The Open Information Security Management Maturity Model (O-ISM3) is The Open Group framework for managing information security and was developed in conjuncture with the ISM3 Consortium. O-ISM3 aims to ensure that security processes operate at a level consistent with business requirements. O-ISM3 is technology-neutral and focuses on the common processes of information security which most organizations share. As well as complementing the TOGAF model for enterprise architecture, O-ISM3 defines operational metrics and their allowable variances. Additional resources for O-ISM3 are available on the O-ISM3 website.
Standard
Guides
White Papers
- Information Security Management (O-ISM3, TOGAF®, and SABSA®) *
- Information Security Management (20 CSC) †
Webinars
- Information Security Strategy
- An Introduction to O-ISM3
- O-ISM3 Implementation and Case Study
- Deep Dive on O-ISM3 – Tactical-Specific Processes Overview
- Deep Dive on O-ISM3 – Process Model, Generic Processes, and Strategic-Specific Processes
- Deep Dive on O-ISM3 – Business Context and Security Concepts
* denotes a document that has been archived, meaning that the contents remain sound and may be useful to inform future work but there are no plans to update the document.
† denotes a document that has been retired, meaning that the contents are historical and are unlikely to inform future work.