Jump to content

Open Information Security Management Maturity Model

Add links
From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by Vaceituno (talk | contribs) at 13:25, 4 February 2020 (Availability). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

The Open Group information security management maturity model (O-ISM3) is an Information Security Management Framework that provides an approach for designing, planning, implementing, and governing information security management systems.[citation needed]

History

The original motivation behind O-ISM3 development was to narrow the gap between theory and practice for information security management systems, and the trigger was the idea of linking security management and maturity models. O-ISM3 strove to keep clear of a number of pitfalls with previous approaches.[1]

The project looked at Capability Maturity Model Integration, ISO 9000, COBIT, ITIL, ISO/IEC 27001:2013, and other standards, and found some potential for improvement in several fields, such as linking security to business needs, using a process based approach, providing some additional details (who, what, why) for implementation, and suggesting specific metrics, while preserving compatibility with current IT and security management standards.[citation needed]

Availability

The Open Group provides "O-ISM3 v.20". {{cite web}}: Cite has empty unknown parameter: |1= (help) free of charge to organisations for their own internal noncommercial purposes.

See also

References

  1. ^ Siponen, Mikko (2002-08-24). Designing Secure Information Systems and Software: Critical evaluation of the existing approaches and a new paradigm. OULU 2002, 24 August 2002. Retrieved from http://jultika.oulu.fi/files/isbn9514267907.pdf.

Bibliography

Retrieved from "https://en.wikipedia.org/w/index.php?title=Open_Information_Security_Management_Maturity_Model&oldid=939117949"