Open Information Security Management Maturity Model: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 17:43, 2 September 2017 edit Lineslarge (talk \| contribs) Extended confirmed users, Pending changes reviewers, Rollbackers 3,169 edits Added tags to the page using Page Curation (more footnotes) ← Previous edit		Latest revision as of 05:01, 11 March 2024 edit undo VulcanSphere (talk \| contribs) Extended confirmed users 22,163 edits m Importing Wikidata short description: "Framework for managing information security" Tag: Shortdesc helper
(33 intermediate revisions by 13 users not shown)
Line 1: {{Short description\|Framework for managing information security}} ~~{{more footnotes\|date=September 2017}}~~ The '''[[The Open Group\|Open Group]] Information Security Management Maturity Model''' ('''O-ISM3''') is a [[maturity model]] for managing [[information security]]. It aims to ensure that security processes in any organization are implemented so as to operate at a level consistent with that organization’s business requirements. O-ISM3 defines a comprehensive but manageable number of information security processes sufficient for the needs of most organizations, with the relevant security control(s) being identified within each process as an essential subset of that process. <ref>O-ISM3 v2.0 2018 p6</ref> == History == ~~{{Underlinked\|date=February 2017}}~~ The original motivation behind O-ISM3 development was to narrow the gap between theory and practice for information security management systems, and the trigger was the idea of linking security management and maturity models. O-ISM3 strove to keep clear of a number of pitfalls with previous approaches.<ref name="mikko">Siponen, Mikko (2002-08-24). Designing Secure Information Systems and Software: Critical evaluation of the existing approaches and a new paradigm. ''OULU 2002'', 24 August 2002. Retrieved from http://jultika.oulu.fi/files/isbn9514267907.pdf.</ref> The ~~original~~{{cite motivation behind O-ISM3 development was to narrow the gap between theory and practice for information security management systems, and the trigger was the idea of linking security management and maturity models. O-ISM3 strove to keep clear of the pitfalls pointed out in the article [httpweb\|url=https://~~jultika~~www.~~oulu~~opengroup.fiorg/~~files~~forum/~~isbn9514267907.pdf Designing Secure Information Systems and software: Critical Evaluation of the Existing Approaches and a New Paradigm ] by Mikko Siponen. The~~ security/infosecmanagement\|title=project}} looked at [[Capability Maturity Model Integration]], [[ISO 9000]], [[COBIT]], [[ITIL]], [[ISO/IEC 27001:2013]], and other standards, and found some potential for improvement in several fields, such as linking security to business needs, using a process based approach, providing some additional details (who, what, why) for implementation, and suggesting specific metrics, while preserving compatibility with ~~current~~the most popular IT and security management standards.▼ '''The Open Group Architecture Framework''' ('''O-ISM3''') is an Information Security Management Framework that provides an approach for designing, planning, implementing, and governing information security management systems. == Availability == ▲The original motivation behind O-ISM3 development was to narrow the gap between theory and practice for information security management systems, and the trigger was the idea of linking security management and maturity models. O-ISM3 strove to keep clear of the pitfalls pointed out in the article [http://jultika.oulu.fi/files/isbn9514267907.pdf Designing Secure Information Systems and software: Critical Evaluation of the Existing Approaches and a New Paradigm ] by Mikko Siponen. The project looked at [[Capability Maturity Model Integration]], [[ISO 9000]], [[COBIT]], [[ITIL]], [[ISO/IEC 27001:2013]], and other standards, and found some potential for improvement in several fields, such as linking security to business needs, using a process based approach, providing some additional details (who, what, why) for implementation and suggesting specific metrics, while preserving compatibility with current IT and security management standards. The Open Group provides the standard {{cite web\|url=https://publications.opengroup.org/c17b\|title=O-ISM3 v.20}} free of charge. == References == ~~[[The Open Group]] provides O-ISM3 free of charge to organisations for their own internal noncommercial purposes.~~ {{reflist\|1}} {{Open Group standards}} ~~== External links ==~~ ~~{{commons category\|O-ISM3}}~~ http://www.ism3.com/ [https://www2.opengroup.org/ogsys/catalog/C102 O-ISM3 Online] [[Category:Data security]] ~~[[Category:Computer security]]~~ [[Category:Security]] [[Category:Information governance]]