Open Information Security Management Maturity Model
This article includes a list of general references, but it lacks sufficient corresponding inline citations. (September 2017) |
This article needs more links to other articles to help integrate it into the encyclopedia. (February 2017) |
The Open Group information security management maturity model' (O-ISM3) is an Information Security Management Framework that provides an approach for designing, planning, implementing, and governing information security management systems.
The original motivation behind O-ISM3 development was to narrow the gap between theory and practice for information security management systems, and the trigger was the idea of linking security management and maturity models. O-ISM3 strove to keep clear of the pitfalls pointed out in the article Designing Secure Information Systems and software: Critical Evaluation of the Existing Approaches and a New Paradigm by Mikko Siponen. The project looked at Capability Maturity Model Integration, ISO 9000, COBIT, ITIL, ISO/IEC 27001:2013, and other standards, and found some potential for improvement in several fields, such as linking security to business needs, using a process based approach, providing some additional details (who, what, why) for implementation and suggesting specific metrics, while preserving compatibility with current IT and security management standards.
The Open Group provides O-ISM3 free of charge to organisations for their own internal noncommercial purposes.