<p>Copyright TM Forum 2005<br/></p><p><br/></p><p><b>Extended Description</b><br/></p><p><br/></p><p>Security Management processes assess threats to the enterprise and provide capabilities and controls to minimize the threats identified. These processes are responsible for setting Security Management corporate policies, guidelines, best practices and auditing for compliance by the enterprise. Security Management addresses internal and external sources of security violations.<br/></p><p><br/></p><p>Security management deals with enterprise exposure to loss of value or reputation through threats or security violations.<br/></p><p><br/></p><p>Proactive Security Management processes identify areas of threat to the enterprise (covering both internal and external sources of threat), and monitor industry trends and best practice approaches to ensure that the enterprise remains at the forefront of security management threat minimization. Areas of threat can be physical (e.g. break-ins or terrorist incident, inappropriate use of network) or logical (e.g. inappropriate access to and use of information technology). The processes support the categorization and prioritization of areas of threat. These processes define the policies, guidelines, practices and procedures to be followed and provide assistance to the enterprise operational areas to deploy appropriate physical infrastructure, procedures and monitoring capabilities.<br/></p><p><br/></p><p>Reactive Security management processes deal with the establishment of tools and data collection capabilities to capture details of operation activity, analysis of monitored activity to detect potential threats/security violations, and forensic investigations to determine whether the potential threat is imminent or a security violation has occurred, and the potential or actual perpetrators.<br/></p><p><br/></p><p>Security Management processes interface to external security, police and/or investigative organizations.<br/></p><p><br/></p><p>These processes strongly interact with Fraud Management and have common elements and information services and communications specific elements.<br/></p><p><br/></p><p>Security Management processes are implemented at many levels of the enterprise and at the user, system/network, etc. levels.<br/></p><p><br/></p><p>Note that the actual security monitoring, control and management procedures and facilities are embedded in the operational infrastructure and processes defined and deployed within the SIP and Operations process areas.<br/></p><p><br/></p><p>Note that Audit Management processes provide assurance that the necessary control structures are in place, and provide an estimate to the extent to which the procedures are followed and are effective.<br/></p>