Open Information Security Maturity Model
   HOME
*





Open Information Security Maturity Model
The Open Group Information Security Management Maturity Model (O-ISM3) is a maturity model for managing information security. It aims to ensure that security processes in any organization are implemented so as to operate at a level consistent with that organization’s business requirements. O-ISM3 defines a comprehensive but manageable number of information security processes sufficient for the needs of most organizations, with the relevant security control(s) being identified within each process as an essential subset of that process. O-ISM3 v2.0 2018 p6 History The original motivation behind O-ISM3 development was to narrow the gap between theory and practice for information security management systems, and the trigger was the idea of linking security management and maturity models. O-ISM3 strove to keep clear of a number of pitfalls with previous approaches.Siponen, Mikko (2002-08-24). Designing Secure Information Systems and Software: Critical evaluation of the existing approa ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  


The Open Group
The Open Group is a global consortium that seeks to "enable the achievement of business objectives" by developing "open, vendor-neutral technology standards and certifications." It has over 840 member organizations and provides a number of services, including strategy, management, innovation and research, standards, certification, and test development. It was established in 1996 when X/Open merged with the Open Software Foundation. The Open Group is the certifying body for the UNIX trademark, and publishes the Single UNIX Specification technical standard, which extends the POSIX standards. The Open Group also develops and manages the TOGAF® standard, which is an industry standard enterprise architecture framework. Members The over 840 members include a range of technology vendors and buyers as well as government agencies, including, for example, Capgemini, Fujitsu, HPE, Orbus Software, IBM, Huawei, Philips, the U.S. Department of Defense, and NASA. There is no obligation on ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  


Maturity Model
Maturity is a measurement of the ability of an organization for continuous improvement in a particular discipline (as defined in O-ISM3 ). The higher the maturity, the higher will be the chances that incidents or errors will lead to improvements either in the quality or in the use of the resources of the discipline as implemented by the organization. Most maturity models assess qualitatively people/culture, processes/structures, and objects/technology. Two approaches for implementing maturity models exist. With a top-down approach, such as proposed by Becker et al., a fixed number of maturity stages or levels is specified first and further corroborated with characteristics (typically in form of specific assessment items) that support the initial assumptions about how maturity evolves. When using a bottom-up approach, such as suggested by Lahrmann et al., distinct characteristics or assessment items are determined first and clustered in a second step into maturity levels to induce a ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  


Capability Maturity Model Integration
Capability Maturity Model Integration (CMMI) is a process level improvement training and appraisal program. Administered by the CMMI Institute, a subsidiary of ISACA, it was developed at Carnegie Mellon University (CMU). It is required by many U.S. Government contracts, especially in software development. CMU claims CMMI can be used to guide process improvement across a project, division, or an entire organization. CMMI defines the following maturity levels for processes: Initial, Managed, Defined, Quantitatively Managed, and Optimizing. Version 2.0 was published in 2018 (Version 1.3 was published in 2010, and is the reference model for the rest of the information in this article). CMMI is registered in the U.S. Patent and Trademark Office by CMU. Overview Originally CMMI addresses three areas of interest: #Product and service development – CMMI for Development (CMMI-DEV), #Service establishment, management, – CMMI for Services (CMMI-SVC), and #Product and service acquisi ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  


picture info

ISO 9000
The ISO 9000 family is a set of five quality management systems (QMS) standards that help organizations ensure they meet customer and other stakeholder needs within statutory and regulatory requirements related to a product or service. ISO 9000 deals with the fundamentals of QMS, including the seven quality management principles that underlie the family of standards. ISO 9001 deals with the requirements that organizations wishing to meet the standard must fulfill. ISO 9002 is a model for quality assurance in production and installation. ISO 9003 for quality assurance in final inspection and test. ISO 9004 gives guidance on achieving sustained organizational success. Third-party certification bodies provide independent confirmation that organizations meet the requirements of ISO 9001. Over one million organizations worldwide are independently certified, making ISO 9001 one of the most widely used management tools in the world today. However, the ISO certification process has b ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  




COBIT
COBIT (Control Objectives for Information and Related Technologies) is a framework created by ISACA for information technology (IT) management and IT governance. The framework is business focused and defines a set of generic processes for the management of IT, with each process defined together with process inputs and outputs, key process-activities, process objectives, performance measures and an elementary maturity model. Framework and components Business and IT goals are linked and measured to create responsibilities of business and IT teams. Five processes are identified: Evaluate, Direct and Monitor (EDM); Align, Plan and Organize (APO); Build, Acquire and Implement (BAI); Deliver, Service and Support (DSS); and Monitor, Evaluate and Assess (MEA).COBIT 2019 Framework: Introduction and Methodology from ISACA The COBIT framework ties in with COSO, ITIL, BiSL, ISO 27000, CMMI, TOGAF and PMBOK. The framework helps companies follow law, be more agile and earn more. Below ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  


ITIL
The Information Technology Infrastructure Library (ITIL) is a set of detailed practices for IT activities such as IT service management (ITSM) and IT asset management (ITAM) that focus on aligning IT services with the needs of business. ITIL describes processes, procedures, tasks, and checklists which are neither organization-specific nor technology-specific, but can be applied by an organization toward strategy, delivering value, and maintaining a minimum level of competency. It allows the organization to establish a baseline from which it can plan, implement, and measure. It is used to demonstrate compliance and to measure improvement. There is no formal independent third party compliance assessment available for ITIL compliance in an organization. Certification in ITIL is only available to individuals. Since 2013, ITIL has been owned by AXELOS, a joint venture between Capita and the UK Cabinet Office. History Responding to growing dependence on IT, the UK Government's Ce ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  


picture info

2013
File:2013 Events Collage V2.png, From left, clockwise: Edward Snowden becomes internationally famous for leaking classified NSA wiretapping information; Typhoon Haiyan kills over 6,000 in the Philippines and Southeast Asia; The Dhaka garment factory collapse in Bangladesh kills over 1,000 people; The streak from the Chelyabinsk meteor that rocketed across the Russian morning sky; Protests occur amid the coup d'état that overthrew President Mohamed Morsi of Egypt; Smoke rises as a result of the Westgate shopping mall attack in Nairobi, Kenya, carried out by Al-Shabaab militants; The Boston Marathon bombing marks the first terrorist attack in the United States since 9/11; Pope Francis is elected to the Papacy in the 2013 papal conclave., 300x300px, thumb rect 0 0 200 200 Edward Snowden rect 200 0 400 200 Typhoon Haiyan rect 400 0 600 200 Dhaka garment factory collapse rect 0 200 300 400 2013 papal conclave rect 300 200 600 400 Chelyabinsk meteor rect 0 400 200 600 Boston Marat ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  


Data Security
Data security means protecting digital data, such as those in a database, from destructive forces and from the unwanted actions of unauthorized users, such as a cyberattack or a data breach. Technologies Disk encryption Disk encryption refers to encryption technology that encrypts data on a hard disk drive. Disk encryption typically takes form in either software (see disk encryption software) or hardware (see disk encryption hardware). Disk encryption is often referred to as on-the-fly encryption (OTFE) or transparent encryption. Software versus hardware-based mechanisms for protecting data Software-based security solutions encrypt the data to protect it from theft. However, a malicious program or a hacker could corrupt the data to make it unrecoverable, making the system unusable. Hardware-based security solutions prevent read and write access to data, which provides very strong protection against tampering and unauthorized access. Hardware-based security or assiste ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  


picture info

Security
Security is protection from, or resilience against, potential harm (or other unwanted coercive change) caused by others, by restraining the freedom of others to act. Beneficiaries (technically referents) of security may be of persons and social groups, objects and institutions, ecosystems or any other entity or phenomenon vulnerable to unwanted change. Security mostly refers to protection from hostile forces, but it has a wide range of other senses: for example, as the absence of harm (e.g. freedom from want); as the presence of an essential good (e.g. food security); as resilience against potential damage or harm (e.g. secure foundations); as secrecy (e.g. a secure telephone line); as containment (e.g. a secure room or cell); and as a state of mind (e.g. emotional security). The term is also used to refer to acts and systems whose purpose may be to provide security (security companies, security forces, security guard, cyber security systems, security cameras, remote guard ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  


Information Governance
Information governance, or IG, is the overall strategy for information at an organization. Information governance balances the risk that information presents with the value that information provides. Information governance helps with legal compliance, operational transparency, and reducing expenditures associated with legal discovery. An organization can establish a consistent and logical framework for employees to handle data through their information governance policies and procedures. These policies guide proper behavior regarding how organizations and their employees handle information whether it is physically or electronically created ( ESI). Information governance encompasses more than traditional records management. It incorporates information security and protection, compliance, data quality, data governance, electronic discovery, risk management, privacy, data storage and archiving, knowledge management, business operations and management, audit, analytics, IT manageme ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  


picture info

Methodology
In its most common sense, methodology is the study of research methods. However, the term can also refer to the methods themselves or to the philosophical discussion of associated background assumptions. A method is a structured procedure for bringing about a certain goal. In the context of research, this goal is usually to discover new knowledge or to verify pre-existing knowledge claims. This normally involves various steps, like choosing a sample, collecting data from this sample, and interpreting this data. The study of methods involves a detailed description and analysis of these processes. It includes evaluative aspects by comparing different methods to assess their advantages and disadvantages relative to different research goals and situations. This way, a methodology can help make the research process efficient and reliable by guiding researchers on which method to employ at each step. These descriptions and evaluations of methods often depend on philosophical background ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]