Open Information Security Maturity Model
   HOME

TheInfoList



OR:

The
Open Group The Open Group is a global consortium that seeks to "enable the achievement of business objectives" by developing "open, vendor-neutral technology standards and certifications." It has over 840 member organizations and provides a number of servi ...
Information Security Management Maturity Model (O-ISM3) is a
maturity model Maturity is a measurement of the ability of an organization for continuous improvement in a particular discipline (as defined in O-ISM3 ). The higher the maturity, the higher will be the chances that incidents or errors will lead to improvements ei ...
for managing information security. It aims to ensure that security processes in any organization are implemented so as to operate at a level consistent with that organization’s business requirements. O-ISM3 defines a comprehensive but manageable number of information security processes sufficient for the needs of most organizations, with the relevant security control(s) being identified within each process as an essential subset of that process. O-ISM3 v2.0 2018 p6


History

The original motivation behind O-ISM3 development was to narrow the gap between theory and practice for information security management systems, and the trigger was the idea of linking security management and maturity models. O-ISM3 strove to keep clear of a number of pitfalls with previous approaches.Siponen, Mikko (2002-08-24). Designing Secure Information Systems and Software: Critical evaluation of the existing approaches and a new paradigm. ''OULU 2002'', 24 August 2002. Retrieved from http://jultika.oulu.fi/files/isbn9514267907.pdf. The looked at
Capability Maturity Model Integration Capability Maturity Model Integration (CMMI) is a process level improvement training and appraisal program. Administered by the CMMI Institute, a subsidiary of ISACA, it was developed at Carnegie Mellon University (CMU). It is required by many ...
,
ISO 9000 The ISO 9000 family is a set of five quality management systems (QMS) standards that help organizations ensure they meet customer and other stakeholder needs within statutory and regulatory requirements related to a product or service. ISO 90 ...
,
COBIT COBIT (Control Objectives for Information and Related Technologies) is a framework created by ISACA for information technology (IT) management and IT governance. The framework is business focused and defines a set of generic processes for the m ...
,
ITIL The Information Technology Infrastructure Library (ITIL) is a set of detailed practices for IT activities such as IT service management (ITSM) and IT asset management (ITAM) that focus on aligning IT services with the needs of business. ITIL de ...
, ISO/IEC 27001:2013, and other standards, and found some potential for improvement in several fields, such as linking security to business needs, using a process based approach, providing some additional details (who, what, why) for implementation, and suggesting specific metrics, while preserving compatibility with the most popular IT and security management standards.


Availability

The Open Group provides the standard free of charge.


References

{{Open Group standards Data security Security Information governance Methodology Open Group standards