This Guide is aimed at users of the well-established ISO/IEC 27001
Information Security Management Standard, to explain how The Open Group
O-ISM3 Standard (C102) complements and extends ISO/IEC 27001 by adding
further security management controls and applying security performance
metrics.
These extend the capability of the ISO/IEC 27001 Information
Security Management System (ISMS) so that it will deliver specific
measurements on ISMS performance against target business security
objectives, so optimizing informed decision-making on cost-effective
ISMS investment that aligns with an organization's business objectives.
Bibliographic Details
Catalog number G125
US ISBN 1-937218-12-6
jul 2012
85 pages
See also C102 Open Information Security Management Maturity Model (O-ISM3) 18 feb 2011
Contents
1 Introduction
2 Overview
2.1 Management of Security
2.2 ISO/IEC 27001
2.3 O-ISM3
2.4 ISO/IEC 27001 and O-ISM3
2.5 Compatibility of O-ISM3 with ISO/IEC 27001
2.6 Compatibility with CobiT, ITIL, and ISO 9000
2.6.1 CobiT
2.6.2 ITIL
2.6.3 ISO 9000
2.7 Security Control Objectives
2.8 The Importance of Metrics
3 Difference in Approach
3.1 Security Objectives
3.2 Process versus Control Approach
3.3 Benefits of O -ISM3 when Implementing ISO/IEC 27001
4 Mapping O-ISM3 with ISO/IEC 27001
4.1 ISO/IEC 27001 Controls Mapped to O-ISM3 Processes
4.2 O-ISM3 Processes Mapped to ISO/IEC 27001 Controls
4.3 Equivalence between some ISO/IEC 27001 and O-ISM3 Terms
(requiere registro)
No hay comentarios:
Publicar un comentario