Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.
O-ISM3
Open - Information Security
Management Maturity Model
O-ISM3 is an Information Security
Management Method
A method is the
complete definition
of how to make
repeatable a
complex activity
O-ISM3 is a Standard
+
+
+
O-ISM3 is Compatible
O-ISM3 is not about
Compliance
O-ISM3 is about
Results
Security Investment, Maturity Level & Risk
M
axim
um
Risk/N
o
Investm
entM
axim
um
RO
SI
M
inim
um
R
isk/M
axim
um
Investm...
Security Investment, Maturity Level & Risk
M
axim
um
Risk/N
o
Investm
entM
axim
um
RO
SI
M
inim
um
R
isk/M
axim
um
Investm...
O-ISM3 Metrics are built-in
 Activity.
 Scope.
 Efficacy.
 Efficiency.
Risk Assessment is not compulsory
Internal
Network
DMZ
Mobile
Users
Internal
Users
WiFi
Networks
Governance
Infrastructure...
O-ISM3 helps tuning: How much
security is enough?
Use case – Malware Management
 Use case – ISM3-less management
 Motivation: Clean viruses or your business will sink.
 ...
 Use Case – ISM3-style management
 Motivation: Unfortunately systems, specially Windows and malware prone.
We should inv...
 ISMS Method
 Standard published by The Open Group
 Compatible with ISO2700x, CobIT, ITIL, etc.
 Focus on results, not...
Information Security that makes
Business Sense
inovement.es/oism3
Web www.inovement.es
Video Blog youtube.com/user/vaceitu...
O-ISM3 Executive Summary
Nächste SlideShare
Wird geladen in …5
×

O-ISM3 Executive Summary

7.413 Aufrufe

Veröffentlicht am

Veröffentlicht in: Technologie
  • ACCESS that WEBSITE Over for All Ebooks (Unlimited) ......................................................................................................................... DOWNLOAD FULL PDF EBOOK here { http://bit.ly/2m6jJ5M } ......................................................................................................................... DOWNLOAD FULL EPUB Ebook here { http://bit.ly/2m6jJ5M } ......................................................................................................................... Download Full PDF EBOOK here { http://bit.ly/2m6jJ5M } ......................................................................................................................... Download EPUB Ebook here { http://bit.ly/2m6jJ5M }
       Antworten 
    Sind Sie sicher, dass Sie …  Ja  Nein
    Ihre Nachricht erscheint hier

O-ISM3 Executive Summary

  1. 1. O-ISM3 Open - Information Security Management Maturity Model
  2. 2. O-ISM3 is an Information Security Management Method
  3. 3. A method is the complete definition of how to make repeatable a complex activity
  4. 4. O-ISM3 is a Standard
  5. 5. + + + O-ISM3 is Compatible
  6. 6. O-ISM3 is not about Compliance
  7. 7. O-ISM3 is about Results
  8. 8. Security Investment, Maturity Level & Risk M axim um Risk/N o Investm entM axim um RO SI M inim um R isk/M axim um Investm ent Security Investment Risk Risk Reduction/ Additional Security Investment O-ISM3 has Maturity Levels…
  9. 9. Security Investment, Maturity Level & Risk M axim um Risk/N o Investm entM axim um RO SI M inim um R isk/M axim um Investm ent Security Investment Risk Risk Reduction/ Additional Security Investment … in order to cater for different requirements and resources
  10. 10. O-ISM3 Metrics are built-in  Activity.  Scope.  Efficacy.  Efficiency.
  11. 11. Risk Assessment is not compulsory Internal Network DMZ Mobile Users Internal Users WiFi Networks Governance Infrastructure Human Resources Production Logistics Administration IT Advertising Research Procurement Sales Business Intelligence Financing/ Accounting Maintenance Relationships Legal
  12. 12. O-ISM3 helps tuning: How much security is enough?
  13. 13. Use case – Malware Management  Use case – ISM3-less management  Motivation: Clean viruses or your business will sink.  Objective: No system should get a virus ever  Activity: Install antivirus on personal computers, servers, mail servers, add antivirus functionality to firewalls, add antispyware, antitrojan, antirookit to the mix.  Policy: Prevent any USB, DVD, to touch any company system without being searched for viruses.  Success criterion: When no system gets ever a virus.  Continuous improvement: Add more antimalware controls (Tripwire, CORE, etc)
  14. 14.  Use Case – ISM3-style management  Motivation: Unfortunately systems, specially Windows and malware prone. We should invest proportionally to the damage they can make.  Goal: Systems should accomplish their business role with or without malware.  Activity: Install antimalware in vulnerable systems. Measure activity, scope, update and availability of antimalware. Consider other measures, like using less malware prone systems.  Policy: Use in every system the antimalware protection that will detect malware and prevent the system from failing to play its business role.  Success criterion: When protected system play their business role without interruption or degradation.  Continuous improvement: Use metrics to improve the antimalware protection and use those with better effectively and ROI. Use case – Malware Management
  15. 15.  ISMS Method  Standard published by The Open Group  Compatible with ISO2700x, CobIT, ITIL, etc.  Focus on results, not on compliance.  Maturity Levels adapt to different resources and requirements.  Uses Processes instead of Controls.  Metrics are included, they don't need to be developed anew.  Risk Assessment is optional.  Security objectives and targets help handling: How much security is enough? Summary
  16. 16. Information Security that makes Business Sense inovement.es/oism3 Web www.inovement.es Video Blog youtube.com/user/vaceituno Blog ism3.com Twitter twitter.com/vaceituno Presentations slideshare.net/vaceituno/presentations Articles slideshare.net/vaceituno/documents

×