martes, 17 de julio de 2012

Optimizing ISO/IEC 27001 using O-ISM3 (Free PDF)

This Guide is aimed at users of the well-established ISO/IEC 27001 Information Security Management Standard, to explain how The Open Group O-ISM3 Standard (C102) complements and extends ISO/IEC 27001 by adding further security management controls and applying security performance metrics. 

These extend the capability of the ISO/IEC 27001 Information Security Management System (ISMS) so that it will deliver specific measurements on ISMS performance against target business security objectives, so optimizing informed decision-making on cost-effective ISMS investment that aligns with an organization's business objectives.

Bibliographic Details
Catalog number G125
US ISBN 1-937218-12-6

jul 2012

85 pages

See also C102 Open Information Security Management Maturity Model (O-ISM3) 18 feb 2011

1  Introduction
2  Overview
2.1  Management of Security
2.2  ISO/IEC 27001
2.3  O-ISM3
2.4  ISO/IEC 27001 and O-ISM3 
2.5  Compatibility of O-ISM3 with ISO/IEC 27001
2.6  Compatibility with CobiT, ITIL, and ISO 9000 
2.6.1  CobiT 
2.6.2  ITIL 
2.6.3  ISO 9000
2.7  Security Control Objectives 
2.8  The Importance of Metrics 
3  Difference in Approach
3.1  Security Objectives 
3.2  Process versus Control Approach 
3.3  Benefits of O -ISM3 when Implementing ISO/IEC 27001
4  Mapping O-ISM3 with ISO/IEC 27001 
4.1  ISO/IEC 27001 Controls Mapped to O-ISM3 Processes
4.2  O-ISM3 Processes Mapped to ISO/IEC 27001 Controls
4.3  Equivalence between some ISO/IEC 27001 and O-ISM3 Terms

View/download this publication

(requiere registro)

No hay comentarios: