Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Management
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

New Information Security Management Standard

from [Vicente Aceituno] Network Security [Permanent Link]
Subject: New Information Security Management Standard
Date: 2 Sep 2004 10:24:33 -0000 


The publication of ISM3 (Information Security Management Maturity Model) offers 
a new approach to information security management (ISM) systems.  Arising from 
the perceived contrast between ISO9000 (around 350,000 certified organisations 
worldwide) and BS7799-2:2002 (only a few hundred certified organisations 
worldwide), ISM3 is intended to fill the need for a simple and widely 
applicable quality standard for ISM systems. ISM3 provides a framework for ISM 
that can be used both at an entry level by small organisations and at a 
sophisticated level by major organisations as part of their governance and 
information assurance processes. 

Like other ISECOM standards, ISM3 is provided under an open source licence, has 
a gentle learning curve and could be used to strengthen ISM systems in 
organisations using standards such as COBIT, ITIL, CMMI and ISO17799. It is 
structured into maturity levels, so that organisations can choose an 
appropriate level for their business and move in stages towards it. It is also 
a quality standard, based on the idea of ?say what you do, and do what you say?.

Instead of placing exclusive reliance on expensive risk analysis methods that 
form a major barrier to ISM roll-out, ISM3 follows a simple qualitative 
approach, starting by analysing the business requirements for security. It 
allows a business to build upon its existing security infrastructure, 
strengthening it through a quality management process, and achieving certified 
maturity levels or milestones as the ISM system develops.

It uses a management model to distinguish operational security tasks that 
prevent and mitigate incidents from strategic and tactical tasks that identify 
assets to protect, security measures to employ and resources to commit. A 
certification process is described that allows an organisation to self-score 
its maturity level or to obtain evidence-based accreditation from an external 
assessor.

ISM3 is freely available at: http://www.isecom.org/projects/ism3.shtml

The Institute for Security and Open Methodologies (ISECOM) is a non-profit, 
international, research initiative dedicated to defining technical and ethical 
standards in information security and business integrity testing since January 
2001. The team is comprised of international volunteers and assisted by an 
accomplished international board of directors, advisors and regional manager.

Vicente Aceituno, the creator of ISM3, is an information security writer, 
speaker and consultant. His first book ?Information Security? was published 
recently.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • New Information Security Management Standard, Vicente Aceituno <=
Next by Date:  What is Info Sec Chain, K Murali
Next by Thread:  What is Info Sec Chain, K Murali
Indexes:  [Date] [Thread] [Top] [All Lists]