Information Security Management Maturity Model

ISM3 is a a framework for Information Security Management Systems. ISM3 looks at defining levels of security that are appropriate to the business mission and render a high return on investment.

Latest ISM3 version Published

The new and improved ISM3 v2.10 is now available in printed form

Improvements over v2.00:

New risk assessment method, ISM3-RA based on ISM3 concepts;
New Outsourcing and Service Level Agreement guidelines;
Quarantine techniques have been added;
New graphics;
Updated Processes, References and Definitions.

ISM3 showcased at...

VIII Jornada Nacional de Seguridad Informática 18-20 June 2008 - Juan Carlos Reyes, Seltika.
ISACA Winnipeg November Security Management Conference 6th of November 2007 - Anthony B. Nelson, ESTEC.
OWASP Security Summit 25th of October 2007 - Mahi Dontamsetti, M3-Security.
Comtec, 22nd of May 2007 (Session BI – 210) - Mahi Dontamsetti, M3-Security.

Latest Articles and Links

Usefulness of an Information Security Management Maturity Model March 2008 Article

To learn more

Check About ISM3;
Get the ISM3 v2.00 HandBook or the Full version;
or read the Mailing List Archives.