|
Information Security Management Maturity Model |
|
ISM3 is a a framework for Information Security Management Systems. ISM3 looks at defining levels of security that are appropriate to the business mission and render a high return on investment. Latest ISM3 version Published April 2009
The ISM3 Consortium has published the print version of Information Security Management Maturity Model (ISM3) v2.3. The method has been updated with security management metrics proven in the field, and a new approach that defines security maturity objectively as a direct result of the metrics used to manage information security processes. The main novelties are: - Capability is not subjective any more. It depends on what types of metrics are used to manage every process. ISM3 is the first method that defines capability this way.
- Metric types are now 7 instead of 4. Activity, Unavailability,Scope, Load, Quality, Efficacy and Efficiency.
- GP-1 Document Management is updated to GP-1 Knowledge Management.
- TSP-6 Define environments and lifecycles is updated to TSP-6 Security Architecture
- OSP-23 Events Detection and Analysis is updated to OSP-23 Internal Events Detection and Analysis.
- New process OSP-28 External Events Detection and Analysis takes care of reputation, copyright violations and phishing.
- New process TSP-14 Information Operations includes intelligence andmisinformation.
- Maturity levels have been renamed as follows: Basic Level, SME Level, eCommerce Level, Enterprise Level and Military Level.
- Enhanced metric management guidance (Measurement-Interpretation-Investigation-Representation-Diagnosis)
Get ISM3 v2.3 here. ISM3 showcased at... Latest Articles and LinksTo learn more
|
