Ten ways ISMS fail

Fail

These are symptoms that you need O-ISM3 SECBOK because your ISMS is failing:

  1. When certain people go on leave or get sick, performance is affected.
  2. Audits are painful and it takes a significant effort to pass successfully.
  3. Changes in the ways things are done are difficult and slow to implement.
  4. The same errors are made over and over again.
  5. More than 20% of the time of the team is used trying to determine what to do or how to do it.
  6. It is no infrequent to enter discussions with other teams about who is responsible for what.
  7. The available Metrics do not reflect the performance of the team or the level of security.
  8. Magic bullets are tried by management on a monthly basis and forgotten shortly after.
  9. New workflow software was supposed to solve all management issues. Instead, it has introduced issues of its own.
  10. Your ISMS is certified, but you are conscious that this wouldn't prevent a serious incident from happening.

If you have any of this symptoms, I would love to show you how O-ISM3 SECBOK could help you getting rid of all of them...

Information Security Management Principles in a Nutshell

  • Security is an emergent property of people using information/information systems. Therefore, security in inherently dependent of this context.
  • It is possible to determine what people expect from information/information systems.
  • It is possible to increase the likelihood of security expectations by using appropriate tools and processes.
  • An incident by definition is any instance of a security expectation of a user being failed.
  • Lessons learnt from Incidents must be used to improve tools and processes. The same type of incident should never happen twice.
  • The cost of tools and processes must be proportionate to the cost of the incidents they protect from.
  • Incidents should be prevented using two or more complementary tools and processes. This should eliminate single points of failure.
  • Protection and Monitoring should be performed at the highest abstraction level possible, thus protecting from business significant incidents. (Protect the pound, not the byte.)

Download the new O-ISM3 v2.0 today!

O-ISM3 is a Standard method published by The Open Group. It is the only Standard that introduces the use of short cycle continuous improvement in information security.

The main improvements are:

  • Improved definition of types of metrics and added guidance on how to use metrics.
  • Improved definition of maturity levels.
  • Improved definition of management practices.

Learn more:

Pages

Subscribe to Information Security Management using O-ISM3 RSS