Security
Ensure the security and integrity of the IT infrastructure via firewall management, intrusion detection, vulnerability scanning and detection, anti-viral services, staff vetting, audit reporting, and so on.
Improvement Planning
Practices-Outcomes-Metrics (POM)
Representative POMs are described for Security at each level of maturity.
- 2Basic
- Practices
- Develop basic security policies and controls based on reviews of the relevant internal and external standards.
- Conduct reviews after any major incidents.
- Outcome
- Basic policies provide a framework to control and protect the IT infrastructure.
- Metrics
- # of IT infrastructure security policies.
- # of systems with access controls.
- 3Intermediate
- Practice
- Develop security policies, standards, and controls for all of the IT infrastructure based on agreed roles and classifications.
- Outcome
- There are clear and consistent policies, standards, and controls which relate to roles, and these can be efficiently applied, communicated, and tested.
- Metric
- # of policies, standards, and controls mapped to roles and classifications.
- 4Advanced
- Practices
- Regularly review IT infrastructure security policies, standards, and controls across the organization to ensure alignment and compliance.
- Incorporate learnings from any IT infrastructure security breaches and discrepancies.
- Outcome
- There is confidence that the IT infrastructure security policies, standards, and controls are regularly improved, that they are relevant, and that they are compliant.
- Metric
- # of non compliant IT infrastructure security issues.
- 5Optimized
- Practice
- Research and review the security management of the IT infrastructure to ensure optimization and the incorporation of industry best practices from across the business ecosystem.
- Outcome
- A consistent framework is used across the organization for the continuous improvement, optimization, and protection of the IT infrastructure.
- Metric
- # of IT infrastructure security improvements implemented.