The Open Information Security Management Maturity Model (O-ISM3) is The Open Group framework for managing information security and was developed in conjuncture with the ISM3 Consortium. O-ISM3 aims to ensure that security processes operate at a level consistent with business requirements. O-ISM3 is technology-neutral and focuses on the common processes of information security which most organizations share. As well as complementing the TOGAF model for enterprise architecture, O-ISM3 defines operational metrics and their allowable variances. Additional resources for O-ISM3 are available on the O-ISM3 website.
Standard
Guides
White Papers
- Information Security Management (O-ISM3, TOGAF®, and SABSA®)
- Information Security Management (20 CSC)
Webinars
- Information Security Strategy
- An Introduction to O-ISM3
- O-ISM3 Implementation and Case Study
- Deep Dive on O-ISM3 – Tactical-Specific Processes Overview
- Deep Dive on O-ISM3 – Process Model, Generic Processes, and Strategic-Specific Processes
- Deep Dive on O-ISM3 – Business Context and Security Concepts
