Frameworx Home

Application Framework (TAM)

Business Process Framework (eTOM)

Business Process Framework Flows

Information Framework (SID)

Business Metrics High Level

All Diagrams

Frameworx Processes

Frameworx Applications

Information Framework ABEs

Frameworx Metrics

Views

Frameworx Process: Security Management

Category: (2) eTOM Process Type

Process Identifier: 1.7.2.2

Original Process Identifier: 1.3.2.2

Maturity Level: 4

Description

Security Management processes assess threats to the enterprise and provide capabilities and controls to minimize the threats identified. These processes are responsible for setting Security Management corporate policies, guidelines, best practices and auditing for compliance by the enterprise.  In the information and communications technology (ICT) service provider domain, Security Management is a systematic and continuous series of processes and behaviors which assure the confidentiality, availability, and integrity of the Enterprise’s critical ICT assets.

Extended Description

Security Management processes assess threats to the enterprise and provide capabilities and controls to minimize the threats identified. These processes are responsible for setting Security Management corporate policies, guidelines, best practices and auditing for compliance by the enterprise. In the information and communications technology (ICT) service provider domain, Security Management is a systematic and continuous series of processes and behaviors which assure the confidentiality, availability, and integrity of the Enterprise’s critical ICT assets. For ICT service providers, such assets can also include customer and partner data and resources. Effective Security Management is essential for an ICT service provider to meet its fiduciary and legal obligations, business/mission objectives, and customer expectations. Security Management addresses both internal and external sources of security threats as it provides computer network protection and defensive services. Security Management processes include:1) Prevention; 2) Monitoring ; 3) Analysis; 4) Detection 5) Incident Management. Security management deals with enterprise exposure to loss of value or reputation through threats or security violations. Proactive Security Management processes identify areas of threat to the enterprise (covering both internal and external sources of threat), and monitor industry trends and best practice approaches to ensure that the enterprise remains at the forefront of security management threat minimization. Areas of threat can be physical (e.g. break-ins or terrorist incident, inappropriate use of network) or logical (e.g. inappropriate access to and use of information technology). The processes support the categorization and prioritization of areas of threat. These processes define the policies, guidelines, practices and procedures to be followed and provide assistance to the enterprise operational areas to deploy appropriate physical infrastructure, procedures and monitoring capabilities. Reactive Security management processes deal with the establishment of tools and data collection capabilities to capture details of operation activity, analysis of monitored activity to detect potential threats/security violations, and forensic investigations to determine whether the potential threat is imminent or a security violation has occurred, and the potential or actual perpetrators. Security Management processes interface to external security, police and/or investigative organizations. These processes strongly interact with Fraud Management and have common elements and information services and communications specific elements. Security Management processes are implemented at many levels of the enterprise and at the user, system/network, etc. levels. Note that the actual security monitoring, control and management procedures and facilities are embedded in the operational infrastructure and processes defined and deployed within the SIP and Operations process areas. Note that Audit Management processes provide assurance that the necessary control structures are in place, and provide an estimate to the extent to which the procedures are followed and are effective.

Explanatory

Reserved for future use.

Mandatory

Reserved for future use.

Optional

Reserved for future use.

Interactions

Candidate Explanatory

Reserved for future use.

Candidate Mandatory

Reserved for future use.

Candidate Optional

Reserved for future use.

Candidate Interactions

Reserved for future use.

(2) eTOM Process Type Security Management

Appears on these diagrams:

is a more detailed diagram for the

Issues

  • Business Process Framework 12.0 Modification
  • Business Process Framework 15.0 Modification
  • Business Process Framework 15.5 Modification
  • eHealth View

This was created from the Frameworx 16.0 Model


Created from the TM Forum Model Frameworx 16.0.0 on 6/13/2016 at 22:14