Frameworx Process: Define Security Management Prevention

Category: (3) eTOM Process Type

Process Identifier: 1.7.2.2.8

Original Process Identifier: 1.3.2.2.8

Maturity Level: 4

Description

The specification of baseline security controls and operational policies to be deployed to the Enterprise.  In this process, the organization makes decisions (funding, staffing, R&D, testing, monitoring, etc. about what assets (tangible and intangible) to protect, using what particular means, and at what target assurance levels. These decisions must be informed not only be technical options, but also by perceived asset value and threat probability. These is typically done by conducting Vulnerability Management, Threat Assessment, and Risk Mitigation processes. Within the Prevention process the organization selects, designs and specifies a baseline set of security controls, including operational policies, to be applied to its managed resources and services to include Secure Configuration policies and procedures.

Extended Description

Not used for this process element.

Explanatory

Reserved for future use.

Mandatory

Reserved for future use.

Optional

Reserved for future use.

Interactions

Candidate Explanatory

Reserved for future use.

Candidate Mandatory

Reserved for future use.

Candidate Optional

Reserved for future use.

Candidate Interactions

Reserved for future use.

(3) eTOM Process Type Define Security Management Prevention

Appears on these diagrams:

• 1.7.2.2 Security Management

Issues

• Business Process Framework 12.0 Addition
• Business Process Framework 15.0 Modification
• Business Process Framework 15.5 Modification

---