Jump to content

Open Information Security Management Maturity Model

Add links
From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by Dan Koehl (talk | contribs) at 01:42, 18 February 2017 (top: clean up, added underlinked tag, typo(s) fixed: a Information → an Information using AWB). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

The Open Group Architecture Framework (O-ISM3) is an Information Security Management Framework that provides an approach for designing, planning, implementing, and governing information security management systems.

The original motivation behind O-ISM3 development was to narrow the gap between theory and practice for information security management systems, and the trigger was the idea of linking security management and maturity models. O-ISM3 strove to keep clear of the pitfalls pointed out in the article “Designing Secure Information Systems and software: Critical Evaluation of the Existing Approaches and a New Paradigm,” by Mikko Siponen. The project looked at CMMI, ISO9001, COBIT, ITIL, ISO27001, and other standards, and found some potential for improvement in several fields, such as linking security to business needs, using a process based approach, providing some additional details (who, what, why) for implementation and suggesting specific metrics, while preserving compatibility with current IT and security management standards.

The Open Group provides O-ISM3 free of charge to organizations for their own internal noncommercial purposes.

Wikimedia Commons has media related to O-ISM3.
Retrieved from "https://en.wikipedia.org/w/index.php?title=Open_Information_Security_Management_Maturity_Model&oldid=766069798"