The Open Group, a vendor-neutral and technology-neutral consortium, has released a new information security management standard, The Open Group Information Security Management Maturity Model (O-ISM3). The new model enables the creation of Information Security Management (ISM) systems that are fully aligned with a company's business mission and compliance needs regardless of size, context, and resources.

The new standard allows companies to prioritize and optimize investments in information security, as well as enable continuous improvement of ISM systems using defined metrics. O-ISM3 is compatible with other ISM industry standards, such as the ISO2700x series, ITIL and COBIT.

Intended to be a practical guide, O-ISM3 focuses on common information security processes that the majority of organizations share so operational metrics can be applied to security management processes and protection techniques. Using the standard, organizations can make more informed decisions about security investments through better alignment of security controls with key business objectives.

Information security management is one of The Open Group Security Forum's primary focuses, and the O-ISM3 standard is the first formal deliverable in its information security management work program. The Security Forum is also currently building maturity models for O-ISM3 and expects to extend the program by developing certification programs for the standard. 

O-ISM3 is available for complimentary download here. Additionally, the Open Group will host a series of informative webcasts on the new O-ISM standard. Registration details may be found here.