New O-ISM3 version soon to be published

The new O-ISM3 version has been submitted for approval to the Security Forum of The Open Group. The main novelties of the new version are:

  • Improved definition of types of metrics
  • Added guidance on how to use metrics
  • Improved definition of maturity levels
  • Improved definition of management practices
  • Tweaks in some processes
  • Moved ISM3/ISO27001 guidance to a dedicated paper (already published)

What is the Maturity of your ISMS?

Maturity is a measurement of the ability of an organisation for continuous improvement in a particular discipline (as defined in O-ISM3). The higher the maturity, the higher will be the chances that incidents or errors will lead to improvements either in the quality or in the use of the resources of the discipline as implemented by the organisation. Find out what is the maturity of your ISMS with five simple questions. (In order to make it easier you can download free of charge the Maturity Assessment Tool)
. I mapped the Cobit, CMMI and O-ISM3 Maturity and Capability levels in this document:

And you can learn more about Maturity and Capability in this presentation:

The CIA triad is a waste of your time

There are multiple reasons for this:

Luckily, THERE IS AN ALTERNATIVE, summarised in this funny video, or this other funny video with the Cookie Monster.

If you still believe the CIA triad is correct or useful in any way, try passing the O-ISM3 Test.

Pages