IBM Apptio

 View Only

 Taxonomy - Security costs

Jump to  Best Answer
  • CostingStandard(CT-Foundation)
Apptio Community Member's profile image
Apptio Community Member posted Thu December 01, 2022 08:00 AM
Need guidance on whether security tool costs for database services be included
in the Platform Tower, Database Sub Tower  
OR
should Security Compliance Tower?
Thanks.
#CostingStandard(CT-Foundation)
Ed Hayman's profile image
Ed Hayman posted Fri December 02, 2022 05:39 PM  Best Answer
Rene is correct.  From the definition:

Security Sub-Tower:  Resources for setting policy, establishing process and means, measuring compliance and responding to security breaches and providing real-time operational security such as vulnerability scanning, managing firewalls, intrusion prevention systems, and security information and event management (SIEM). Optional Level 3 categories include: Cyber Security.

The operational tools to manage infrastructure or implementation actions defined by security policies (e.g. mitigating security breaches by applying patches) are not included in the Security sub-tower and are part of the respective towers where the actions take place (e.g. Compute, Storage, Network).
#CostingStandard(CT-Foundation)
Rene Norskov's profile image
Rene Norskov posted Fri December 02, 2022 11:26 AM

@Dawn Kassube Placement of costs into towers can be challenging and I suspect there will be different views on the best approach here.

My understanding is that the tooling costs should be placed in the Database sub-tower.

I refer to the TBM Taxonomy 4.0 paper available on the TBM Council webpages, which states:
NOTE: The implementation actions defined by security policies (e.g. mitigating security breaches by applying patches) are not included in the Security sub-tower and are part of the respective towers where the actions take place (e.g. Compute, Storage, Network).


#CostingStandard(CT-Foundation)

Related Content