The fifth aspect, Process, addresses to primary categories:
- The processes to define, install, configure, test & verify IT components and the security configurations and controls.
- The process is to iterate and update the framework across all the elements.
All things in IT and Cyber Security have changed continuously. Modifications are made to systems and sometimes patches, or modifications are not properly implemented – sometimes things get missed. Staff members come and go, and people enter and leave security groups.
A Process must be defined that calls for a periodic Assessment, Feedback, and Improvement, which is critical to maintaining a successful Secured-IT environment.
The results of assessing are fed back for continuous improvement. This is the mark of mature and effective organization.