IVI Framework Viewer

Security

B10

Ensure the security and integrity of the IT infrastructure via firewall management, intrusion detection, vulnerability scanning and detection, anti-viral services, staff vetting, audit reporting, and so on.

Improvement Planning

Practices-Outcomes-Metrics (POM)

Representative POMs are described for Security at each level of maturity.

2Basic
  • Practices
    • Develop basic security policies and controls based on reviews of the relevant internal and external standards.
    • Conduct reviews after any major incidents.
    Outcome
    Basic policies provide a framework to control and protect the IT infrastructure.
    Metrics
    • # of IT infrastructure security policies.
    • # of systems with access controls.
3Intermediate
  • Practice
    Develop security policies, standards, and controls for all of the IT infrastructure based on agreed roles and classifications.
    Outcome
    There are clear and consistent policies, standards, and controls which relate to roles, and these can be efficiently applied, communicated, and tested.
    Metric
    # of policies, standards, and controls mapped to roles and classifications.
4Advanced
  • Practices
    • Regularly review IT infrastructure security policies, standards, and controls across the organization to ensure alignment and compliance.
    • Incorporate learnings from any IT infrastructure security breaches and discrepancies.
    Outcome
    There is confidence that the IT infrastructure security policies, standards, and controls are regularly improved, that they are relevant, and that they are compliant.
    Metric
    # of non compliant IT infrastructure security issues.
5Optimized
  • Practice
    Research and review the security management of the IT infrastructure to ensure optimization and the incorporation of industry best practices from across the business ecosystem.
    Outcome
    A consistent framework is used across the organization for the continuous improvement, optimization, and protection of the IT infrastructure.
    Metric
    # of IT infrastructure security improvements implemented.