The Open Information Security Management Maturity Model (O-ISM3) is The Open Group framework for managing information security and was developed in conjuncture with the ISM3 Consortium. O-ISM3 aims to ensure that security processes operate at a level consistent with business requirements. O-ISM3 is technology-neutral and focuses on the common processes of information security which most organizations share. As well as complementing the TOGAF model for enterprise architecture, O-ISM3 defines operational metrics and their allowable variances. Additional resources for O-ISM3 are available on the O-ISM3 website.

Standard

• Open Information Security Management Maturity Model (O-ISM3)

Guides

• Optimizing ISO/IEC 27001:2013 using O-ISM3
• Manager’s Guide to Information Security †

White Papers

• Information Security Management (O-ISM3, TOGAF®, and SABSA®) *
• Information Security Management (20 CSC) †

Webinars

• Information Security Strategy
• An Introduction to O-ISM3
• O-ISM3 Implementation and Case Study
• Deep Dive on O-ISM3 – Tactical-Specific Processes Overview
• Deep Dive on O-ISM3 – Process Model, Generic Processes, and Strategic-Specific Processes
• Deep Dive on O-ISM3 – Business Context and Security Concepts

* denotes a document that has been archived, meaning that the contents remain sound and may be useful to inform future work but there are no plans to update the document.

† denotes a document that has been retired, meaning that the contents are historical and are unlikely to inform future work.

Return to Security Forum