Revision as of 12:40, 7 April 2018 edit Nat965 (talk \| contribs) Autopatrolled, Extended confirmed users 81,163 edits →top: Apply Gen fix(es), removed underlinked tag using AWB ← Previous edit		Revision as of 17:25, 14 July 2018 edit undo 2600:1008:b108:86d9:441:1c3c:295:70e1 (talk) wiki style; minor clarif; ref req Next edit →
Line 1: {{multiple issues\| {{more footnotes\|date=September 2017}} {{refimprove}} {{expert}} }} ''The Open Group information security management maturity model' ('''O-ISM3''') is an Information Security Management Framework that provides an approach for designing, planning, implementing, and governing information security management systems.{{fact}}▼ ==History== ▲''The Open Group information security management maturity model' ('''O-ISM3''') is an Information Security Management Framework that provides an approach for designing, planning, implementing, and governing information security management systems. The original motivation behind O-ISM3 development was to narrow the gap between theory and practice for information security management systems, and the trigger was the idea of linking security management and maturity models. O-ISM3 strove to keep clear of a number of pitfalls with previous approaches.<ref name="mikko">Siponen, Mikko (2002-08-24). Designing Secure Information Systems and Software: Critical evaluation of the existing approaches and a new paradigm. ''OULU 2002'', 24 August 2002. Retrieved from http://jultika.oulu.fi/files/isbn9514267907.pdf.</ref> The original motivation behind O-ISM3 development was to narrow the gap between theory and practice for information security management systems, and the trigger was the idea of linking security management and maturity models. O-ISM3 strove to keep clear of the pitfalls pointed out in the article [http://jultika.oulu.fi/files/isbn9514267907.pdf Designing Secure Information Systems and software: Critical Evaluation's of the Existing Approaches and a New Paradigm ] by Mikko Siponen. The project looked at [[Capability Maturity Model Integration]], [[ISO 9000]], [[COBIT]], [[ITIL]], [[ISO/IEC 27001:2013]], and other standards, and found some potential for improvement in several fields, such as linking security to business needs, using a process based approach, providing some additional details (who, what, why) for implementation and suggesting specific metrics, while preserving compatibility with current IT and security management standards.{{fact}} ==Availability== [[The Open Group]] provides O-ISM3 free of charge to organisations for their own internal noncommercial purposes.{{fact}} ==See also== ==References== {{reflist\|1}} ==Bibliography== == External links ==

Open Information Security Management Maturity Model: Difference between revisions