Skip to main content

Information Security Management

The Open Information Security Management Maturity Model (O-ISM3) is The Open Group framework for managing information security and was developed in conjuncture with the ISM3 Consortium. O-ISM3 aims to ensure that security processes operate at a level consistent with business requirements. O-ISM3 is technology-neutral and focuses on the common processes of information security which most organizations share. As well as complementing the TOGAF model for enterprise architecture, O-ISM3 defines operational metrics and their allowable variances. Additional resources for O-ISM3 are available on the O-ISM3 website.




White Papers



* denotes a document that has been archived, meaning that the contents remain sound and may be useful to inform future work but there are no plans to update the document.

† denotes a document that has been retired, meaning that the contents are historical and are unlikely to inform future work.


Return to Security Forum