use user ID and passwords for sensitive business applications e.g. payroll.
- Outcome
- Only authorized users have access to sensitive applications.
- Metric
- % Ratio of unsecured components to secured
- 2Basic
- Practice
- Set defaults to secure or block and open only as needed to enable the business.
- Outcome
- Access is restricted to authorized components and access paths through the IT infrastructure.
- Metric
- % Components with default set to closed # Staff needed to maintain the component security
- 3Intermediate
- Practice
- Define and implement security features with monitoring for major systems and devices across IT and some business units.
- Outcome
- Major systems are secured and any incidents will be quickly detected, identified and acted upon.
- Metric
- % Major systems and devices actively managed and monitored # Incidents detected by security measures # Incidents missed by detection systems (user/employee reported)
- 4Advanced
- Practice
- Determine and apply appropriate security features for all devices organization-wide. Test the measures for compliance with policies and standards.
- Outcome
- All devices have appropriate security measures applied.
- Metric
- % Devices compliant with security policy. % Sites compliant with security policy % Out-of-support devices # Out-of-support devices
- 5Optimized
- Practice
- Keep security features current using the latest patches, virus and spyware signatures, as well as firmware and operating system fixes.
- Outcome
- Erosion of security features over time is prevented.
- Metric
- % Devices overdue reviews % Devices with delayed patch installations % Devices with out-of-date anti-virus or anti-spyware signatures % Devices with outstanding firmware updates