Versi per a telfons mbils

L'home dibuixatL’home dibuixat

«Jo sóc l'home dibuixat, el que no té carn ni cos.
D'homes dibuixats com jo se n'aprofiten els grans»
Jaume Sisa - L'home dibuixat
SeguretatCriptografiaAnàlisi ForenseMalwarePrivadesa *EinesGadgetsInternetLinuxWindows *Telèfons mòbils *CiènciaCultura *Fotobloc
« « Eina: dradisCalendari 2009 de tradicions i costums » »

Information Security Management Maturity Model

  — Classificat com a: Informes, SeguretatComentari (0) — Lectures: 0
2 febrer 2009

ISM3, metodologia que amplia els principis de qualitat de la ISO 9001 per la gestió dels sistemes de seguretat de la informació.

Under ISM3, the common processes of information security are formally described, given performance targets and metrics, and used to build a quality assured process framework.  Performance targets are unique to each implementation and depend upon business requirements and resources available.  Altogether, the performance targets for security become the Information Security Policy.  The emphasis on the practical and the measurable is what makes ISM3 unusual, and the approach ensures that ISM systems adapt without re-engineering in the face of changes to technology and risk.

Implementations of ISM3 are compatible with ISO27001 (Information Security Management Systems – Requirements), which establishes control objectives for each process.  Implementations use management responsibilities framework akin to the IT Governance Institute's CobIT framework model, which describes best practice in the parent field of IT service management. ITIL users can employ ISM3 process orientation to strengthen ITIL security process seamlessly. Using ISM3 style metrics, objectives and targets it is possible to create measurable Service Level Agreements for  outsourced security processes.

ISM3 describes five basic ISM system configurations, equivalent to maturity levels, and these are used to help organisations choose the scale of ISM system most appropriate to their needs.  The maturity spectrum relates cost, risk and threat reduction and enables incremental improvement, benchmarking and long term targets.

ISM3 systems and products are accreditable through the ISM3 Consortium, and it is the intention of the ISM3 Consortium to strengthen linkages and compatibility with existing ISO standards, so that existing investment in ISM systems is protected as ISM systems are improved.

In summary, ISM3 aims to:

  • Enable the creation of ISM systems that are fully aligned with the business mission and compliance needs.
  • Be applicable to any organization regardless of size, context and resources.
  • Enable organisations to prioritize and optimize their investment in information security.
  • Enable continuous improvement of ISM systems using metrics.
  • Support the outsourcing of security processes.
Publicitat

No hi ha comentaris »

Encara no hi ha comentaris.

Subscripció RSS als comentaris de l'entrada. URL per a retroenllaç

Deixa un comentari

 

Switch to our mobile site