Download ISM3 here. New "Enhancing ISO27001 with ISM3" course.
 

 

  

Subscribe to the ism3 mail list     

 ISM3, a standard for advanced information security management
   

The Information Security Management Maturity Model (ISM3, or ISM-cubed) offers a practical and efficient approach for specifying, implementing and evaluating process-oriented information security management (ISM) systems.

ISM3 aims to:

  • Enable the creation of ISM systems that are fully aligned with the business mission.
  • Be applicable to any organization regardless of size, context and resources.
  • Enable organisations to prioritize and optimize their investment in information security.
  • Enable continuous improvement of ISM systems.
  • Support the outsourcing of security processes.

ISM3 is compatible with the implementation and use of ITIL, ISO9001, Cobit and ISO27001. This compatibility protects the existing investment in ISM systems when they are enhanced using ISM3. ISM3 based ISM systems are themselves accreditable, giving organisations an objective means of measuring and advertising their progress with information security management.

The management discipline and internal control framework required by ISM3 assists compliance with corporate governance law.