What is the Maturity of your ISMS?

Maturity is a measurement of the ability of an organisation for continuous improvement in a particular discipline (as defined in O-ISM3). The higher the maturity, the higher will be the chances that incidents or errors will lead to improvements either in the quality or in the use of the resources of the discipline as implemented by the organisation. Find out what is the maturity of your ISMS with five simple questions. (In order to make it easier you can download free of charge the Maturity Assessment Tool)
. I mapped the Cobit, CMMI and O-ISM3 Maturity and Capability levels in this document:

And you can learn more about Maturity and Capability in this presentation:

The CIA triad is not helping you as much as you think

There are multiple reasons for this:

  • The triad is incomplete. This leads to information security goals being overlooked.
  • The triad is ambiguous. (Not based on an operational definitions). This makes of communication of information security goals difficult or even impossible. A video on the same.
  • There is no agreement on the triad definition. (Page 4), This leads to communication barriers and undesirable variance in performance. Quite a few alternatives have arisen.
  • The three reasons above have been proven by falsification.
  • You can't use the triad to measure security. This prevent the triad from being used to manage security, there are other ways to measure security.
  • The triad is not a triad. Check slide 32.
  • Read even more about in the ISSA Journal.

Luckily, THERE IS AN ALTERNATIVE, summarised in this funny video, or this other funny video with the Cookie Monster.

If you still believe the CIA triad is correct or useful in any way, try passing the O-ISM3 Test.