Open Information Security Maturity Model

The Open Group information security management maturity model' (O-ISM3) is an Information Security Management Framework that provides an approach for designing, planning, implementing, and governing information security management systems.

History

The original motivation behind O-ISM3 development was to narrow the gap between theory and practice for information security management systems, and the trigger was the idea of linking security management and maturity models. O-ISM3 strove to keep clear of a number of pitfalls with previous approaches.^[1]

The project looked at Capability Maturity Model Integration, ISO 9000, COBIT, ITIL, ISO/IEC 27001:2013, and other standards, and found some potential for improvement in several fields, such as linking security to business needs, using a process based approach, providing some additional details (who, what, why) for implementation, and suggesting specific metrics, while preserving compatibility with current IT and security management standards.

Availability

The Open Group provides O-ISM3 free of charge to organisations for their own internal noncommercial purposes.

References

↑ Siponen, Mikko (2002-08-24). Designing Secure Information Systems and Software: Critical evaluation of the existing approaches and a new paradigm. OULU 2002, 24 August 2002. Retrieved from http://jultika.oulu.fi/files/isbn9514267907.pdf.

External links

This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.

[mikko-1] Siponen, Mikko (2002-08-24). Designing Secure Information Systems and Software: Critical evaluation of the existing approaches and a new paradigm. OULU 2002, 24 August 2002. Retrieved from http://jultika.oulu.fi/files/isbn9514267907.pdf.