Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Raising The Bar: Security Comes of Age With O-ISM3: Page 2 of 2

Originally brought to the 350-member Open Group a couple of years ago, O-ISM3 is the result of more than six years of work and collaboration by the ISM3 Consortium and The Open Group's Security Forum. It focuses on common information security processes so operational metrics can be applied to security management processes and protection techniques.

Jim Hietala, Open Group VP of security, says there was a real void in terms of guidance of how you do continuous improvement. Existing standards like ISO 27002 give you a great set of process controls, he says, but they don't tell you how to manage those processes.

The O-ISM3 standard is the first formal deliverable in the information security management work program of The Open Group Security Forum. The forum is also currently building maturity models for O-ISM3 and expects to extend the program by developing certification programs for the standard

O-ISM3 is a very comprehensive, complex and "rigorous" framework, says Proctor, and not for small or midsize businesses. "This is for large enterprises [and service providers] with complex, complicated programs."

See more on this topic by subscribing to Network Computing Pro Reports Security: Wicked Innovation (subscription required).