6.2 Task Statements: Design
6.2.4 Develop security administration change management procedures to ensure that security policies and controls remain effective following a change.
6.2.5 Recommend appropriate forensics-sensitive policies for inclusion in the enterprise security plan.
6.2.6 Define IT security performance measures.
6.2.7 Develop a continuous monitoring process.
6.2.8 Develop role-based access, based on the concept of least privilege.