Optimizing ISO/IEC 27001 using O-ISM3

Ready?

The Open Group published a guide entitled Optimizing ISO/IEC 27001:2013 using O-ISM3 that will be of interest to organizations interested in taking ISO27001:2013 ISMS to higher maturity levels.

O-ISM3 brings continuous improvement to information security management, and it provides a framework for security decision-making that is top down in nature, where security controls, security objectives, and spending decisions are driven by (and aligned with) business objectives. We have for some time now heard from information security managers that they would like a resource aimed at showing how the O-ISM3 standard could be used in managing information security alongside ISO27001/27002.

This new guide provides specific guidance on this topic. We view this as an important resource, for the following reasons:

  • O-ISM3 complements ISO27001/2 by adding the "how" dimension to information security management.
  • O-ISM3 uses a process-oriented approach, defining inputs and outputs, and allowing for evaluation by process-specific metrics.
  • O-ISM3 provides a framework for continuous improvement of information security processes Some of the specific guidance to be found in the guide include these items:
  • Maps O-ISM3 and ISO27001 security objectives.
  • Maps ISO27001/27002 controls and documents to O-ISM3 security processes, documents, and outputs.
  • Provides a critical linkage between the controls-based approach found in ISO27001, to the process-based approach found in O-ISM3.

If you have interest in information security management, we encourage you to have a look at Optimizing ISO/IEC 27001:2013 using O-ISM3.

and:

If you liked this article, consider taking advanced ISMS training online via Udemy, it is rated 8.2 in Coursemarks

Using O-ISM3 with TOGAF

Links

In order to prevent duplication of work and maximize the value provided by the Enterprise Architecture and Information Security discipline, it is necessary to find ways to communicate and take advantage from each other’s work. We have been examining the relationship between O-ISM3 and TOGAF®, both Open Group standards, and have found that, terminology differences aside, there are quite a number of ways to use these two standards together. We’d like to share our findings with The Open Group’s audience of Enterprise Architects, IT professionals, and Security Architects in this article.

If you liked this article, consider taking advanced ISMS training online via Udemy, it is rated 8.2 in Coursemarks

SABSA mapped to O-ISM3

Enterprise Architecture is a very effective approach to understand with detail how the success of an organisation depends on Information Technology. In order to leverage the use of SABSA and TOGAF, The Open Group recently published Combining The Open Group Standards, O-ISM3 and TOGAF®, with the SABSA® Framework

In order to help SABSA and O-ISM3 practitioners use both standard we published this mapping of both standards:

If you liked this article, consider taking advanced ISMS training online via Udemy, it is rated 8.2 in Coursemarks

Pages