References

ISMS and Security Related Links

• ISM Community
  
• IT Compliance Institute
• OCEG
• MITRE
  
• IT Governance Institute
  
• IT Process Institute
• CERIAS
• CEE Log Standard
• ISMS Forum Spain
• ISO27001-ES
• Comunidade ISMS-PT
  

ISM3 Related Methodologies and Certifications

• AEDI CAYSER
• CIS
• CRAMM
• DCSSI EBIOS
  
• ISSA GAISP
• ISO 9001:2000
• MAP MAGERIT
• CLUSIF MEHARI
• NSA Security Configuration Guides
• NIST RBAC
• SSE-CMM
• OIS SVRRP
• CERT OCTAVE
• ISECOM OSSTMM
• OWASP
• SEI P-CMM
• BSI BS ISO/IEC 27001 (or in Plain English )
  
• BSI BS ISO/IEC 27002 (or in Plain English )
• SEI CMMI
• ISACA COBIT
• EA 7/03
• ISO 13335
• ISO 19011:2002
• ITSM, ITIL
• NIST SP800-53
• NIST SP800-55

ISM3 Referenced Papers

• Towards maturity of information maturity criteria: six lessons learned from software quality criteria.
  Mikko Siponen, 2002.
• Designing secure information systems and software: Critical evaluation of the existing approaches and a new paradigm.Mikko Siponen, 2002.
• Information Security Governance: Toward a Framework for Action.Business Software Alliance, 2003.
• CISWG Report of the Best Practices and Metrics Teams
• Federal Information Security Management Act 2002.
• CyberPartnerShip Information Governance
• University of New Haven "Mathematical Proofs of Mayfield's Paradox: A Fundamental Principle of Information Security"
• Carnegie Mellon University "The Survivability of Network Systems: An Empirical Analysis"