IVI Framework Viewer

Security Architecture

B1

Build security criteria into the design of IT solutions and services — for example, by defining coding protocols, depth of defence, and configuration of security features.

Improvement Planning

Practices-Outcomes-Metrics (POM)

Representative POMs are described for Security Architecture at each level of maturity.

2Basic
  • Practice
    Provide basic security architectural descriptions (e.g. reflecting consideration of depth of defence and localized configuration management), and ensure new solutions and services conform to this architecture.
    Outcome
    Policies and procedures can be partially aligned with security architecture recommendations.
    Metrics
    • % of policies reviewed for compliance with security architecture recommendations.
    • % of relevant IT processes reviewed for security architecture alignment.
    • % of new IT solutions and services that conform to the architecture.
    • % of legacy solutions and services that conform to the architecture.
3Intermediate
  • Practice
    Define a security architecture that reflects specific standard features (e.g. perimeter defences, network, servers, end devices, and BYOD device information security criteria), and use it in procurement, solutions specifications, and any development, integrations, or interoperations work.
    Outcome
    The security architecture provides a holistic security view and most solutions and services conform to this architecture.
    Metrics
    • % of new IT solutions and services that conform to the architecture.
    • % of legacy solutions and services that conform to the architecture.
4Advanced
  • Practice
    Evolve the security architecture so that it is in line with changes in the enterprise architecture, and use it across the entire solutions and services catalogue.
    Outcomes
    • Security efforts are deployed consistently, with all solutions and services conforming to the security architecture.
    • The risk from weak links is reduced.
    Metrics
    • % of new IT solutions and services that conform to the architecture.
    • % of legacy solutions and services that conform to the architecture.
5Optimized
  • Practice
    Continually update the security architecture based on emerging research concepts and recommendations from security agencies and vendors, and use it for all existing and new activities.
    Outcome
    The security architecture is always kept effective and relevant.
    Metrics
    • Frequency of review cycle.
    • % of new IT solutions and services that conform to the architecture.
    • % of legacy solutions and services that conform to the architecture.