Information Security Management
Standards for more effective enterprise security management
Information security management is a complex and challenging effort. Practitioners of enterprise security management require guidance and methodologies to make information security management more effective. The core information security management challenge is to demonstrate the return on security investments, e.g.:
- Are our investments in security technologies, products, and services actually reducing risk?
- Are we getting better at defending and protecting our corporate assets?
The Open Group Information Security Management Maturity Model (ISM3) project strives to continually improve information security management. Our goal is to further develop O-ISM3, and to establish it as an open industry standard.
Frameworks such as ISO27001/ISO27002, PCI DSS, NIST 800-53, and others can provide valuable information on best practices in information security management. O-ISM3 deploys a metrics-based approach to continually improve the frameworks and standards of information security management, and help organizations measure the effectiveness of their security processes and practices.
O-ISM3 facilitates a top-down approach to information security management, in which business objectives drive security objectives; those, objectives then guide security investment and decision-making.
Under the broad heading of information security management, The Open Group has a variety of ongoing initiatives and work groups to help practitioners better manage their security programs. These areas of focus include:
- Identity Management
- Access Control Management
- Compliance Automation
- Audit and Event Management (XDAS)
- Risk Management
- Trust Management
If your organization is not a member of The Open Group, please contact us to learn more about how to get involved.
