- O-ISM3
-
Articles
- Ten ways ISMS fail
- How can you Measure how Secret a Secret is?
- What is the Maturity of your ISMS?
- Risk, Investment and Maturity
- Compliance vs Continuous Improvement
- A primer in Metrics driven Process Management
- Process Management with Security Metrics
- Measuring Security
- Beyond Authentication, Authorization and Accounting
- Return On Security Investment
- Standards, standards, standards, Are they any good?
-
by Vicente Aceituno Canal
- Slideshare
- Youtube
- Youtube (Spanish)
- Contact
-
Foundations
- Ask Smart Questions to Set Security Service Levels
- Can you pass the O-ISM3 Test?
- The CIA triad is not helping you as much as you think
- Advanced Classification of Information
- Security Foundations Series: Secrecy
- Security Foundations Series: Privacy
- Security Foundations Series: Availability
- Security Foundations Series: Expiration
- Security Foundations Series: Retention
- Security Foundations Series: Quality
- Security Foundations Series: Compliance
- Security Foundations Series: Technical Objectives
- Security Foundations Series: Intellectual Property you Own
- Security Foundations Series: Intellectual Property you Use
- What is an Operational, Positive Definition of Security
- Operational Definitions for Security
- Information Assurance Markup Language
- Security Quarks help communicate with non IT people
- Security Quarks and the Cookie Monster
- Information Security Paradigms
O-ISM3 Resources
O-ISM3 v2.0
Download the PDF edition of O-ISM3 (Free with Registration): O-ISM3 at The Open Group
O-ISM3 v1.0
Download the PDF edition of O-ISM3 (Free with Registration): O-ISM3 at The Open Group
Download the PDF edition of O-ISM3 (Free with Registration): O-ISM3 via ComputerWeekly
Download the PDF edition of O-ISM3 (Free): O-ISM3
Print edition: O-ISM3 at Van Haren's
Google Books edition: O-ISM3 at Google Play
Kindle edition: O-ISM3 at Amazon
Review by C. Paidhrin: "As an IT Security manager, I'm driven by divergent priorities and demands. Having O-ISM3 on my Kindle, as a ready reference, helps me to maintain focus on what aligns with better practices. Every value-add service should have an associated maturity model. O-ISM3 is a respectable alternative to COBIT5, though I use COBIT5, and it aligns well with ITIL--the essential IT service delivery framework. There is no better, or more clear a maturity model for the price."
Education
Compatiblity
- Combining The Open Group Standards, O-ISM3 and TOGAF®, with the SABSA® Framework
- Optimizing ISO/IEC 27001 using O-ISM3
- Using the O-ISM3 Standard with the CPNI 20 Critical Security Controls (CSC) for Effective Cyber Defense
- Using The Open Group Standards – O-ISM3 with TOGAF®
Success Cases
Articles
- Usefulness of an Information Security Maturity Model, ISACA Control Journal, 2008
- The Information Security Assurance Markup Language in the Computer Society of India Newsletter, August 2007
- Security Metrics for Information Security Management in the ENISA Quarterly, July 2007
- Return on Security Investment in the ISSA Journal, December 2006
- ISM3: A Standard for Information Security Management in the ISSA Journal, October 2006
- On Information Security Paradigms in the ISSA Journal, September 2005
Presentations:
- Compliance vs Continuous Improvement
- O-ISM3 Risk Management
- A Revolution in Security: ISM evolution with O-ISM3
- Measuring the Right Things Right for the Right Reasons
- Security Management Metrics
- Metrics and Maturity
- ISO27001 and O-ISM3
- Events Logging Markup Language
- Madurez de Procesos de Seguridad (Spanish)
- Aseguramiento de Aplicaciones (Spanish)
- Uso de O-ISM3 en Bankia (Spanish)
Audio
Community