This objective, and the other similar ‘include‘ objectives, simply state what has to be in your Product Security Levels for the Product Delivery Organisation. You may want to include more, but you cannot be missing any of these and still run a secure Product Delivery Organisation.
- Group or Individual
- Technology Community Of Practice
- Artefact
- Product Security Levels
- Concepts
- Product Component Management
- Document
- Objectives For Product Component Management
- Risk Type
- Viability
- Event
- The Likelihood of a Security Incident is increased
- Caused By
- Product Teams operating Product Components with known vulnerabilities
- Leading To
- Loss of customers, financial fraud losses, increased TCO, substantial fines/sanctions from an external regulatory body
-
O-EM-B-2-1
Operations > Environment Management > Patching and Updating
- Do you follow an established process for updating components of your technology stacks?