Category: (3) eTOM Process Type
Process Identifier: 1.7.2.2.8
Original Process Identifier: 1.3.2.2.8
Maturity Level: 4
The specification of baseline security controls and operational policies to be deployed to the Enterprise. In this process, the organization makes decisions (funding, staffing, R&D, testing, monitoring, etc. about what assets (tangible and intangible) to protect, using what particular means, and at what target assurance levels. These decisions must be informed not only be technical options, but also by perceived asset value and threat probability. These is typically done by conducting Vulnerability Management, Threat Assessment, and Risk Mitigation processes. Within the Prevention process the organization selects, designs and specifies a baseline set of security controls, including operational policies, to be applied to its managed resources and services to include Secure Configuration policies and procedures.
Not used for this process element.
Reserved for future use.
Reserved for future use.
Reserved for future use.
Reserved for future use.
Reserved for future use.
Reserved for future use.
Reserved for future use.
This was created from the Frameworx 16.0 Model