IT Device Security
Define, implement, and monitor measures to protect all IT devices such as networks, servers, client computing devices, storage devices, printers, and smart phones.
Improvement Planning
Practices-Outcomes-Metrics (POM)
Representative POMs are described for IT Device Security at each level of maturity.
- 2Basic
- Practice
- Establish IT device security guidelines, and implement basic security measures (e.g. firewalls, anti-virus, malware protection).
- Outcome
- Key devices have foundational security measures in place.
- Metric
- % of devices with security measures implemented.
- 3Intermediate
- Practice
- Define and document IT device security measures inclusive of firmware and software patch management, and consistently implement and monitor these measures for most devices.
- Outcome
- Most devices are effectively secured, and any incidents can be quickly detected and acted upon.
- Metrics
- % of devices with security measures implemented.
- # of incidents detected by security measures.
- # of incidents missed by detection systems (user/employee reported).
- 4Advanced
- Practice
- Systematically implement and monitor IT device security measures for all devices and enable usage of advanced security settings.
- Outcome
- All devices have appropriate security measures applied.
- Metrics
- % of devices with security measures implemented.
- # of incidents detected by security measures.
- # of incidents missed by detection systems (user/employee reported).
- 5Optimized
- Practice
- Continually update IT device security measures based on emerging research concepts and the latest recommendations from security agencies and vendors.
- Outcome
- Erosion of security features over time is prevented.
- Metrics
- Frequency of review cycle.
- % of devices overdue reviews.
- % of devices with delayed patch installations.
- % of devices with out-of-date anti-virus or anti-spyware signatures.
- % of devices with outstanding firmware updates.